Skip to content

Commit b8bc8dd

Browse files
slack-watcherslack-watcher
committed
Update Attack to include user
1 parent aea48ea commit b8bc8dd

File tree

2 files changed

+14
-6
lines changed

2 files changed

+14
-6
lines changed

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/Attack.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
package dev.aikido.agent_api.vulnerabilities;
22

3+
import dev.aikido.agent_api.context.User;
4+
35
import java.util.Map;
46

57
public class Attack {
@@ -10,14 +12,16 @@ public class Attack {
1012
public final Map<String, String> metadata;
1113
public final String payload;
1214
public final String stack;
13-
public Attack(String op, Vulnerabilities.Vulnerability vulnerability, String source, String pathToPayload, Map<String, String> metadata, String payload, String stack) {
15+
public final User user;
16+
public Attack(String op, Vulnerabilities.Vulnerability vulnerability, String source, String pathToPayload, Map<String, String> metadata, String payload, String stack, User user) {
1417
this.operation = op;
1518
this.kind = vulnerability.getKind();
1619
this.source = source;
1720
this.pathToPayload = pathToPayload;
1821
this.metadata = metadata;
1922
this.payload = payload;
2023
this.stack = stack;
24+
this.user = user;
2125
}
2226

2327
@Override
@@ -30,6 +34,6 @@ public String toString() {
3034
", metadata=" + metadata +
3135
", payload='" + payload + '\'' +
3236
", stack='" + stack + '\'' +
33-
'}';
37+
", user=" + user.id() + '}';
3438
}
3539
}

agent_api/src/test/java/vulnerabilities/AttackTest.java

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package vulnerabilities;
22

3+
import dev.aikido.agent_api.context.User;
34
import dev.aikido.agent_api.vulnerabilities.Attack;
45
import dev.aikido.agent_api.vulnerabilities.Vulnerabilities;
56
import org.junit.jupiter.api.Test;
@@ -22,9 +23,10 @@ public void testAttackConstructor() {
2223
metadata.put("userId", "123");
2324
String payload = "SELECT * FROM users WHERE id = 1";
2425
String stack = "Stack trace here";
26+
User user = new User("id", "name", "1.1.1.1", 0);
2527

2628
// Act
27-
Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack);
29+
Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack, user);
2830

2931
// Assert
3032
assertEquals(operation, attack.operation);
@@ -34,8 +36,9 @@ public void testAttackConstructor() {
3436
assertEquals(metadata, attack.metadata);
3537
assertEquals(payload, attack.payload);
3638
assertEquals(stack, attack.stack);
39+
assertEquals(user, attack.user);
3740
assertEquals(
38-
"Attack{operation='SQL Injection', kind='sql_injection', source='User Input', pathToPayload='/api/vulnerable', metadata={userId=123}, payload='SELECT * FROM users WHERE id = 1', stack='Stack trace here'}",
41+
"Attack{operation='SQL Injection', kind='sql_injection', source='User Input', pathToPayload='/api/vulnerable', metadata={userId=123}, payload='SELECT * FROM users WHERE id = 1', stack='Stack trace here', user=id}",
3942
attack.toString()
4043
);
4144
}
@@ -50,9 +53,10 @@ public void testAttackWithEmptyMetadata() {
5053
Map<String, String> metadata = new HashMap<>(); // Empty metadata
5154
String payload = "<script>alert('XSS');</script>";
5255
String stack = "Stack trace here";
56+
User user = new User("123", "name", "1.1.1.1", 0);
5357

5458
// Act
55-
Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack);
59+
Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack, user);
5660

5761
// Assert
5862
assertEquals(operation, attack.operation);
@@ -63,7 +67,7 @@ public void testAttackWithEmptyMetadata() {
6367
assertEquals(payload, attack.payload);
6468
assertEquals(stack, attack.stack);
6569
assertEquals(
66-
"Attack{operation='XSS Attack', kind='sql_injection', source='User Input', pathToPayload='/api/vulnerable', metadata={}, payload='<script>alert('XSS');</script>', stack='Stack trace here'}",
70+
"Attack{operation='XSS Attack', kind='sql_injection', source='User Input', pathToPayload='/api/vulnerable', metadata={}, payload='<script>alert('XSS');</script>', stack='Stack trace here', user=123}",
6771
attack.toString()
6872
);
6973
}

0 commit comments

Comments
 (0)