Merge pull request #623 from AikidoSec/realtime-e2e

Set AIKIDO_REALTIME_ENDPOINT for end2end tests

Author: hansott

end2end/server/app.js

@@ -8,6 +8,7 @@ const checkToken = require("./src/middleware/checkToken");
 const updateConfig = require("./src/handlers/updateConfig");
 const lists = require("./src/handlers/lists");
 const updateLists = require("./src/handlers/updateLists");
+const realtimeConfig = require("./src/handlers/realtimeConfig");
 
 const app = express();
 
@@ -18,6 +19,9 @@ app.use(express.json());
 app.get("/api/runtime/config", checkToken, config);
 app.post("/api/runtime/config", checkToken, updateConfig);
 
+// Realtime polling endpoint
+app.get("/config", checkToken, realtimeConfig);
+
 app.get("/api/runtime/events", checkToken, listEvents);
 app.post("/api/runtime/events", checkToken, captureEvent);
 

end2end/server/src/handlers/realtimeConfig.js

@@ -0,0 +1,14 @@
+const { getAppConfig } = require("../zen/config");
+
+module.exports = function realtimeConfig(req, res) {
+  if (!req.app) {
+    throw new Error("App is missing");
+  }
+
+  const config = getAppConfig(req.app);
+
+  res.json({
+    serviceId: req.app.serviceId,
+    configUpdatedAt: config.configUpdatedAt,
+  });
+};

end2end/tests/express-mongodb.ssrf.test.js

@@ -58,6 +58,7 @@ t.test("it blocks in blocking mode", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -156,6 +157,7 @@ t.test("it does not block in dry mode", (t) => {
       AIKIDO_DEBUG: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -214,6 +216,7 @@ t.test("it blocks request to base URL if proxy is not trusted", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
       AIKIDO_TRUST_PROXY: "false",
     },
   });

end2end/tests/hono-xml-allowlists.test.ts

@@ -78,6 +78,7 @@ t.test("it blocks non-allowed IP addresses", (t) => {
       AIKIDO_BLOCK: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 

end2end/tests/hono-xml-blocklists.test.js

@@ -59,6 +59,7 @@ t.test("it blocks geo restricted IPs", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -159,6 +160,7 @@ t.test("it blocks bots", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -253,6 +255,7 @@ t.test("it does not block bypass IP if in blocklist", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 

end2end/tests/hono-xml-monitored-lists.test.js

@@ -43,6 +43,7 @@ t.test("it does not block monitored IPs", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -109,6 +110,7 @@ t.test("it does not block monitored user agents", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 

end2end/tests/hono-xml-rate-limiting.test.js

@@ -50,6 +50,7 @@ t.test("it rate limits requests", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 
@@ -110,6 +111,7 @@ t.test("user rate limiting works", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
     },
   });
 

end2end/tests/nestjs-fastify-rate-limiting.test.js

@@ -61,6 +61,7 @@ t.test("it rate limits requests", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
       PORT: "4002",
     },
   });
@@ -123,6 +124,7 @@ t.test("user rate limiting works", (t) => {
       AIKIDO_BLOCKING: "true",
       AIKIDO_TOKEN: token,
       AIKIDO_ENDPOINT: testServerUrl,
+      AIKIDO_REALTIME_ENDPOINT: testServerUrl,
       PORT: "4003",
     },
   });