Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add changes to identify external traffic for infosec data publishing #24

Merged
merged 7 commits into from
Oct 28, 2024
Merged

Add changes to identify external traffic for infosec data publishing #24

merged 7 commits into from
Oct 28, 2024

Conversation

imesh94
Copy link
Contributor

@imesh94 imesh94 commented Oct 26, 2024
edited
Loading

Add changes to identify external traffic for infosec data publishing

Due to the multiple redirects happening in the /authorize call and internal traffic to endpoints like /authorize and /token, metrics data becomes inaccurate. This PR contains changes to identify external calls before publishing infosec endpoint data using a header that can be added to the external requests by the load balancer. Repetitive data publishing due to /authorize redirects is also stopped by checking for sessionDataKey query parameter.

Removing APIM side proxies defined for infosec endpoints will be sent in a separate PR.

Issue link: wso2/financial-services-accelerator#157

Doc Issue: Optional, link issue from documentation repository

Applicable Labels: Spec, product, version, type (specify requested labels)

Development Checklist

  1. Built complete solution with pull request in place.
  2. Ran checkstyle plugin with pull request in place.
  3. Ran Findbugs plugin with pull request in place.
  4. Ran FindSecurityBugs plugin and verified report.
  5. Formatted code according to WSO2 code style.
  6. Have you verify the PR does't commit any keys, passwords, tokens, usernames, or other secrets?
  7. Migration scripts written (if applicable).
  8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

  1. Written unit tests.
  2. Documented test scenarios(link available in guides).
  3. Written automation tests (link available in guides).
  4. Verified tests in multiple database environments (if applicable).
  5. Verified tests in multiple deployed specifications (if applicable).
  6. Tested with OBBI enabled (if applicable).
  7. Tested with specification regulatory conformance suites (if applicable).

Automation Test Details

Test Suite Test Script IDs
Integration Suite TCXXXXX, TCXXXX

Conformance Tests Details

Test Suite Name Test Suite Version Scenarios Result
Security Suite VX.X Foo, Bar Passed

Resources

Knowledge Base: https://sites.google.com/wso2.com/open-banking/

Guides: https://sites.google.com/wso2.com/open-banking/developer-guides

nirmal070125
nirmal070125 reviewed Oct 27, 2024
View reviewed changes
Copy link

@nirmal070125 nirmal070125 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to write a test case to handle the end-to-end scenario by mocking out the components?

@imesh94
Copy link
Contributor Author

imesh94 commented Oct 27, 2024

Is it possible to write a test case to handle the end-to-end scenario by mocking out the components?

Added in 81aef69

@anjuchamantha anjuchamantha merged commit 41255c1 into wso2:main Oct 28, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nirmal070125 nirmal070125 nirmal070125 left review comments

@anjuchamantha anjuchamantha anjuchamantha approved these changes

@aka4rKO aka4rKO aka4rKO approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@imesh94 @nirmal070125 @aka4rKO @anjuchamantha