search

openclarity / apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 
https://apiclarity.io
Apache License 2.0
498 stars 64 forks source link

BFLA Analyzer is not reporting BFLA violation #341

Closed amccormi closed 1 year ago

amccormi commented 1 year ago

What happened:

I enabled trace sampling for APIClarity in the helm chart then I started BFLA learning on one of my app APIs. I ran some app traffic, and then stopped BFLA learning. I went and marked one of the microservice interactions as "illegimate" (Sock Shop front-end service GET request to catalog API), and then generated more app traffic that should have triggered a BFLA violation. Nothing was reported, and no BFLA data is found.

What you expected to happen:

I expected to see a BFLA violation when the front-end service did a GET on the catalog API.

How to reproduce it (as minimally and precisely as possible):

Using Sock Shop, mark the GET catalog from front-end service as "illegimate" then run locust traffic to Sock Shop that will send some of those requests.

Are there any error messages in API Clarity logs?

time="2023-02-16T14:24:49Z" level=info msg="bfla synced for authz model" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/bfladetector.(learnAndDetectBFLA).commandsRunner" file="/build/backend/pkg/modules/internal/bfla/bfladetector/learn_and_detect_bfla.go:523" time="2023-02-16T14:24:49Z" level=info msg="stop learning applied successfully on api=1" func=github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla.httpHandler.PutAuthorizationModelApiIDLearningStop file="/build/backend/pkg/modules/internal/bfla/init.go:543" time="2023-02-16T14:24:49Z" level=debug msg="current state for api 1 is LEARNT" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/bfladetector.(learnAndDetectBFLA).checkBFLAState" file="/build/backend/pkg/modules/internal/bfla/bfladetector/learn_and_detect_bfla.go:336" time="2023-02-16T14:24:49Z" level=debug msg="current state for api 1 is LEARNT" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/bfladetector.(learnAndDetectBFLA).getState" file="/build/backend/pkg/modules/internal/bfla/bfladetector/learn_and_detect_bfla.go:971" time="2023-02-16T14:24:51Z" level=debug msg="nothing to update for module=bfla; apiID=1" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/recovery.(persister).persistAPIInfoAnnotations" file="/build/backend/pkg/modules/internal/bfla/recovery/state.go:158"

And then, all I get is this: time="2023-02-16T14:32:36Z" level=debug msg="nothing to update for module=bfla; apiID=1" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/recovery.(persister).persistAPIInfoAnnotations" file="/build/backend/pkg/modules/internal/bfla/recovery/state.go:158" time="2023-02-16T14:32:36Z" level=debug msg="Persisted 0 annotations" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/recovery.(persister).persistAPIInfoAnnotations" file="/build/backend/pkg/modules/internal/bfla/recovery/state.go:173" time="2023-02-16T14:32:36Z" level=debug msg="Acked 0 events; events: []" func="github.com/openclarity/apiclarity/backend/pkg/modules/internal/bfla/recovery.(*persister).persistAPIEventAnnotations" file="/build/backend/pkg/modules/internal/bfla/recovery/state.go:125"

Anything else we need to know?:

Could be related to https://github.com/openclarity/apiclarity/issues/340 as API traffic is not being recorded.

Environment:

APIClarity v0.14.2

gicont commented 1 year ago

In order to report a BFLA violation, the BFLA detection has to be in progress. Moreover, the release v0.14.4 allows to start the BFLA mode learing when trace sampling is disabled. An additional fix has been added to visualize the BFLA annotation for a specific event.