From bfa9801d111c03f553ef4e12e13a9f658aac0f5e Mon Sep 17 00:00:00 2001 From: enforcers-unihub-application Date: Mon, 24 Feb 2025 11:49:45 +0200 Subject: [PATCH 1/5] gcr to gar mitigation --- .github/workflows/ci_e2e.yaml | 10 +++++----- .github/workflows/fuzzer.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci_e2e.yaml b/.github/workflows/ci_e2e.yaml index ff815d4c..f3e6a9bf 100644 --- a/.github/workflows/ci_e2e.yaml +++ b/.github/workflows/ci_e2e.yaml @@ -88,12 +88,12 @@ jobs: - name: Configure Docker credentials run: | - gcloud auth configure-docker gcr.io + gcloud auth configure-docker us-docker.pkg.dev - name: pull mock collector image run: | - docker pull gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ - docker tag gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ + docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ + docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG - name: deploy mock collector @@ -124,8 +124,8 @@ jobs: - name: pull enforcer tests image run: | - docker pull gcr.io/px-docker-repo/connecteam/enforcer-specs-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG && \ - docker tag gcr.io/px-docker-repo/connecteam/enforcer-specs-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG localhost:5001/enforcer-spec-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG && \ + docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/enforcer-specs-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG && \ + docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/enforcer-specs-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG localhost:5001/enforcer-spec-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG && \ docker push localhost:5001/enforcer-spec-tests:$ENFORCER_SPEC_TESTS_IMAGE_TAG - name: run enforcer tests diff --git a/.github/workflows/fuzzer.yaml b/.github/workflows/fuzzer.yaml index 555f0269..2b9b2a64 100644 --- a/.github/workflows/fuzzer.yaml +++ b/.github/workflows/fuzzer.yaml @@ -91,12 +91,12 @@ jobs: - name: Configure Docker credentials run: | - gcloud auth configure-docker gcr.io + gcloud auth configure-docker us-docker.pkg.dev - name: pull mock collector image run: | - docker pull gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ - docker tag gcr.io/px-docker-repo/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ + docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ + docker us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG - name: deploy mock collector @@ -127,8 +127,8 @@ jobs: - name: pull fuzzer image run: | - docker pull gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG && \ - docker tag gcr.io/px-docker-repo/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG && \ + docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG && \ + docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/connect-enforcer-fuzzer:$FUZZER_TAG localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG && \ docker push localhost:5001/connect-enforcer-fuzzer:$FUZZER_TAG - name: run fuzzer From 6013117354fa3447853770fa582d0284ab815b1f Mon Sep 17 00:00:00 2001 From: enforcers-unihub-application Date: Mon, 24 Feb 2025 16:06:58 +0200 Subject: [PATCH 2/5] fix --- .github/workflows/fuzzer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fuzzer.yaml b/.github/workflows/fuzzer.yaml index 2b9b2a64..4c939349 100644 --- a/.github/workflows/fuzzer.yaml +++ b/.github/workflows/fuzzer.yaml @@ -96,7 +96,7 @@ jobs: - name: pull mock collector image run: | docker pull us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ - docker us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ + docker tag us-docker.pkg.dev/hmn-registry/docker-common-us/connecteam/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG && \ docker push localhost:5001/mock-collector:$MOCK_COLLECTOR_IMAGE_TAG - name: deploy mock collector From 788d44191e9e3fc660e3d209da4d7bb69e8b2532 Mon Sep 17 00:00:00 2001 From: enforcers-unihub-application Date: Wed, 11 Jun 2025 12:30:52 +0300 Subject: [PATCH 3/5] Added Cts cookie support --- src/main/java/com/perimeterx/models/PXContext.java | 13 +++++++++++++ .../models/activities/CommonActivityDetails.java | 4 ++++ .../perimeterx/models/httpmodels/Additional.java | 4 ++++ 3 files changed, 21 insertions(+) diff --git a/src/main/java/com/perimeterx/models/PXContext.java b/src/main/java/com/perimeterx/models/PXContext.java index 39d3bd90..4540eff8 100644 --- a/src/main/java/com/perimeterx/models/PXContext.java +++ b/src/main/java/com/perimeterx/models/PXContext.java @@ -228,6 +228,7 @@ public class PXContext { private String additionalRiskInfo; private String servletPath; private String pxhdDomain; + private String pxCtsCookie; private long enforcerStartTime; /** @@ -403,6 +404,7 @@ private void parseCookies(HttpServletRequest request, boolean isMobileToken) { DataEnrichmentCookie deCookie = headerParser.getRawDataEnrichmentCookie(this.tokens, cookieKeysToCheck(this, this.pxConfiguration)); this.pxde = deCookie.getJsonPayload(); this.pxdeVerified = deCookie.isValid(); + this.pxCtsCookie = setCtsCookie(cookies); } } @@ -429,6 +431,17 @@ private void setVidAndPxhd(Cookie[] cookies) { } } + private String setCtsCookie(Cookie[] cookies) { + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals("pxcts")) { + return cookie.getValue(); + } + } + } + return null; + } + public String getPxOriginalTokenCookie() { return originalTokenCookie; } diff --git a/src/main/java/com/perimeterx/models/activities/CommonActivityDetails.java b/src/main/java/com/perimeterx/models/activities/CommonActivityDetails.java index 9c06562c..c5baf184 100644 --- a/src/main/java/com/perimeterx/models/activities/CommonActivityDetails.java +++ b/src/main/java/com/perimeterx/models/activities/CommonActivityDetails.java @@ -56,6 +56,9 @@ public class CommonActivityDetails implements ActivityDetails { @JsonProperty("pass") public String password; + @JsonProperty("cross_tab_session") + public String pxCtsCookie; + public CommonActivityDetails(PXContext context) { final LoginData loginData = context.getLoginData(); @@ -81,6 +84,7 @@ public CommonActivityDetails(PXContext context) { this.callReason = additional.callReason; this.riskStartTime = additional.riskStartTime; this.enforcerStartTime = additional.enforcerStartTime; + this.pxCtsCookie = additional.pxCtsCookie; } } diff --git a/src/main/java/com/perimeterx/models/httpmodels/Additional.java b/src/main/java/com/perimeterx/models/httpmodels/Additional.java index 8fc7bf2f..2c4df51c 100644 --- a/src/main/java/com/perimeterx/models/httpmodels/Additional.java +++ b/src/main/java/com/perimeterx/models/httpmodels/Additional.java @@ -90,6 +90,9 @@ public class Additional { @JsonProperty("risk_start_time") public long riskStartTime; + @JsonProperty("cross_tab_session") + public String pxCtsCookie; + public static Additional fromContext(PXContext ctx) { Additional additional = new Additional(); additional.pxCookie = ctx.getRiskCookie(); @@ -110,6 +113,7 @@ public static Additional fromContext(PXContext ctx) { additional.requestId = ctx.getRequestId(); additional.enforcerStartTime = ctx.getEnforcerStartTime(); additional.riskStartTime = new Date().getTime(); + additional.pxCtsCookie = ctx.getPxCtsCookie(); setLoginCredentials(ctx, additional); From 45d94a8dd1b2c782f977bca47228992f395a95d7 Mon Sep 17 00:00:00 2001 From: enforcers-unihub-application Date: Thu, 12 Jun 2025 11:03:40 +0300 Subject: [PATCH 4/5] PR changes --- .../java/com/perimeterx/models/PXContext.java | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/perimeterx/models/PXContext.java b/src/main/java/com/perimeterx/models/PXContext.java index 4540eff8..f8c8cc41 100644 --- a/src/main/java/com/perimeterx/models/PXContext.java +++ b/src/main/java/com/perimeterx/models/PXContext.java @@ -398,17 +398,16 @@ private void parseCookies(HttpServletRequest request, boolean isMobileToken) { .map(request::getHeader) .toArray(String[]::new); this.requestCookieNames = CookieNamesExtractor.extractCookieNames(cookies); - setVidAndPxhd(cookies); + setVidPxhdAndPxcts(cookies); tokens.addAll(headerParser.createRawCookieDataList(cookieHeaders)); this.tokens = tokens; DataEnrichmentCookie deCookie = headerParser.getRawDataEnrichmentCookie(this.tokens, cookieKeysToCheck(this, this.pxConfiguration)); this.pxde = deCookie.getJsonPayload(); this.pxdeVerified = deCookie.isValid(); - this.pxCtsCookie = setCtsCookie(cookies); } } - private void setVidAndPxhd(Cookie[] cookies) { + private void setVidPxhdAndPxcts(Cookie[] cookies) { if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals("_pxvid") || cookie.getName().equals("pxvid")) { @@ -427,19 +426,11 @@ private void setVidAndPxhd(Cookie[] cookies) { logger.error("setVidAndPxhd - failed while decoding the pxhd value", e); } } - } - } - } - - private String setCtsCookie(Cookie[] cookies) { - if (cookies != null) { - for (Cookie cookie : cookies) { if (cookie.getName().equals("pxcts")) { - return cookie.getValue(); + this.pxCtsCookie = cookie.getValue(); } } } - return null; } public String getPxOriginalTokenCookie() { From aad99a6c34220ba8a244633868ab5197a8ddc6b9 Mon Sep 17 00:00:00 2001 From: enforcers-unihub-application Date: Sun, 15 Jun 2025 11:22:15 +0300 Subject: [PATCH 5/5] release v6.14.2 --- CHANGELOG.md | 3 +++ README.md | 2 +- pom.xml | 2 +- px_metadata.json | 2 +- web/pom.xml | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77a27b26..5b502004 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Change Log +## [v6.14.2](https://github.com/PerimeterX/perimeterx-java-sdk/compare/6.14.2...HEAD) (2025-06-15) +- Added Cross Tab Session cookie support on risk_api and async activities + ## [v6.14.1](https://github.com/PerimeterX/perimeterx-java-sdk/compare/6.14.1...HEAD) (2024-11-12) - Fix Telemetry bug when sending page requested activities when telemetry fails - Fix risk_rtt is not sent when risk call gets s2s_timeout diff --git a/README.md b/README.md index aeaf943a..edd35c1e 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ # [PerimeterX](http://www.perimeterx.com) Java SDK -> Latest stable version: [v6.14.1](https://search.maven.org/#artifactdetails%7Ccom.perimeterx%7Cperimeterx-sdk%7C6.15.0%7Cjar) +> Latest stable version: [v6.14.2](https://search.maven.org/#artifactdetails%7Ccom.perimeterx%7Cperimeterx-sdk%7C6.15.0%7Cjar) ## Table of Contents diff --git a/pom.xml b/pom.xml index 61cd299b..8cfc7cd6 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ PerimeterX JAVA SDK com.perimeterx perimeterx-sdk - 6.14.1 + 6.14.2 jar PerimeterX Java SDK diff --git a/px_metadata.json b/px_metadata.json index ba6268e9..62d6972b 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -1,5 +1,5 @@ { - "version": "6.14.1", + "version": "6.14.2", "supported_features": [ "advanced_blocking_response", "bypass_monitor_header", diff --git a/web/pom.xml b/web/pom.xml index 2228c520..0a228be3 100644 --- a/web/pom.xml +++ b/web/pom.xml @@ -65,7 +65,7 @@ 8 8 - 6.14.1 + 6.14.2