Page tree
Skip to end of metadata
Go to start of metadata

Sitemaps are models of backend applications that can be used as a whitelist in workflows. Sitemaps can contain information to describe operations (method), paths (URI), query vars parameters (query parameters) and formdata parameter (post data parameters).

The Sitemap profiles are used in the Sitemap Validation node of the Workflow.

Sitemaps View

Sitemaps are available under the Policies pannel in the Security category. This view lists all available sitemap with the following fields:

  • Sitemap: the name of the sitemap.
  • Base Path: the base path of the sitemap.
  • Comment: a custom description of the sitemap.

This view allows to create, modify, remove, open, import and export sitemaps.

Create a Sitemap

Creating a sitemap will add a new empty sitemap. The General tab displays the following fields:

  • Name: the name of the sitemap.
  • Comment: a custom description of the sitemap.
  • Base Path: the base path of the sitemap.

The behaviours tab gives access to 3 new fields which configurate the way the sitemap will be validated when used in the Sitemap Validation node.

  • Match policy: Defines the matching behaviour of the Sitemap Validation node when static and dynamic paths exist for the same resource. The value "Any match" allows dynamic paths to be checked when static paths have not been able to match the method and path of the request. The value "Strict" allows dynamic paths only when no static path has been found to match the method and path of the request. If a static path is not able to match a request because of the parameters, the validation will not check the dynamic paths to match the request and the validation will fail.
  • Query vars policy: Defines the validation behaviour regarding query parameters. The "Defined only" value will only allow validation of query parameters defined in the sitemap used by the Sitemap Validation node. Unknown parameters will automatically make sitemap validation fails. The "Accept Undefined" value will allow undeclared query parameters to be accepted by the Sitemap Validation node.
  • FormData vars policy: Defines the validation behaviour regarding form data parameters (also called post data parameters). The "Defined only" value will allow validation of form data parameters defined in the sitemap. The "Accept Undefined" value will allow undeclared form data parameters to be accepted by the Sitemap Validation node.

 

Modify a Sitemap

Modifying a sitemap will update the fields of the selected sitemap with the following values:

  • Name: the name of the sitemap,
  • Comment: a custom description of the sitemap,
  • Base Path: the base path of the sitemap.

Remove a Sitemap

Removing the selected sitemaps will delete them from the database.

Import a Sitemap

Importing a sitemap will update the selected sitemap with a user provided file. Importation involve learning algorithm that will incorporate the sitemap from the uploaded file into the selected sitemap (i.e. methods and paths will be updated). The importation of sitemap is done with the following fields:

  • File: the file to upload and containing the data to import,
  • Type: the type of the sitemap, the importation manage the following types:
  • Operation learning: Defines if operations (methods) will be learnt from the imported file or if they will all be replaced by the wildcard method "ACCEPT-ALL".
  • Clear content: Defines if the content of the sitemap must be removed before importing the new data.

Export a Sitemap

The sitemaps can be downloaded in the swagger 2.0 json format.

Sitemap Detailed view

Double-clicking on the sitemap or clicking on the "open" button open a new tab with the content of the selected sitemap. Here is an example of a short sitemap:

A sitemap is built by adding different pieces of information to match the available pages of a websites including method and parameters. The following informations are available:

  • Paths: list of path added to the sitemap. They can be static or dynamic.
  • Operations: the HTTP methods allowed on the corresponding path.
  • Global parameters: list of parameters available everywhere in the sitemap
  • Path parameters: list of parameters available for all operations of a defined path.
  • Operation parameters: list of parameters dedicated to a specific operation and path

Learning a Sitemap

To get a more accurate sitemap of a backend application, Learning algorithm are available with Learning Logs feature.