ctrl-alt-dev / harbinger Goto Github PK
View Code? Open in Web Editor NEWA Spring MVC/Security based Web Application Intrusion Detection and Defense Framework.
License: Apache License 2.0
A Spring MVC/Security based Web Application Intrusion Detection and Defense Framework.
License: Apache License 2.0
Hello,
I recently stumbled upon your project and really like it. There is a feature I'd like to suggest you.
By now, the @Tripwired
annotation has to be used on forms and DTOs to detect potentially malicious input. Our application contains a whole bunch of forms making this solution quite uncomfortable.
If the HttpEvidenceFilter
is extended to automatically iterate through all the HttpServletRequest
's parameters that come in, this functionality does not need the @Tripwired
annotation.
I tested it by extending the filter and it works fine.
HttpEvidenceFilter.java
:
public class HttpEvidenceFilter extends OncePerRequestFilter {
...
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
Evidence evidence = new Evidence(request);
analyzeRequest(request);
...
}
protected void analyzeRequest(HttpServletRequest request) {
Map<String, String[]> parameterMap = request.getParameterMap();
parameterMap.values().stream().forEach(values -> analyze(values));
}
protected void analyze(String[] values) {
Arrays.stream(values).forEach(value -> this.ctx.isValid(value));
}
}
It seems like I encountered a bug in the blacklisting mechanism. Imagine the following:
A user performs several malicious activities that are totaled up by the EvidenceCollector
. As soon as the score exceeds the IP-threshold, the user's IP is blacklisted for the configured amount of time.
After the blacklisting has expired, the user can access the application again. However, the collected and aggregated evidence is still stored by the EvidenceCollector
. Upon the next request (doesn't matter if malicious or not) the aggregated evidence is checked and the user is blacklisted again because the score has not been cleared and is still exceeding the IP-threshold.
Is this a bug or something I got wrong?
I implemented a small Bugfix that clears the evidence from the EvidenceCollector
as soon as a BlacklistIpAction
is performed. Now the blacklisting mechanism works fine.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.