Giter VIP home page Giter VIP logo

harbinger's People

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

tolgadevsec

harbinger's Issues

Analyze request fields without @Tripwired

Hello,

I recently stumbled upon your project and really like it. There is a feature I'd like to suggest you.

By now, the @Tripwired annotation has to be used on forms and DTOs to detect potentially malicious input. Our application contains a whole bunch of forms making this solution quite uncomfortable.
If the HttpEvidenceFilter is extended to automatically iterate through all the HttpServletRequest's parameters that come in, this functionality does not need the @Tripwired annotation.

I tested it by extending the filter and it works fine.
HttpEvidenceFilter.java:

public class HttpEvidenceFilter extends OncePerRequestFilter {

    ...

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        Evidence evidence = new Evidence(request);
        analyzeRequest(request);

        ...
    }

    protected void analyzeRequest(HttpServletRequest request) {
        Map<String, String[]> parameterMap = request.getParameterMap();
        parameterMap.values().stream().forEach(values -> analyze(values));
    }

    protected void analyze(String[] values) {
         Arrays.stream(values).forEach(value -> this.ctx.isValid(value));
    }
}

Blacklisting: stuck in loop

It seems like I encountered a bug in the blacklisting mechanism. Imagine the following:

A user performs several malicious activities that are totaled up by the EvidenceCollector. As soon as the score exceeds the IP-threshold, the user's IP is blacklisted for the configured amount of time.
After the blacklisting has expired, the user can access the application again. However, the collected and aggregated evidence is still stored by the EvidenceCollector. Upon the next request (doesn't matter if malicious or not) the aggregated evidence is checked and the user is blacklisted again because the score has not been cleared and is still exceeding the IP-threshold.

Is this a bug or something I got wrong?

I implemented a small Bugfix that clears the evidence from the EvidenceCollector as soon as a BlacklistIpAction is performed. Now the blacklisting mechanism works fine.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.