Comments (7)
Updated title to be for a rule/rules for inbound HTTP. For outbound HTTP I think the existing rules cover many cases, but if you have samples that are not detected you'd expect to be detected I can also look into expanding those.
from applicationinspector.
Are you specifically interested in instances of calling an endpoint directly with an HTTP request? For example, if you call into an SDK and the SDK makes a request to the API that would be infeasible to detect with Application Inspector. AppInspector already has some coverage depending on lanugage for detecting HTTP requests themselves -
If you want to know what endpoints are being called, application inspector also has a rule for detecting urls starting with http or https:
Looking over the rules I think what can be feasibly gathered towards this end should already be captured, but how would you expand this coverage? I'm not sure how we could distinguish an API endpoint vs just a URL with a data file in the above queries - the structure of the URL doesn't tell you if an endpoint is an API or not.
from applicationinspector.
You can also potentially leverage CodeQL for a more precise way to find all endpoints in the source.
from applicationinspector.
Hey thanks @gfs . Those look helpful for sure but not really what I'm looking for. Those would seem to identify code that makes outbound HTTP requests, but I'm hoping for a feature that says, "This code appears to listen for inbound API requests". Not sure I'm explaining it well...
from applicationinspector.
@cqueern Ah, I see. Sorry I misunderstood and thought you were looking for outbound HTTP. I agree, inbound HTTP listeners could be a good addition.
from applicationinspector.
PR #578 adds some basic Socket and HTTP Listener detections. If you have other examples for other cases you'd want these rules to catch those would be helpful.
from applicationinspector.
Thank you Team!
from applicationinspector.
Related Issues (20)
- Switch to include rules by submodule HOT 1
- Add capability for rules to depend on other rules (that may have applied to different files) HOT 8
- Support TagsOnly mode with DependsOnTags HOT 1
- Refactor MetaDataHelper HOT 1
- Support Localization + Add French Translation HOT 3
- Microsoft/ApplicationInspector HOT 2
- Add XPath Namespaces to for xpaths HOT 1
- Limit excerpt size. HOT 2
- Add detection for common enterprise SaaS integrations HOT 3
- Number the Source File Listing results in the output.html file HOT 1
- Number the Source File Listing results in the output.html file HOT 1
- Create a Json Schema Specification for AI Rules
- Uncaught exception while executing analyze command HOT 1
- Wiki Update with new features and supported languages HOT 5
- Update CLI Usage documentation to include instructions on how to update Application Inspector HOT 2
- Some Calls To ShellProgressBar Crash On Google Colab Notebook HOT 2
- Emit formatted SARIF HOT 1
- Stack overflow exception in TextContainer.GetPrefixLocation HOT 2
- Unable to apply Custom Rule against Yaml File HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from applicationinspector.