Add detection for inbound HTTP/API requests about applicationinspector HOT 7 CLOSED

Updated title to be for a rule/rules for inbound HTTP. For outbound HTTP I think the existing rules cover many cases, but if you have samples that are not detected you'd expect to be detected I can also look into expanding those.

from applicationinspector.

@cqueern

Are you specifically interested in instances of calling an endpoint directly with an HTTP request? For example, if you call into an SDK and the SDK makes a request to the API that would be infeasible to detect with Application Inspector. AppInspector already has some coverage depending on lanugage for detecting HTTP requests themselves -

If you want to know what endpoints are being called, application inspector also has a rule for detecting urls starting with http or https:

Looking over the rules I think what can be feasibly gathered towards this end should already be captured, but how would you expand this coverage? I'm not sure how we could distinguish an API endpoint vs just a URL with a data file in the above queries - the structure of the URL doesn't tell you if an endpoint is an API or not.

from applicationinspector.

You can also potentially leverage CodeQL for a more precise way to find all endpoints in the source.

from applicationinspector.

Hey thanks @gfs . Those look helpful for sure but not really what I'm looking for. Those would seem to identify code that makes outbound HTTP requests, but I'm hoping for a feature that says, "This code appears to listen for inbound API requests". Not sure I'm explaining it well...

from applicationinspector.

@cqueern Ah, I see. Sorry I misunderstood and thought you were looking for outbound HTTP. I agree, inbound HTTP listeners could be a good addition.

from applicationinspector.

PR #578 adds some basic Socket and HTTP Listener detections. If you have other examples for other cases you'd want these rules to catch those would be helpful.

from applicationinspector.

Thank you Team!

from applicationinspector.