コード例 #1
0
func evaluateInvalidVerbs(r *http.Request) {

	if !isValidVerb(r.Method) {
		glog.Info("Invalid HTTP verb seen, creating event.")
		go ids.AddEvent("Request", "RE2", r)
	}

}
コード例 #2
0
func evaluateUnexpectedVerbs(r *http.Request) {

	if config.EnableGlobalPreflightRequests && r.Method == "OPTIONS" {
		// using OPTIONS always allowed in preflight mode
		return
	}

	if staticPaths.Exists(r.URL.Path) {
		for _, verb := range config.Resources[r.URL.Path] {
			if verb == r.Method {
				// found matching verb .. bail
				return
			}
		}

		glog.Info("Invalid verb was found for static path, creating event.")
		go ids.AddEvent("Request", "RE1", r)
		return
	}

	for _, re := range regexPaths {
		if re.MatchString(r.URL.Path) {

			for _, verb := range config.Resources["REGEX|"+r.URL.Path] {
				if verb == r.Method {
					// found matching verb .. bail
					return
				}
			}

			glog.Info("Invalid verb was found for regex path, creating event.")
			go ids.AddEvent("Request", "RE1", r)
			return
		}
	}

	if config.EvaluateUnlistedResources {
		glog.Info("No resource listing matched, creating event.")
		go ids.AddEvent("Request", "RE1", r)
	}
}
コード例 #3
0
func evaluateUnexpectedResources(r *http.Request) {

	if staticPaths.Exists(r.URL.Path) {
		// found static route, we're good
		return
	}

	for _, re := range regexPaths {
		if re.MatchString(r.URL.Path) {
			// found match with regex, we're good
			return
		}
	}

	//create event - didn't find a match
	glog.Info("Did not find matching resource - creating event.")
	go ids.AddEvent("Access Control", "ACE1", r)

}