Skip to content
This repository has been archived by the owner on Feb 13, 2024. It is now read-only.

Commit

Permalink
Fix #75: Improves whitelist
Browse files Browse the repository at this point in the history
  • Loading branch information
@dwisiswant0
dwisiswant0 committed Nov 26, 2020
1 parent 9ce5a22 commit dcda25f
Showing 1 changed file with 21 additions and 15 deletions.
36 changes: 21 additions & 15 deletions pkg/teler/teler.go
View file
Expand Up @@ -17,7 +17,7 @@ import (

// Analyze logs from threat resources
func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string) {
var match, status bool
var match bool
log := make(map[string]string)
rsc := resource.Get()

Expand Down Expand Up @@ -53,16 +53,16 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
continue
}

if isWhitelist(options, p+"="+dec) {
continue
}

cwa, _ := fastjson.Parse(con)
for _, v := range cwa.GetArray("filters") {
log["category"] = cat + ": " + string(v.GetStringBytes("description"))
log["element"] = "request_uri"
quote := regexp.QuoteMeta(dec)

if isWhitelist(options, p+"="+dec) {
continue
}

match = matchers.IsMatch(
string(v.GetStringBytes("rule")),
quote,
Expand All @@ -82,11 +82,17 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
}
}
case "CVE":
// var status bool

req, err := url.ParseRequestURI(log["request_uri"])
if err != nil {
break
}

if isWhitelist(options, req.RequestURI()) {
break
}

log["element"] = "request_uri"
cves, _ := fastjson.Parse(con)
for _, cve := range cves.GetArray("templates") {
Expand All @@ -102,17 +108,17 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
// continue
// }

for _, m := range r.GetArray("matchers") {
for _, s := range m.GetArray("status") {
if log["status"] == s.String() {
status = true
}
}
}
// for _, m := range r.GetArray("matchers") {
// for _, s := range m.GetArray("status") {
// if log["status"] == s.String() {
// status = true
// }
// }
// }

if !status {
continue
}
// if !status {
// continue
// }

for _, p := range r.GetArray("path") {
diff, err := url.ParseRequestURI(
Expand Down

0 comments on commit dcda25f

Please sign in to comment.