diff --git a/pkg/teler/teler.go b/pkg/teler/teler.go index dc101119..4ead6561 100644 --- a/pkg/teler/teler.go +++ b/pkg/teler/teler.go @@ -17,7 +17,7 @@ import ( // Analyze logs from threat resources func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string) { - var match, status bool + var match bool log := make(map[string]string) rsc := resource.Get() @@ -53,16 +53,16 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string continue } + if isWhitelist(options, p+"="+dec) { + continue + } + cwa, _ := fastjson.Parse(con) for _, v := range cwa.GetArray("filters") { log["category"] = cat + ": " + string(v.GetStringBytes("description")) log["element"] = "request_uri" quote := regexp.QuoteMeta(dec) - if isWhitelist(options, p+"="+dec) { - continue - } - match = matchers.IsMatch( string(v.GetStringBytes("rule")), quote, @@ -82,11 +82,17 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string } } case "CVE": + // var status bool + req, err := url.ParseRequestURI(log["request_uri"]) if err != nil { break } + if isWhitelist(options, req.RequestURI()) { + break + } + log["element"] = "request_uri" cves, _ := fastjson.Parse(con) for _, cve := range cves.GetArray("templates") { @@ -102,17 +108,17 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string // continue // } - for _, m := range r.GetArray("matchers") { - for _, s := range m.GetArray("status") { - if log["status"] == s.String() { - status = true - } - } - } + // for _, m := range r.GetArray("matchers") { + // for _, s := range m.GetArray("status") { + // if log["status"] == s.String() { + // status = true + // } + // } + // } - if !status { - continue - } + // if !status { + // continue + // } for _, p := range r.GetArray("path") { diff, err := url.ParseRequestURI(