middleware

package
v0.0.0-...-8a43d78 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2016 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DELIMETER              = ":"
	DURATION_TIMESTAMP_KEY = "APPSENSOR_DURATION_TIMESTAMPS"
)

Variables

This section is empty.

Functions

func Block

func Block(next http.Handler) http.Handler

func InvalidVerbs

func InvalidVerbs(next http.Handler) http.Handler

this functionality covers the a completely invalid HTTP verb is used (ie. GOTO) whitelist is: [HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT] https://www.owasp.org/index.php/AppSensor_DetectionPoints#RE2:_Attempt_to_Invoke_Unsupported_HTTP_Method

func PopulateExpectedResources

func PopulateExpectedResources(resourcesYamlFile *string)

func PopulateExpectedVerbs

func PopulateExpectedVerbs(verbsYamlFile *string)

func Recovery

func Recovery(next http.Handler) http.Handler

func Trend

func Trend(next http.Handler) http.Handler

func UnexpectedResources

func UnexpectedResources(next http.Handler) http.Handler

this functionality covers the situation where a user has requested a resource that is not specified (ie. allowed) in the resources yml file see https://www.owasp.org/index.php/AppSensor_DetectionPoints#ACE3:_Force_Browsing_Attempt

func UnexpectedVerbs

func UnexpectedVerbs(next http.Handler) http.Handler

this functionality covers the situation where a valid HTTP verb is used in an unexpected place (ie. GET when expecting POST) see https://www.owasp.org/index.php/AppSensor_DetectionPoints#RE1:_Unexpected_HTTP_Command

Types

type ResourcesConfig

type ResourcesConfig struct {
	Resources []string
}

type VerbsConfig

type VerbsConfig struct {
	EnableGlobalPreflightRequests bool
	EvaluateUnlistedResources     bool
	Resources                     map[string][]string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL