Documentation ¶
Index ¶
- Constants
- func Block(next http.Handler) http.Handler
- func InvalidVerbs(next http.Handler) http.Handler
- func LogExecutionTime(next http.Handler) http.Handler
- func PopulateExpectedResources(resourcesYamlFile *string)
- func PopulateExpectedVerbs(verbsYamlFile *string)
- func Recovery(next http.Handler) http.Handler
- func Trend(next http.Handler) http.Handler
- func UnexpectedResources(next http.Handler) http.Handler
- func UnexpectedVerbs(next http.Handler) http.Handler
- type ResourcesConfig
- type VerbsConfig
Constants ¶
const ( DELIMETER = ":" DURATION_TIMESTAMP_KEY = "APPSENSOR_DURATION_TIMESTAMPS" )
Variables ¶
This section is empty.
Functions ¶
func InvalidVerbs ¶
this functionality covers the a completely invalid HTTP verb is used (ie. GOTO) whitelist is: [HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT] https://www.owasp.org/index.php/AppSensor_DetectionPoints#RE2:_Attempt_to_Invoke_Unsupported_HTTP_Method
func LogExecutionTime ¶
func PopulateExpectedResources ¶
func PopulateExpectedResources(resourcesYamlFile *string)
func PopulateExpectedVerbs ¶
func PopulateExpectedVerbs(verbsYamlFile *string)
func UnexpectedResources ¶
this functionality covers the situation where a user has requested a resource that is not specified (ie. allowed) in the resources yml file see https://www.owasp.org/index.php/AppSensor_DetectionPoints#ACE3:_Force_Browsing_Attempt
func UnexpectedVerbs ¶
this functionality covers the situation where a valid HTTP verb is used in an unexpected place (ie. GET when expecting POST) see https://www.owasp.org/index.php/AppSensor_DetectionPoints#RE1:_Unexpected_HTTP_Command
Types ¶
type ResourcesConfig ¶
type ResourcesConfig struct {
Resources []string
}