Example 41 with HttpRequest
use of org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpRequest in project tesla by linking12.
the class BlackUaHttpRequestFilter method doFilter.
@Override
public HttpResponse doFilter(HttpRequest originalRequest, HttpObject httpObject, ChannelHandlerContext channelHandlerContext) {
if (httpObject instanceof HttpRequest) {
List<String> headerValues = FilterUtil.getHeaderValues(originalRequest, "User-Agent");
List<Pattern> patterns = super.getRule(this);
if (headerValues.size() > 0 && headerValues.get(0) != null) {
for (Pattern pattern : patterns) {
Matcher matcher = pattern.matcher(headerValues.get(0));
if (matcher.find()) {
super.writeFilterLog(headerValues.toString(), BlackIpHttpRequesFilter.class, pattern.pattern());
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
}
}
}
}
return null;
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
Example 42 with HttpRequest
use of org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpRequest in project tesla by linking12.
the class Oauth2HttpRequestFilter method doFilter.
@Override
public HttpResponse doFilter(HttpRequest originalRequest, HttpObject httpObject, ChannelHandlerContext channelHandlerContext) {
if (httpObject instanceof HttpRequest) {
try {
HttpRequest httpRequest = (HttpRequest) httpObject;
NettyHttpServletRequest servletRequest = new NettyHttpServletRequest(httpRequest, "/", channelHandlerContext);
OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(servletRequest, ParameterStyle.QUERY);
String accessToken = oauthRequest.getAccessToken();
if (!oauth2TokenCache.checkAccessToken(accessToken)) {
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
}
} catch (Throwable e) {
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
}
}
return null;
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)
NettyHttpServletRequest(io.github.tesla.gateway.netty.servlet.NettyHttpServletRequest)
Example 43 with HttpRequest
use of org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpRequest in project tesla by linking12.
the class RateLimitHttpRequestFilter method doFilter.
@Override
public HttpResponse doFilter(HttpRequest originalRequest, HttpObject httpObject, ChannelHandlerContext channelHandlerContext) {
if (httpObject instanceof HttpRequest) {
HttpRequest httpRequest = (HttpRequest) httpObject;
String url = httpRequest.uri();
int index = url.indexOf("?");
if (index > -1) {
url = url.substring(0, index);
}
RateLimiter rateLimiter = null;
try {
rateLimiter = loadingCache.get(url);
} catch (Throwable e) {
}
// 如果1秒钟没有获取令牌,说明被限制了
if (rateLimiter != null && !rateLimiter.tryAcquire(1000, TimeUnit.MILLISECONDS)) {
super.writeFilterLog(Double.toString(rateLimiter.getRate()), this.getClass(), "RateLimiter");
return super.createResponse(HttpResponseStatus.TOO_MANY_REQUESTS, originalRequest);
}
}
return null;
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
RateLimiter(com.google.common.util.concurrent.RateLimiter)
Example 44 with HttpRequest
use of org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpRequest in project tesla by linking12.
the class SecurityScannerHttpRequestFilter method doFilter.
@Override
public HttpResponse doFilter(HttpRequest originalRequest, HttpObject httpObject, ChannelHandlerContext channelHandlerContext) {
if (httpObject instanceof HttpRequest) {
HttpRequest httpRequest = (HttpRequest) httpObject;
boolean acunetixAspect = httpRequest.headers().contains("Acunetix-Aspect");
boolean acunetixAspectPassword = httpRequest.headers().contains("Acunetix-Aspect-Password");
boolean acunetixAspectQueries = httpRequest.headers().contains("Acunetix-Aspect-Queries");
boolean xScanMemo = httpRequest.headers().contains("X-Scan-Memo");
boolean xRequestMemo = httpRequest.headers().contains("X-Request-Memo");
boolean xRequestManagerMemo = httpRequest.headers().contains("X-RequestManager-Memo");
boolean xWIPP = httpRequest.headers().contains("X-WIPP");
Pattern pattern1 = Pattern.compile("AppScan_fingerprint");
Matcher matcher1 = pattern1.matcher(httpRequest.uri());
String bsKey = "--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E";
boolean matcher2 = httpRequest.uri().contains(bsKey);
Pattern pattern3 = Pattern.compile("netsparker=");
Matcher matcher3 = pattern3.matcher(httpRequest.uri());
if (acunetixAspect || acunetixAspectPassword || acunetixAspectQueries) {
super.writeFilterLog(httpRequest.headers().toString(), this.getClass(), "Acunetix Web Vulnerability");
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
} else if (xScanMemo || xRequestMemo || xRequestManagerMemo || xWIPP) {
super.writeFilterLog(httpRequest.headers().toString(), this.getClass(), "HP WebInspect");
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
} else if (matcher1.find()) {
super.writeFilterLog(httpRequest.headers().toString(), this.getClass(), "Appscan");
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
} else if (matcher2) {
super.writeFilterLog(httpRequest.headers().toString(), this.getClass(), "Bugscan");
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
} else if (matcher3.find()) {
super.writeFilterLog(httpRequest.headers().toString(), this.getClass(), "Netsparker");
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
}
}
return null;
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
Example 45 with HttpRequest
use of org.apache.flink.shaded.netty4.io.netty.handler.codec.http.HttpRequest in project tesla by linking12.
the class URLParamHttpRequestFilter method doFilter.
@Override
public HttpResponse doFilter(HttpRequest originalRequest, HttpObject httpObject, ChannelHandlerContext channelHandlerContext) {
if (httpObject instanceof HttpRequest) {
HttpRequest httpRequest = (HttpRequest) httpObject;
String url = null;
try {
String uri = httpRequest.uri().replaceAll("%", "%25");
url = URLDecoder.decode(uri, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
if (url != null) {
int index = url.indexOf("?");
if (index > -1) {
String argsStr = url.substring(index + 1);
String[] args = argsStr.split("&");
for (String arg : args) {
String[] kv = arg.split("=");
if (kv.length == 2) {
List<Pattern> patterns = super.getRule(this);
for (Pattern pattern : patterns) {
String param = kv[1].toLowerCase();
Matcher matcher = pattern.matcher(param);
if (matcher.find()) {
super.writeFilterLog(param, this.getClass(), pattern.pattern());
return super.createResponse(HttpResponseStatus.FORBIDDEN, originalRequest);
}
}
}
}
}
}
}
return null;
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
Aggregations
HttpRequest (io.netty.handler.codec.http.HttpRequest)283
DefaultHttpRequest (io.netty.handler.codec.http.DefaultHttpRequest)104
DefaultFullHttpRequest (io.netty.handler.codec.http.DefaultFullHttpRequest)95
Test (org.junit.Test)83
FullHttpRequest (io.netty.handler.codec.http.FullHttpRequest)66
EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)50
HttpResponse (io.netty.handler.codec.http.HttpResponse)49
FullHttpResponse (io.netty.handler.codec.http.FullHttpResponse)34
HttpHeaders (io.netty.handler.codec.http.HttpHeaders)34
ByteBuf (io.netty.buffer.ByteBuf)32
LastHttpContent (io.netty.handler.codec.http.LastHttpContent)31
HttpContent (io.netty.handler.codec.http.HttpContent)30
Test (org.junit.jupiter.api.Test)30
URI (java.net.URI)29
Channel (io.netty.channel.Channel)28
HttpMethod (io.netty.handler.codec.http.HttpMethod)26
IOException (java.io.IOException)25
DefaultFullHttpResponse (io.netty.handler.codec.http.DefaultFullHttpResponse)24
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)19
DefaultHttpHeaders (io.netty.handler.codec.http.DefaultHttpHeaders)19
