From bf02fdb35106a0025af064794ea80972d9d97fd2 Mon Sep 17 00:00:00 2001 From: Leonardo Bambini Date: Mon, 5 Jan 2026 10:01:51 +0100 Subject: [PATCH] modified default analyzer values --- config.yaml | 12 ++++++------ src/analyzer.py | 10 +++------- src/config.py | 4 ++-- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/config.yaml b/config.yaml index 987588c..48394dd 100644 --- a/config.yaml +++ b/config.yaml @@ -38,9 +38,9 @@ behavior: probability_error_codes: 0 # 0-100 percentage analyzer: - http_risky_methods_threshold: 0.1 - violated_robots_threshold: 0.1 - uneven_request_timing_threshold: 5 - uneven_request_timing_time_window_seconds: 300 - user_agents_used_threshold: 1 - attack_urls_threshold: 1 \ No newline at end of file + # http_risky_methods_threshold: 0.1 + # violated_robots_threshold: 0.1 + # uneven_request_timing_threshold: 5 + # uneven_request_timing_time_window_seconds: 300 + # user_agents_used_threshold: 2 + # attack_urls_threshold: 1 \ No newline at end of file diff --git a/src/analyzer.py b/src/analyzer.py index 48c5fad..feffc8a 100644 --- a/src/analyzer.py +++ b/src/analyzer.py @@ -111,9 +111,7 @@ class Analyzer: delete_accesses_count = len([item for item in accesses if item["method"] == "DELETE"]) head_accesses_count = len([item for item in accesses if item["method"] == "HEAD"]) options_accesses_count = len([item for item in accesses if item["method"] == "OPTIONS"]) - patch_accesses_count = len([item for item in accesses if item["method"] == "PATCH"]) - #print(f"TOTAL: {total_accesses_count} - GET: {get_accesses_count} - POST: {post_accesses_count}") - + patch_accesses_count = len([item for item in accesses if item["method"] == "PATCH"]) if total_accesses_count > http_risky_methods_threshold: http_method_attacker_score = (post_accesses_count + put_accesses_count + delete_accesses_count + options_accesses_count + patch_accesses_count) / total_accesses_count @@ -131,10 +129,6 @@ class Analyzer: score["good_crawler"]["risky_http_methods"] = False score["bad_crawler"]["risky_http_methods"] = False score["regular_user"]["risky_http_methods"] = False - - #print(f"Updated score: {score}") - - #--------------------- Robots Violations --------------------- #respect robots.txt and login/config pages access frequency @@ -248,6 +242,8 @@ class Analyzer: #--------------------- Calculate score --------------------- + attacker_score = good_crawler_score = bad_crawler_score = regular_user_score = 0 + attacker_score = score["attacker"]["risky_http_methods"] * weights["attacker"]["risky_http_methods"] attacker_score = attacker_score + score["attacker"]["robots_violations"] * weights["attacker"]["robots_violations"] attacker_score = attacker_score + score["attacker"]["uneven_request_timing"] * weights["attacker"]["uneven_request_timing"] diff --git a/src/config.py b/src/config.py index 815a8ca..58d6616 100644 --- a/src/config.py +++ b/src/config.py @@ -103,7 +103,7 @@ class Config: api = data.get('api', {}) database = data.get('database', {}) behavior = data.get('behavior', {}) - analyzer = data.get('analyzer', {}) + analyzer = data.get('analyzer') or {} # Handle dashboard_secret_path - auto-generate if null/not set dashboard_path = dashboard.get('secret_path') @@ -142,7 +142,7 @@ class Config: violated_robots_threshold=analyzer.get('violated_robots_threshold', 0.1), uneven_request_timing_threshold=analyzer.get('uneven_request_timing_threshold', 5), uneven_request_timing_time_window_seconds=analyzer.get('uneven_request_timing_time_window_seconds', 300), - user_agents_used_threshold=analyzer.get('user_agents_used_threshold', 1), + user_agents_used_threshold=analyzer.get('user_agents_used_threshold', 2), attack_urls_threshold=analyzer.get('attack_urls_threshold', 1) )