modified default analyzer values
This commit is contained in:
Leonardo Bambini
12
config.yaml
12
config.yaml
@@ -38,9 +38,9 @@ behavior:
|
|||||||
probability_error_codes: 0 # 0-100 percentage
|
probability_error_codes: 0 # 0-100 percentage
|
||||||
|
|
||||||
analyzer:
|
analyzer:
|
||||||
http_risky_methods_threshold: 0.1
|
# http_risky_methods_threshold: 0.1
|
||||||
violated_robots_threshold: 0.1
|
# violated_robots_threshold: 0.1
|
||||||
uneven_request_timing_threshold: 5
|
# uneven_request_timing_threshold: 5
|
||||||
uneven_request_timing_time_window_seconds: 300
|
# uneven_request_timing_time_window_seconds: 300
|
||||||
user_agents_used_threshold: 1
|
# user_agents_used_threshold: 2
|
||||||
attack_urls_threshold: 1
|
# attack_urls_threshold: 1
|
||||||
@@ -111,9 +111,7 @@ class Analyzer:
|
|||||||
delete_accesses_count = len([item for item in accesses if item["method"] == "DELETE"])
|
delete_accesses_count = len([item for item in accesses if item["method"] == "DELETE"])
|
||||||
head_accesses_count = len([item for item in accesses if item["method"] == "HEAD"])
|
head_accesses_count = len([item for item in accesses if item["method"] == "HEAD"])
|
||||||
options_accesses_count = len([item for item in accesses if item["method"] == "OPTIONS"])
|
options_accesses_count = len([item for item in accesses if item["method"] == "OPTIONS"])
|
||||||
patch_accesses_count = len([item for item in accesses if item["method"] == "PATCH"])
|
patch_accesses_count = len([item for item in accesses if item["method"] == "PATCH"])
|
||||||
#print(f"TOTAL: {total_accesses_count} - GET: {get_accesses_count} - POST: {post_accesses_count}")
|
|
||||||
|
|
||||||
|
|
||||||
if total_accesses_count > http_risky_methods_threshold:
|
if total_accesses_count > http_risky_methods_threshold:
|
||||||
http_method_attacker_score = (post_accesses_count + put_accesses_count + delete_accesses_count + options_accesses_count + patch_accesses_count) / total_accesses_count
|
http_method_attacker_score = (post_accesses_count + put_accesses_count + delete_accesses_count + options_accesses_count + patch_accesses_count) / total_accesses_count
|
||||||
@@ -131,10 +129,6 @@ class Analyzer:
|
|||||||
score["good_crawler"]["risky_http_methods"] = False
|
score["good_crawler"]["risky_http_methods"] = False
|
||||||
score["bad_crawler"]["risky_http_methods"] = False
|
score["bad_crawler"]["risky_http_methods"] = False
|
||||||
score["regular_user"]["risky_http_methods"] = False
|
score["regular_user"]["risky_http_methods"] = False
|
||||||
|
|
||||||
#print(f"Updated score: {score}")
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#--------------------- Robots Violations ---------------------
|
#--------------------- Robots Violations ---------------------
|
||||||
#respect robots.txt and login/config pages access frequency
|
#respect robots.txt and login/config pages access frequency
|
||||||
@@ -248,6 +242,8 @@ class Analyzer:
|
|||||||
|
|
||||||
#--------------------- Calculate score ---------------------
|
#--------------------- Calculate score ---------------------
|
||||||
|
|
||||||
|
attacker_score = good_crawler_score = bad_crawler_score = regular_user_score = 0
|
||||||
|
|
||||||
attacker_score = score["attacker"]["risky_http_methods"] * weights["attacker"]["risky_http_methods"]
|
attacker_score = score["attacker"]["risky_http_methods"] * weights["attacker"]["risky_http_methods"]
|
||||||
attacker_score = attacker_score + score["attacker"]["robots_violations"] * weights["attacker"]["robots_violations"]
|
attacker_score = attacker_score + score["attacker"]["robots_violations"] * weights["attacker"]["robots_violations"]
|
||||||
attacker_score = attacker_score + score["attacker"]["uneven_request_timing"] * weights["attacker"]["uneven_request_timing"]
|
attacker_score = attacker_score + score["attacker"]["uneven_request_timing"] * weights["attacker"]["uneven_request_timing"]
|
||||||
|
|||||||
@@ -103,7 +103,7 @@ class Config:
|
|||||||
api = data.get('api', {})
|
api = data.get('api', {})
|
||||||
database = data.get('database', {})
|
database = data.get('database', {})
|
||||||
behavior = data.get('behavior', {})
|
behavior = data.get('behavior', {})
|
||||||
analyzer = data.get('analyzer', {})
|
analyzer = data.get('analyzer') or {}
|
||||||
|
|
||||||
# Handle dashboard_secret_path - auto-generate if null/not set
|
# Handle dashboard_secret_path - auto-generate if null/not set
|
||||||
dashboard_path = dashboard.get('secret_path')
|
dashboard_path = dashboard.get('secret_path')
|
||||||
@@ -142,7 +142,7 @@ class Config:
|
|||||||
violated_robots_threshold=analyzer.get('violated_robots_threshold', 0.1),
|
violated_robots_threshold=analyzer.get('violated_robots_threshold', 0.1),
|
||||||
uneven_request_timing_threshold=analyzer.get('uneven_request_timing_threshold', 5),
|
uneven_request_timing_threshold=analyzer.get('uneven_request_timing_threshold', 5),
|
||||||
uneven_request_timing_time_window_seconds=analyzer.get('uneven_request_timing_time_window_seconds', 300),
|
uneven_request_timing_time_window_seconds=analyzer.get('uneven_request_timing_time_window_seconds', 300),
|
||||||
user_agents_used_threshold=analyzer.get('user_agents_used_threshold', 1),
|
user_agents_used_threshold=analyzer.get('user_agents_used_threshold', 2),
|
||||||
attack_urls_threshold=analyzer.get('attack_urls_threshold', 1)
|
attack_urls_threshold=analyzer.get('attack_urls_threshold', 1)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user