Skip to content

Add new rule for Slowloris Attack #809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 30, 2022
Merged

Add new rule for Slowloris Attack #809

merged 3 commits into from
Apr 30, 2022

Conversation

yunwei37
Copy link
Contributor

@yunwei37 yunwei37 commented Apr 29, 2022
edited
Loading

fix #807

Hi! This PR add a new rule to detect if ReadHeaderTimeout is configured in the http.Server. If it's not configured, an issue will be reported.

The rule is mapped to CWE-400: Uncontrolled Resource Consumption, I've used google to search "cwe Slowloris Attack", and it came out this....I'm new to the CWE set so I'm not quite sure about that.

houndci-bot
houndci-bot reviewed Apr 29, 2022
View reviewed changes
@ccojocar
Copy link
Member

@yunwei37 Thanks for this contribution! Please could you fix the lint warning?

yunwei37 added 3 commits April 29, 2022 05:58
@yunwei37
Add rule for Slowloris Attack
c9f4364 
This patch detects if ReadHeaderTimeout is configured in the http.Server
to  prevent a potential Slowloris Attack.
@yunwei37
add test for slowloris check rule
82c26b3
@yunwei37
Add G112 in README.md Available rules
c415680
@yunwei37
Copy link
Contributor Author

@ccojocar Thank you very much for the review! The lint warning should be fixed now.

@codecov-commenter
Copy link

Codecov Report

Merging #809 (c415680) into master (a64cde5) will increase coverage by 0.16%.
The diff coverage is 90.62%.

@@            Coverage Diff             @@
##           master     #809      +/-   ##
==========================================
+ Coverage   74.20%   74.37%   +0.16%     
==========================================
  Files          48       49       +1     
  Lines        3059     3091      +32     
==========================================
+ Hits         2270     2299      +29     
- Misses        725      727       +2     
- Partials       64       65       +1
Impacted Files Coverage Δ
cwe/data.go 90.00% <ø> (ø)
issue.go 76.92% <ø> (ø)
rules/slowloris.go 90.32% <90.32%> (ø)
rules/rulelist.go 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a64cde5...c415680. Read the comment docs.

@ccojocar ccojocar merged commit 34d144b into securego:master Apr 30, 2022
@dfarrell07 dfarrell07 mentioned this pull request Aug 3, 2022
Closed
@thaJeztah thaJeztah mentioned this pull request Sep 4, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccojocar ccojocar ccojocar approved these changes

+1 more reviewer

@houndci-bot houndci-bot houndci-bot left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a rule for Slowloris Attack
4 participants
@yunwei37 @ccojocar @codecov-commenter @houndci-bot