-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmiddleware.go
92 lines (74 loc) · 1.46 KB
/
middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package plugin_log4shell
import (
"context"
"net/http"
"strings"
)
// Config the plugin configuration.
type Config struct {
ErrorCode int `json:"errorCode"`
}
// CreateConfig creates the default plugin configuration.
func CreateConfig() *Config {
return &Config{
ErrorCode: http.StatusOK,
}
}
// Log4J a plugin.
type Log4J struct {
next http.Handler
name string
ErrorCode int
}
// New created a new plugin.
func New(_ context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
return &Log4J{
name: name,
next: next,
ErrorCode: config.ErrorCode,
}, nil
}
func (l *Log4J) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
for _, values := range req.Header {
for _, value := range values {
if containsJNDI(value) {
rw.WriteHeader(l.ErrorCode)
return
}
}
}
l.next.ServeHTTP(rw, req)
}
func containsJNDI(value string) bool {
if len(value) < 8 {
return false
}
lower := strings.ToLower(value)
if !strings.Contains(lower, "${") {
return false
}
if strings.Contains(lower, "${jndi") {
return true
}
root := Parse(lower)
for _, node := range root.Value {
if containsJNDINode(node) {
return true
}
}
return false
}
func containsJNDINode(node *Node) bool {
if node.Type != Expression {
return false
}
if strings.Contains(node.Key.String(), "jndi") {
return true
}
for _, k := range node.Key {
if containsJNDINode(k) {
return true
}
}
return false
}