48 lines
1.0 KiB
YAML
48 lines
1.0 KiB
YAML
id: linkerd-badrule-detect
|
|
|
|
info:
|
|
name: Linkerd detection via bad rule
|
|
author: dudez
|
|
severity: info
|
|
reference:
|
|
- https://linkerd.io
|
|
metadata:
|
|
max-request: 1
|
|
tags: tech,linkerd
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
headers:
|
|
l5d-dtab: /svc/*
|
|
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: regex
|
|
name: via-linkerd-present
|
|
regex:
|
|
- '(?mi)^Via\s*?:.*?linkerd.*$'
|
|
part: header
|
|
|
|
- type: regex
|
|
name: l5d-err-present
|
|
regex:
|
|
- '(?mi)^l5d-err:.*$'
|
|
part: header
|
|
|
|
- type: regex
|
|
name: l5d-success-class-present
|
|
regex:
|
|
- '(?mi)^l5d-success-class: 0.*$'
|
|
part: header
|
|
|
|
- type: word
|
|
name: body-error-present
|
|
words:
|
|
- 'expected but end of input found at'
|
|
part: body
|
|
|
|
# digest: 4a0a004730450220711a7316d8285590ed7b528beaf9885333c7690a3425e13ddbd7c18976c9871b022100f8c8ae75135a62963d28a570d44a3e3d59e12ec260098fac55084c11f55d55c0:922c64590222798bb761d5b6d8e72950
|