Active check attacks can configure the attack HTTP request timeouts
Problem
Certain timing attacks will require long response times, and will therefore require the ability to increase the attack HTTP request timeout.
Proposal
- Timing attacks can define a HTTP request timeout in the YAML definition
- The timeout value is parsed, and made available to the attack
- When the timing attack sends an attack HTTP request, the timeout should be used
- The attack timeout should take precedence over the default attack timeout
- The attack timeout should take precedence over any user-specified timeout (see user sets default attack timeout
- Suggested YAML for setting the timeout:
timing_attack: attack_request_timeout: "15s"
Implementation plan
-
Parser can parse the timing attack attack_request_timeout
value -
TimingAttack is injected with the appropriate timeout - Alternatively, the TimingAttack is injected with an implementation of
WebServerGateway
that has the timeout applied
- Alternatively, the TimingAttack is injected with an implementation of
-
When the timing attack sends an attack request, the timeout is included in the call -
The HTTPClientWebServerGateway
uses the timeout in thehttp.Client