threat

Documentation

Overview

Package threat implements functionality for handling threat data and analyzing requests for threats.

Index

• Variables
• func Get() error
• func IsUpdated() (bool, error)
• type Threat
  • func List() []Threat
  • func (t Threat) Filename(full bool) (string, error)
  • func (t Threat) String() string

Variables

var (
	DbURL = fmt.Sprintf("%s/raw/master/db/db.tar.zst", repoURL)
)

Functions

func Get

func Get() error

Get retrieves all the teler threat datasets.

It returns an error if there was an issue when retrieving the datasets.

func IsUpdated

func IsUpdated() (bool, error)

IsUpdated checks if the threat datasets are up-to-date. It returns a boolean value indicating whether the datasets are updated or not, and an error if there was an issue when checking the datasets' last modified date.

Types

type Threat

type Threat int8

Threat represents the different types of threats that can be excluded from analysis.

The Threat type is used to specify which types of threats should be excluded when analyzing a request for threats. It can be one of the following values:

• CommonWebAttack: covers common web-based attacks such as cross-site scripting (XSS) and SQL injection.
• CVE: covers known vulnerabilities and exploits, as specified by the Common Vulnerabilities and Exposures (CVE) database.
• BadIPAddress: covers requests from known bad IP addresses, such as those associated with known malicious actors or botnets.
• BadReferrer: covers requests with a bad HTTP referrer, such as those that are not expected based on the application's URL structure or are known to be associated with malicious actors.
• BadCrawler: covers requests from known bad crawlers or scrapers, such as those that are known to cause performance issues or attempt to extract sensitive information from the application.
• DirectoryBruteforce: covers requests that attempt to brute-force access to directories on the server, such as by trying common directory names or using dictionary attacks.

const (
	// Undefined threat type didn't covers anything
	Undefined Threat = iota - 1

	// Custom threat type is a custom threat that doesn't fit into any of the other defined categories.
	Custom

	// CommonWebAttack threat type covers common web-based attacks such as cross-site scripting (XSS) and SQL injection.
	CommonWebAttack

	// CVE threat type covers known vulnerabilities and exploits, as specified by the Common Vulnerabilities and Exposures (CVE) database.
	CVE

	// BadIPAddress threat type covers requests from known bad IP addresses, such as those associated with known malicious actors or botnets.
	BadIPAddress

	// BadReferrer threat type covers requests with a bad HTTP referrer, such as those that are not expected based on the application's URL structure or are known to be associated with malicious actors.
	BadReferrer

	// BadCrawler threat type covers requests from known bad crawlers or scrapers, such as those that are known to cause performance issues or attempt to extract sensitive information from the application.
	BadCrawler

	// DirectoryBruteforce threat type covers requests that attempt to brute-force access to directories on the server, such as by trying common directory names or using dictionary attacks.
	DirectoryBruteforce
)

func List

func List() []Threat

List returns a slice of all Threat type categories

func (Threat) Filename

func (t Threat) Filename(full bool) (string, error)

Filename returns the file name representation of a Threat value

If `full` is true, it returns the `full` file path by calling the location function and joining it with the corresponding file name. If `full` is false, it returns only the file name without the path. It returns an error if `full` is true but the location function returns an error or if the corresponding file name cannot be found for the Threat value.

func (Threat) String

func (t Threat) String() string

String returns the string representation of a Threat value