Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Load ¶ added in v1.3.0
Load loads libddwaf's dynamic library. The dynamic library is opened only once by the first call to this function and internally stored globally, and no function is currently provided in this API to close the opened handle. Calling this function is not mandatory and is automatically performed by calls to NewHandle, the entrypoint of libddwaf, but Load is useful in order to explicitly check libddwaf's general health where calling NewHandle doesn't necessarily apply nor is doable. The function returns ok when libddwaf was successfully loaded, along with a non-nil error if any. Note that both ok and err can be set, meaning that libddwaf is usable but some non-critical errors happened, such as failures to remove temporary files. It is safe to continue using libddwaf in such case.
func SupportsTarget ¶ added in v1.4.0
SupportsTarget returns true and a nil error when the target host environment is supported by this package and can be further used. Otherwise, it returns false along with an error detailing why.
Types ¶
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
Context is a WAF execution context. It allows running the WAF incrementally when calling it multiple times to run its rules every time new addresses become available. Each request must have its own Context.
func NewContext ¶
NewContext returns a new WAF context of to the given WAF handle. A nil value is returned when the WAF handle was released or when the WAF context couldn't be created. handle. A nil value is returned when the WAF handle can no longer be used or the WAF context couldn't be created.
func (*Context) Close ¶
func (context *Context) Close()
Close calls handle.closeContext which calls ddwaf_context_destroy and maybe also close the handle if it in termination state.
func (*Context) Run ¶
func (context *Context) Run(addressesToData map[string]any, timeout time.Duration) (matches []byte, actions []string, err error)
Run encodes the given addressesToData values and runs them against the WAF rules within the given timeout value. It returns the matches as a JSON string (usually opaquely used) along with the corresponding actions in any. In case of an error, matches and actions can still be returned, for instance in the case of a timeout error. Errors can be tested against the RunError type.
func (*Context) TotalRuntime ¶
TotalRuntime returns the cumulated WAF runtime across various run calls within the same WAF context. Returned time is in nanoseconds.
func (*Context) TotalTimeouts ¶
TotalTimeouts returns the cumulated amount of WAF timeouts across various run calls within the same WAF context.
type Handle ¶
type Handle struct {
// contains filtered or unexported fields
}
Handle represents an instance of the WAF for a given ruleset.
func NewHandle ¶
NewHandle creates and returns a new instance of the WAF with the given security rules and configuration of the sensitive data obfuscator. The returned handle is nil in case of an error. Rules-related metrics, including errors, are accessible with the `RulesetInfo()` method.
func (*Handle) Close ¶
func (handle *Handle) Close()
Close puts the handle in termination state, when all the contexts are closed the handle will be destroyed
func (*Handle) RulesetInfo ¶
func (handle *Handle) RulesetInfo() RulesetInfo
RulesetInfo returns the rules initialization metrics for the current WAF handle
type PanicError ¶ added in v1.3.0
type PanicError struct { // The recovered panic error while executing the function `in`. Err error // contains filtered or unexported fields }
PanicError is an error type wrapping a recovered panic value that happened during a function call. Such error must be considered unrecoverable and be used to try to gracefully abort. Keeping using this package after such an error is unreliable and the caller must rather stop using the library. Examples include safety checks errors.
func (*PanicError) Error ¶ added in v1.3.0
func (e *PanicError) Error() string
Error returns the error string representation.
func (*PanicError) Unwrap ¶ added in v1.3.0
func (e *PanicError) Unwrap() error
Unwrap the error and return it. Required by errors.Is and errors.As functions.
type RulesetInfo ¶
type RulesetInfo struct { // Number of rules successfully loaded Loaded uint16 // Number of rules which failed to parse Failed uint16 // Map from an error string to an array of all the rule ids for which // that error was raised. {error: [rule_ids]} Errors map[string][]string // Ruleset version Version string }
RulesetInfo stores the information - provided by the WAF - about WAF rules initialization.
type RunError ¶
type RunError int
RunError the WAF can return when running it.
type UnsupportedTargetError ¶ added in v1.3.0
type UnsupportedTargetError struct {
// contains filtered or unexported fields
}
UnsupportedTargetError is a wrapper error type helping to handle the error case of trying to execute this package on an unsupported target environment.
func (*UnsupportedTargetError) Unwrap ¶ added in v1.3.0
func (e *UnsupportedTargetError) Unwrap() error
Unwrap the error and return it. Required by errors.Is and errors.As functions.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package include is required to help go tools support vendoring.
|
Package include is required to help go tools support vendoring. |
internal
|
|
noopfree
Package noopfree provides a noop-ed free function.
|
Package noopfree provides a noop-ed free function. |
lib
|
|
darwin-amd64
Package vendor is required to help go tools support vendoring.
|
Package vendor is required to help go tools support vendoring. |
darwin-arm64
Package vendor is required to help go tools support vendoring.
|
Package vendor is required to help go tools support vendoring. |
linux-amd64
Package vendor is required to help go tools support vendoring.
|
Package vendor is required to help go tools support vendoring. |
linux-arm64
Package vendor is required to help go tools support vendoring.
|
Package vendor is required to help go tools support vendoring. |