Documentation
¶
Index ¶
Constants ¶
View Source
const DefaultSOCKS5SignatureCacheSize = 1024
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultSignatureConfig ¶ added in v1.3.0
type DefaultSignatureConfig struct {
SOCKS5DetectedSignatureEnabled bool `json:"SOCKS5DetectedSignatureEnabled"`
SOCKS5DetectedSignatureConfig SOCKS5DetectionSignatureConfig `json:"SOCKS5DetectedSignatureConfig"`
GitCloneDetectedSignatureEnabled bool `json:"GitCloneSignatureEnabled"`
GitCloneDetectedSignatureConfig GitCloneSignatureConfig `json:"GitCloneSignatureConfig"`
}
type Event ¶ added in v1.35.0
type Event struct {
EbpfEvent *types.Event
SignatureEvent *castpb.SignatureEvent
}
Event is final signature event with finding.
type GitCloneDetected ¶ added in v1.36.0
type GitCloneDetected struct {
// contains filtered or unexported fields
}
func NewGitCloneDetectedSignature ¶ added in v1.36.0
func NewGitCloneDetectedSignature(log *logging.Logger, cfg GitCloneSignatureConfig) *GitCloneDetected
func (*GitCloneDetected) GetMetadata ¶ added in v1.36.0
func (*GitCloneDetected) GetMetadata() SignatureMetadata
func (*GitCloneDetected) OnEvent ¶ added in v1.36.0
func (s *GitCloneDetected) OnEvent(event *types.Event) *v1.SignatureFinding
type GitCloneSignatureConfig ¶ added in v1.36.1
type GitCloneSignatureConfig struct {
RedactPasswords bool
}
type SOCKS5Detected ¶ added in v1.5.0
type SOCKS5Detected struct {
// contains filtered or unexported fields
}
func (*SOCKS5Detected) GetMetadata ¶ added in v1.5.0
func (*SOCKS5Detected) GetMetadata() SignatureMetadata
func (*SOCKS5Detected) OnEvent ¶ added in v1.5.0
func (s *SOCKS5Detected) OnEvent(event *types.Event) *v1.SignatureFinding
type SOCKS5DetectionSignatureConfig ¶ added in v1.5.0
type SOCKS5DetectionSignatureConfig struct {
CacheSize uint32
}
type SOCKS5DetectionState ¶ added in v1.5.0
type SOCKS5DetectionState uint8
const ( SOCKS5Unknown SOCKS5DetectionState = iota SOCKS5InitialClientRequestReceived SOCKS5InitialClientRequestSend SOCKS5InitialServerResponseSend SOCKS5InitialServerResponseReceived )
type Signature ¶
type Signature interface {
GetMetadata() SignatureMetadata
OnEvent(event *types.Event) *castpb.SignatureFinding
}
func DefaultSignatures ¶
func DefaultSignatures(log *logging.Logger, cfg SignatureEngineConfig) ([]Signature, error)
func NewSOCKS5DetectedSignature ¶ added in v1.5.0
func NewSOCKS5DetectedSignature(log *logging.Logger, cfg SOCKS5DetectionSignatureConfig) (Signature, error)
type SignatureEngine ¶
type SignatureEngine struct {
// contains filtered or unexported fields
}
func NewEngine ¶
func NewEngine(signatures []Signature, log *logging.Logger, cfg SignatureEngineConfig) *SignatureEngine
func (*SignatureEngine) EventInput ¶
func (e *SignatureEngine) EventInput() chan<- *types.Event
func (*SignatureEngine) Events ¶
func (e *SignatureEngine) Events() <-chan Event
func (*SignatureEngine) QueueEvent ¶
func (e *SignatureEngine) QueueEvent(event *types.Event)
func (*SignatureEngine) TargetEvents ¶
func (e *SignatureEngine) TargetEvents() []events.ID
type SignatureEngineConfig ¶
type SignatureEngineConfig struct {
InputChanSize int `validate:"required" json:"inputChanSize"`
OutputChanSize int `validate:"required" json:"outputChanSize"`
DefaultSignatureConfig DefaultSignatureConfig `json:"default_signature_config"`
}
type SignatureMetadata ¶
Source Files
Click to show internal directories.
Click to hide internal directories.