Documentation ¶
Overview ¶
Package variables contains the representation of the variables used in the rules Variables are created as bytes and they have a string representation
Copyright 2022 Juan Pablo Tosso ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RuleVariable ¶
type RuleVariable byte
RuleVariable is used to identify information from a transaction
const ( // Unknown is used as placeholder for errors Unknown RuleVariable = iota // ResponseContentType is the content type of the response ResponseContentType // UniqueID is the unique id of the transaction UniqueID // ArgsCombinedSize is the combined size of the arguments ArgsCombinedSize // AuthType is the authentication type AuthType // FilesCombinedSize is the combined size of the uploaded files FilesCombinedSize // FullRequest is the full request FullRequest // FullRequestLength is the length of the full request FullRequestLength // InboundDataError represents errors for inbound data InboundDataError // MatchedVar is the value of the matched variable MatchedVar // MatchedVarName is the name of the matched variable MatchedVarName // MultipartBoundaryQuoted kept for compatibility MultipartBoundaryQuoted // MultipartBoundaryWhitespace kept for compatibility MultipartBoundaryWhitespace // MultipartCrlfLfLines kept for compatibility MultipartCrlfLfLines // MultipartDataAfter kept for compatibility MultipartDataAfter // MultipartDataBefore kept for compatibility MultipartDataBefore // MultipartFileLimitExceeded kept for compatibility MultipartFileLimitExceeded // MultipartHeaderFolding kept for compatibility MultipartHeaderFolding // MultipartInvalidHeaderFolding kept for compatibility MultipartInvalidHeaderFolding // MultipartInvalidPart kept for compatibility MultipartInvalidPart // MultipartInvalidQuoting kept for compatibility MultipartInvalidQuoting // MultipartLfLine kept for compatibility MultipartLfLine // MultipartMissingSemicolon kept for compatibility MultipartMissingSemicolon // MultipartStrictError kept for compatibility MultipartStrictError // MultipartUnmatchedBoundary kept for compatibility MultipartUnmatchedBoundary // OutboundDataError will be set to 1 when the response body size // is above the setting configured by SecResponseBodyLimit OutboundDataError // PathInfo is kept for compatibility PathInfo // QueryString contains the raw query string part of a request URI QueryString // RemoteAddr is the remote address of the connection RemoteAddr // RemoteHost is the remote host of the connection, not implemented RemoteHost // RemotePort is the remote port of the connection RemotePort // ReqbodyError contains the status of the request body processor used // for request body parsing, 0 means no error, 1 means error ReqbodyError // ReqbodyErrorMsg contains the error message of the request body processor error ReqbodyErrorMsg // ReqbodyProcessorError is the same as ReqbodyErrr ? ReqbodyProcessorError // ReqbodyProcessorErrorMsg is the same as ReqbodyErrorMsg ? ReqbodyProcessorErrorMsg // ReqbodyProcessor contains the name of the request body processor used, default // ones are: URLENCODED, MULTIPART, and XML. They can be extended using plugins. ReqbodyProcessor // RequestBasename contains the name after the last slash in the request URI // It does not pass through any anti-evasion, use with transformations RequestBasename // RequestBody contains the full request body, it will only be available // For urlencoded requests. It is possible to force it's presence by using // the ctl:forceRequestBodyVariable action RequestBody // RequestBodyLength contains the length of the request body in bytes calculated from // the BodyBuffer, not from the content-type header RequestBodyLength // RequestFilename holds the relative request URL without the query string part. // Anti-evasion transformations are not used by default RequestFilename // RequestLine This variable holds the complete request line sent to the server // (including the request method and HTTP version information). RequestLine // RequestMethod is the request method RequestMethod // RequestProtocol is the protocol used in the request RequestProtocol // RequestURI holds the full request URL including the query string data without // the domain name RequestURI // RequestURIRaw is the same as RequestURI but with the domain name in case // it was provided in the request line RequestURIRaw // ResponseBody contains the full response body, it will only be available if // responseBodyAccess is set to on and the response mime matches the configured // processable mime types ResponseBody // ResponseContentLength contains the length of the response body in bytes calculated from // the BodyBuffer, not from the content-type header ResponseContentLength // ResponseProtocol is the protocol used in the response ResponseProtocol // ResponseStatus is the status code of the response ResponseStatus // ServerAddr is the address of the server ServerAddr // ServerName is the name of the server ServerName // ServerPort is the port of the server ServerPort // Sessionid is not supported Sessionid // HighestSeverity is the highest severity from all matched rules HighestSeverity // StatusLine is the status line of the response, including the request method // and HTTP version information StatusLine // InboundErrorData will be set to 1 when the request body size // is above the setting configured by SecRequesteBodyLimit InboundErrorData // Duration contains the time in miliseconds from // the beginning of the transaction until this point Duration // ResponseHeadersNames contains the names of the response headers ResponseHeadersNames // RequestHeadersNames contains the names of the request headers RequestHeadersNames // Userid is not supported Userid // Args contains copies of ArgsGet and ArgsPost Args // ArgsGet contains the GET (URL) arguments ArgsGet // ArgsPost contains the POST (BODY) arguments ArgsPost // FilesSizes contains the sizes of the uploaded files FilesSizes // FilesNames contains the names of the uploaded files FilesNames // FilesTmpContent is not supported FilesTmpContent // MultipartFilename contains the multipart data from field FILENAME MultipartFilename // MultipartName contains the multipart data from field NAME. MultipartName // MatchedVarsNames is similar to MATCHED_VAR_NAME except that it is // a collection of all matches for the current operator check. MatchedVarsNames // MatchedVars is similar to MATCHED_VAR except that it is a collection // of all matches for the current operator check MatchedVars // Files contains a collection of original file names // (as they were called on the remote user’s filesys- tem). // Available only on inspected multipart/form-data requests. Files // RequestCookies is a collection of all of request cookies (values only RequestCookies // RequestHeaders can be used as either a collection of all of the request // headers or can be used to inspect selected headers RequestHeaders // ResponseHeaders can be used as either a collection of all of the response // headers or can be used to inspect selected headers ResponseHeaders // Geo contains the location information of the client Geo // RequestCookiesNames contains the names of the request cookies RequestCookiesNames // FilesTmpNames contains the names of the uploaded temporal files FilesTmpNames // ArgsNames contains the names of the arguments (POST and GET) ArgsNames // ArgsGetNames contains the names of the GET arguments ArgsGetNames // ArgsPostNames contains the names of the POST arguments ArgsPostNames // TX contains transaction specific variables created with setvar TX // Rule contains rule metadata Rule // XML provides minimal XPATH support XML // JSON does not provide any data, might be removed JSON // Env contains the process environment variables Env // IP is kept for compatibility IP // UrlencodedError equals 1 if we failed to parse de URL // It applies for URL query part and urlencoded post body UrlencodedError )
func Parse ¶
func Parse(v string) (RuleVariable, error)
Parse returns the byte interpretation of a variable from a string Returns error if there is no representation
func (RuleVariable) Name ¶
func (v RuleVariable) Name() string
Name transforms a VARIABLE representation into a string, it's used for audit and logging