Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type DirectiveOptions ¶
type DirectiveOptions struct { WAF *corazawaf.WAF Raw string Opts string Path []string Datasets map[string][]string // Parser is configuration of the parser, populated by multiple directives and consumed by // directives that parse. Parser ParserConfig }
DirectiveOptions contains the parsed options for a directive. It is mutable and propagated across multiple directives, to support collecting the options for audit logs for example. TODO(anuraaga): Propagation of config probably should be separated from a directive's options.
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser provides functions to evaluate (compile) SecLang directives
func NewParser ¶
NewParser creates a new parser from a WAF instance Rules and settings will be inserted into the WAF rule container (RuleGroup).
func (*Parser) FromFile ¶
FromFile imports directives from a file It will return error if any directive fails to parse or the file does not exist. If the path contains a *, it will be expanded to all files in the directory matching the pattern. It will return an error if there are no files matching the pattern.
func (*Parser) FromString ¶
FromString imports directives from a string It will return error if any directive fails to parse or arguments are invalid
func (*Parser) SetRoot ¶
SetRoot sets the root of the filesystem for resolving paths. If not set, the OS's filesystem is used. Some use cases for setting a root are
- os.DirFS to set a path to resolve relative paths from. - embed.FS to read rules from an embedded filesystem. - zip.Reader to read rules from a zip file.
type ParserConfig ¶
type RuleOptions ¶
type RuleOptions struct { WithOperator bool WAF *corazawaf.WAF ParserConfig ParserConfig Raw string Directive string Data string Datasets map[string][]string }
RuleOptions contains the options used to compile a rule
type RuleParser ¶
type RuleParser struct {
// contains filtered or unexported fields
}
RuleParser is used to programatically create new rules using seclang formatted strings
func (*RuleParser) ParseActions ¶
func (rp *RuleParser) ParseActions(actions string) error
ParseActions parses a comma separated list of actions:arguments Arguments can be wrapper inside quotes
func (*RuleParser) ParseDefaultActions ¶
func (rp *RuleParser) ParseDefaultActions(actions string) error
ParseDefaultActions parses a list of actions separated by a comma and assigns it to the specified phase. Default Actions MUST contain a phase Only one phase can be specified per WAF instance A disruptive action is required to be specified Each rule on the indicated phase will inherit the previously declared actions If the user overwrites the default actions, the default actions will be overwritten
func (*RuleParser) ParseOperator ¶
func (rp *RuleParser) ParseOperator(operator string) error
ParseOperator parses a seclang formatted operator string A operator must begin with @ (like @rx), if no operator is specified, rx will be used. Everything after the operator will be used as operator argument
func (*RuleParser) ParseVariables ¶
func (rp *RuleParser) ParseVariables(vars string) error
ParseVariables parses variables from a string and transforms it into variables, variable negations and variable counters. Multiple separated variables: VARIABLE1|VARIABLE2|VARIABLE3 Variable count: &VARIABLE1 Variable key negation: REQUEST_HEADERS|!REQUEST_HEADERS:user-agent
func (*RuleParser) Rule ¶
func (rp *RuleParser) Rule() *corazawaf.Rule
Rule returns the compiled rule