seclang

package
v3.0.0-...-77fdc67 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 4, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseRule

func ParseRule(options RuleOptions) (*corazawaf.Rule, error)

ParseRule parses a rule from a string The string must match the seclang format In case WithOperator is false, the rule will be parsed without operator This function is created for external plugins directives

Types

type DirectiveOptions

type DirectiveOptions struct {
	WAF      *corazawaf.WAF
	Raw      string
	Opts     string
	Path     []string
	Datasets map[string][]string

	// Parser is configuration of the parser, populated by multiple directives and consumed by
	// directives that parse.
	Parser ParserConfig
}

DirectiveOptions contains the parsed options for a directive. It is mutable and propagated across multiple directives, to support collecting the options for audit logs for example. TODO(anuraaga): Propagation of config probably should be separated from a directive's options.

type Parser

type Parser struct {
	// contains filtered or unexported fields
}

Parser provides functions to evaluate (compile) SecLang directives

func NewParser

func NewParser(waf *corazawaf.WAF) *Parser

NewParser creates a new parser from a WAF instance Rules and settings will be inserted into the WAF rule container (RuleGroup).

func (*Parser) FromFile

func (p *Parser) FromFile(profilePath string) error

FromFile imports directives from a file It will return error if any directive fails to parse or the file does not exist. If the path contains a *, it will be expanded to all files in the directory matching the pattern

func (*Parser) FromString

func (p *Parser) FromString(data string) error

FromString imports directives from a string It will return error if any directive fails to parse or arguments are invalid

func (*Parser) SetRoot

func (p *Parser) SetRoot(root fs.FS)

SetRoot sets the root of the filesystem for resolving paths. If not set, the OS's filesystem is used. Some use cases for setting a root are

- os.DirFS to set a path to resolve relative paths from. - embed.FS to read rules from an embedded filesystem. - zip.Reader to read rules from a zip file.

type ParserConfig

type ParserConfig struct {
	DisabledRuleActions         []string
	DisabledRuleOperators       []string
	RuleDefaultActions          []string
	HasRuleDefaultActions       bool
	IgnoreRuleCompilationErrors bool
	LastLine                    int
	ConfigFile                  string
	ConfigDir                   string
	Root                        fs.FS
	WorkingDir                  string
}

type RuleOptions

type RuleOptions struct {
	WithOperator bool
	WAF          *corazawaf.WAF
	ParserConfig ParserConfig
	Raw          string
	Directive    string
	Data         string
	Datasets     map[string][]string
}

RuleOptions contains the options used to compile a rule

type RuleParser

type RuleParser struct {
	// contains filtered or unexported fields
}

RuleParser is used to programatically create new rules using seclang formatted strings

func (*RuleParser) ParseActions

func (rp *RuleParser) ParseActions(actions string) error

ParseActions parses a comma separated list of actions:arguments Arguments can be wrapper inside quotes

func (*RuleParser) ParseDefaultActions

func (rp *RuleParser) ParseDefaultActions(actions string) error

ParseDefaultActions parses a list of actions separated by a comma and assigns it to the specified phase. Default Actions MUST contain a phase Only one phase can be specified per WAF instance A disruptive action is required to be specified Each rule on the indicated phase will inherit the previously declared actions If the user overwrites the default actions, the default actions will be overwritten

func (*RuleParser) ParseOperator

func (rp *RuleParser) ParseOperator(operator string) error

ParseOperator parses a seclang formatted operator string A operator must begin with @ (like @rx), if no operator is specified, rx will be used. Everything after the operator will be used as operator argument

func (*RuleParser) ParseVariables

func (rp *RuleParser) ParseVariables(vars string) error

ParseVariables parses variables from a string and transforms it into variables, variable negations and variable counters. Multiple separated variables: VARIABLE1|VARIABLE2|VARIABLE3 Variable count: &VARIABLE1 Variable key negation: REQUEST_HEADERS|!REQUEST_HEADERS:user-agent

func (*RuleParser) Rule

func (rp *RuleParser) Rule() *corazawaf.Rule

Rule returns the compiled rule

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL