Documentation ¶
Index ¶
- Constants
- Variables
- func GetOnLoadEnv(w *AppsecRuntimeConfig) map[string]interface{}
- func GetOnMatchEnv(w *AppsecRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{}
- func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{}
- func GetPreEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{}
- func GetRuleDebug(id int) bool
- func LoadAppsecRules(hubInstance *cwhub.Hub) error
- func NewCrzLogger(logger *log.Entry) *crzLogger
- func ParseQuery(query string) url.Values
- func SetRuleDebug(id int, debug bool)
- type AppsecCollection
- type AppsecCollectionConfig
- type AppsecConfig
- type AppsecRuntimeConfig
- func (w *AppsecRuntimeConfig) CancelAlert() error
- func (w *AppsecRuntimeConfig) CancelEvent() error
- func (w *AppsecRuntimeConfig) ClearResponse()
- func (w *AppsecRuntimeConfig) DisableInBandRuleByID(id int) error
- func (w *AppsecRuntimeConfig) DisableInBandRuleByName(name string) error
- func (w *AppsecRuntimeConfig) DisableInBandRuleByTag(tag string) error
- func (w *AppsecRuntimeConfig) DisableOutBandRuleByID(id int) error
- func (w *AppsecRuntimeConfig) DisableOutBandRuleByName(name string) error
- func (w *AppsecRuntimeConfig) DisableOutBandRuleByTag(tag string) error
- func (w *AppsecRuntimeConfig) GenerateResponse(response AppsecTempResponse, logger *log.Entry) (int, BodyResponse)
- func (w *AppsecRuntimeConfig) ProcessOnLoadRules() error
- func (w *AppsecRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt types.Event) error
- func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error
- func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error
- func (w *AppsecRuntimeConfig) RemoveInbandRuleByID(id int) error
- func (w *AppsecRuntimeConfig) RemoveInbandRuleByName(name string) error
- func (w *AppsecRuntimeConfig) RemoveInbandRuleByTag(tag string) error
- func (w *AppsecRuntimeConfig) RemoveOutbandRuleByID(id int) error
- func (w *AppsecRuntimeConfig) RemoveOutbandRuleByName(name string) error
- func (w *AppsecRuntimeConfig) RemoveOutbandRuleByTag(tag string) error
- func (w *AppsecRuntimeConfig) SendAlert() error
- func (w *AppsecRuntimeConfig) SendEvent() error
- func (w *AppsecRuntimeConfig) SetAction(action string) error
- func (w *AppsecRuntimeConfig) SetActionByID(id int, action string) error
- func (w *AppsecRuntimeConfig) SetActionByName(name string, action string) error
- func (w *AppsecRuntimeConfig) SetActionByTag(tag string, action string) error
- func (w *AppsecRuntimeConfig) SetHTTPCode(code int) error
- type AppsecSubEngineOpts
- type AppsecTempResponse
- type BodyResponse
- type ExtendedTransaction
- func (t *ExtendedTransaction) AddGetRequestArgument(name string, value string)
- func (t *ExtendedTransaction) AddRequestHeader(name string, value string)
- func (t *ExtendedTransaction) ID() string
- func (t *ExtendedTransaction) Interruption() *types.Interruption
- func (t *ExtendedTransaction) IsInterrupted() bool
- func (t *ExtendedTransaction) IsRuleEngineOff() bool
- func (t *ExtendedTransaction) MatchedRules() []types.MatchedRule
- func (t *ExtendedTransaction) ProcessConnection(client string, cPort int, server string, sPort int)
- func (t *ExtendedTransaction) ProcessLogging()
- func (t *ExtendedTransaction) ProcessRequestBody() (*types.Interruption, error)
- func (t *ExtendedTransaction) ProcessRequestHeaders() *types.Interruption
- func (t *ExtendedTransaction) ProcessURI(uri string, method string, httpVersion string)
- func (t *ExtendedTransaction) RemoveRuleByIDWithError(id int) error
- func (t *ExtendedTransaction) RemoveRuleByTagWithError(tag string) error
- func (t *ExtendedTransaction) SetServerName(name string)
- func (t *ExtendedTransaction) Variables() plugintypes.TransactionVariables
- func (t *ExtendedTransaction) WriteRequestBody(body []byte) (*types.Interruption, int, error)
- type Hook
- type ParsedRequest
- type ReqDumpFilter
- func (r *ReqDumpFilter) FilterArgs(out *ParsedRequest) error
- func (r *ReqDumpFilter) FilterBody(out *ParsedRequest) error
- func (r *ReqDumpFilter) FilterHeaders(out *ParsedRequest) error
- func (r *ReqDumpFilter) GetFilteredRequest() *ParsedRequest
- func (r *ReqDumpFilter) NoFilters() *ReqDumpFilter
- func (r *ReqDumpFilter) ToJSON() error
- func (r *ReqDumpFilter) WithArgsContentFilter(filter string) *ReqDumpFilter
- func (r *ReqDumpFilter) WithArgsNameFilter(filter string) *ReqDumpFilter
- func (r *ReqDumpFilter) WithBody() *ReqDumpFilter
- func (r *ReqDumpFilter) WithEmptyArgsFilters() *ReqDumpFilter
- func (r *ReqDumpFilter) WithEmptyHeadersFilters() *ReqDumpFilter
- func (r *ReqDumpFilter) WithHeaders() *ReqDumpFilter
- func (r *ReqDumpFilter) WithHeadersContentFilter(filter string) *ReqDumpFilter
- func (r *ReqDumpFilter) WithHeadersNameFilter(filter string) *ReqDumpFilter
- func (r *ReqDumpFilter) WithNoBody() *ReqDumpFilter
- func (r *ReqDumpFilter) WithNoHeaders() *ReqDumpFilter
- type RulesDetails
Constants ¶
const ( BanRemediation = "ban" CaptchaRemediation = "captcha" AllowRemediation = "allow" )
const ( URIHeaderName = "X-Crowdsec-Appsec-Uri" VerbHeaderName = "X-Crowdsec-Appsec-Verb" HostHeaderName = "X-Crowdsec-Appsec-Host" IPHeaderName = "X-Crowdsec-Appsec-Ip" APIKeyHeaderName = "X-Crowdsec-Appsec-Api-Key" UserAgentHeaderName = "X-Crowdsec-Appsec-User-Agent" )
Variables ¶
var APPSEC_RULE = "appsec-rule"
var AppsecRulesDetails = make(map[int]RulesDetails)
FIXME: this shouldn't be a global Is using the id is a good idea ? might be too specific to coraza and not easily reusable
var DebugRules map[int]bool = map[int]bool{}
Functions ¶
func GetOnLoadEnv ¶
func GetOnLoadEnv(w *AppsecRuntimeConfig) map[string]interface{}
func GetOnMatchEnv ¶
func GetOnMatchEnv(w *AppsecRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{}
func GetPostEvalEnv ¶
func GetPostEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{}
func GetPreEvalEnv ¶
func GetPreEvalEnv(w *AppsecRuntimeConfig, request *ParsedRequest) map[string]interface{}
func GetRuleDebug ¶
func LoadAppsecRules ¶
func NewCrzLogger ¶
func ParseQuery ¶ added in v1.6.1
parseQuery and parseQuery are copied net/url package, but allow semicolon in values
func SetRuleDebug ¶
Types ¶
type AppsecCollection ¶
type AppsecCollection struct { Rules []string // contains filtered or unexported fields }
func LoadCollection ¶
func LoadCollection(pattern string, logger *log.Entry) ([]AppsecCollection, error)
func (AppsecCollection) String ¶
func (w AppsecCollection) String() string
type AppsecCollectionConfig ¶
type AppsecCollectionConfig struct { Type string `yaml:"type"` Name string `yaml:"name"` Debug bool `yaml:"debug"` Description string `yaml:"description"` SecLangFilesRules []string `yaml:"seclang_files_rules"` SecLangRules []string `yaml:"seclang_rules"` Rules []appsec_rule.CustomRule `yaml:"rules"` Labels map[string]interface{} `yaml:"labels"` //Labels is K:V list aiming at providing context the overflow Data interface{} `yaml:"data"` //Ignore it // contains filtered or unexported fields }
to be filled w/ seb update
type AppsecConfig ¶
type AppsecConfig struct { Name string `yaml:"name"` OutOfBandRules []string `yaml:"outofband_rules"` InBandRules []string `yaml:"inband_rules"` DefaultRemediation string `yaml:"default_remediation"` DefaultPassAction string `yaml:"default_pass_action"` BouncerBlockedHTTPCode int `yaml:"blocked_http_code"` //returned to the bouncer BouncerPassedHTTPCode int `yaml:"passed_http_code"` //returned to the bouncer UserBlockedHTTPCode int `yaml:"user_blocked_http_code"` //returned to the user UserPassedHTTPCode int `yaml:"user_passed_http_code"` //returned to the user OnLoad []Hook `yaml:"on_load"` PreEval []Hook `yaml:"pre_eval"` PostEval []Hook `yaml:"post_eval"` OnMatch []Hook `yaml:"on_match"` VariablesTracking []string `yaml:"variables_tracking"` InbandOptions AppsecSubEngineOpts `yaml:"inband_options"` OutOfBandOptions AppsecSubEngineOpts `yaml:"outofband_options"` LogLevel *log.Level `yaml:"log_level"` Logger *log.Entry `yaml:"-"` }
func (*AppsecConfig) Build ¶
func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error)
func (*AppsecConfig) GetDataDir ¶
func (wc *AppsecConfig) GetDataDir() string
func (*AppsecConfig) Load ¶
func (wc *AppsecConfig) Load(configName string) error
func (*AppsecConfig) LoadByPath ¶
func (wc *AppsecConfig) LoadByPath(file string) error
type AppsecRuntimeConfig ¶
type AppsecRuntimeConfig struct { Name string OutOfBandRules []AppsecCollection InBandRules []AppsecCollection DefaultRemediation string RemediationByTag map[string]string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME RemediationById map[int]string CompiledOnLoad []Hook CompiledPreEval []Hook CompiledPostEval []Hook CompiledOnMatch []Hook CompiledVariablesTracking []*regexp.Regexp Config *AppsecConfig //those are ephemeral, created/destroyed with every req OutOfBandTx ExtendedTransaction //is it a good idea ? InBandTx ExtendedTransaction //is it a good idea ? Response AppsecTempResponse Logger *log.Entry //Set by on_load to ignore some rules on loading DisabledInBandRuleIds []int DisabledInBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME DisabledOutOfBandRuleIds []int DisabledOutOfBandRulesTags []string //Also used for ByName, as the name (for modsec rules) is a tag crowdsec-NAME }
runtime version of AppsecConfig
func (*AppsecRuntimeConfig) CancelAlert ¶
func (w *AppsecRuntimeConfig) CancelAlert() error
func (*AppsecRuntimeConfig) CancelEvent ¶
func (w *AppsecRuntimeConfig) CancelEvent() error
func (*AppsecRuntimeConfig) ClearResponse ¶
func (w *AppsecRuntimeConfig) ClearResponse()
func (*AppsecRuntimeConfig) DisableInBandRuleByID ¶
func (w *AppsecRuntimeConfig) DisableInBandRuleByID(id int) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) DisableInBandRuleByName ¶
func (w *AppsecRuntimeConfig) DisableInBandRuleByName(name string) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) DisableInBandRuleByTag ¶
func (w *AppsecRuntimeConfig) DisableInBandRuleByTag(tag string) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) DisableOutBandRuleByID ¶
func (w *AppsecRuntimeConfig) DisableOutBandRuleByID(id int) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) DisableOutBandRuleByName ¶
func (w *AppsecRuntimeConfig) DisableOutBandRuleByName(name string) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) DisableOutBandRuleByTag ¶
func (w *AppsecRuntimeConfig) DisableOutBandRuleByTag(tag string) error
Disable a rule at load time, meaning it will not run for any request
func (*AppsecRuntimeConfig) GenerateResponse ¶
func (w *AppsecRuntimeConfig) GenerateResponse(response AppsecTempResponse, logger *log.Entry) (int, BodyResponse)
func (*AppsecRuntimeConfig) ProcessOnLoadRules ¶
func (w *AppsecRuntimeConfig) ProcessOnLoadRules() error
func (*AppsecRuntimeConfig) ProcessOnMatchRules ¶
func (w *AppsecRuntimeConfig) ProcessOnMatchRules(request *ParsedRequest, evt types.Event) error
func (*AppsecRuntimeConfig) ProcessPostEvalRules ¶
func (w *AppsecRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error
func (*AppsecRuntimeConfig) ProcessPreEvalRules ¶
func (w *AppsecRuntimeConfig) ProcessPreEvalRules(request *ParsedRequest) error
func (*AppsecRuntimeConfig) RemoveInbandRuleByID ¶
func (w *AppsecRuntimeConfig) RemoveInbandRuleByID(id int) error
func (*AppsecRuntimeConfig) RemoveInbandRuleByName ¶
func (w *AppsecRuntimeConfig) RemoveInbandRuleByName(name string) error
func (*AppsecRuntimeConfig) RemoveInbandRuleByTag ¶
func (w *AppsecRuntimeConfig) RemoveInbandRuleByTag(tag string) error
func (*AppsecRuntimeConfig) RemoveOutbandRuleByID ¶
func (w *AppsecRuntimeConfig) RemoveOutbandRuleByID(id int) error
func (*AppsecRuntimeConfig) RemoveOutbandRuleByName ¶
func (w *AppsecRuntimeConfig) RemoveOutbandRuleByName(name string) error
func (*AppsecRuntimeConfig) RemoveOutbandRuleByTag ¶
func (w *AppsecRuntimeConfig) RemoveOutbandRuleByTag(tag string) error
func (*AppsecRuntimeConfig) SendAlert ¶
func (w *AppsecRuntimeConfig) SendAlert() error
func (*AppsecRuntimeConfig) SendEvent ¶
func (w *AppsecRuntimeConfig) SendEvent() error
func (*AppsecRuntimeConfig) SetAction ¶
func (w *AppsecRuntimeConfig) SetAction(action string) error
func (*AppsecRuntimeConfig) SetActionByID ¶
func (w *AppsecRuntimeConfig) SetActionByID(id int, action string) error
func (*AppsecRuntimeConfig) SetActionByName ¶
func (w *AppsecRuntimeConfig) SetActionByName(name string, action string) error
func (*AppsecRuntimeConfig) SetActionByTag ¶
func (w *AppsecRuntimeConfig) SetActionByTag(tag string, action string) error
func (*AppsecRuntimeConfig) SetHTTPCode ¶
func (w *AppsecRuntimeConfig) SetHTTPCode(code int) error
type AppsecSubEngineOpts ¶
type AppsecTempResponse ¶
type AppsecTempResponse struct { InBandInterrupt bool OutOfBandInterrupt bool Action string //allow, deny, captcha, log UserHTTPResponseCode int //The response code to send to the user BouncerHTTPResponseCode int //The response code to send to the remediation component SendEvent bool //do we send an internal event on rule match SendAlert bool //do we send an alert on rule match }
type BodyResponse ¶
type ExtendedTransaction ¶
type ExtendedTransaction struct {
Tx experimental.FullTransaction
}
func NewExtendedTransaction ¶
func NewExtendedTransaction(engine coraza.WAF, uuid string) ExtendedTransaction
func NewTransaction ¶
func NewTransaction(tx experimental.FullTransaction) ExtendedTransaction
func (*ExtendedTransaction) AddGetRequestArgument ¶
func (t *ExtendedTransaction) AddGetRequestArgument(name string, value string)
func (*ExtendedTransaction) AddRequestHeader ¶
func (t *ExtendedTransaction) AddRequestHeader(name string, value string)
func (*ExtendedTransaction) ID ¶
func (t *ExtendedTransaction) ID() string
func (*ExtendedTransaction) Interruption ¶
func (t *ExtendedTransaction) Interruption() *types.Interruption
func (*ExtendedTransaction) IsInterrupted ¶
func (t *ExtendedTransaction) IsInterrupted() bool
func (*ExtendedTransaction) IsRuleEngineOff ¶
func (t *ExtendedTransaction) IsRuleEngineOff() bool
func (*ExtendedTransaction) MatchedRules ¶
func (t *ExtendedTransaction) MatchedRules() []types.MatchedRule
func (*ExtendedTransaction) ProcessConnection ¶
func (t *ExtendedTransaction) ProcessConnection(client string, cPort int, server string, sPort int)
func (*ExtendedTransaction) ProcessLogging ¶
func (t *ExtendedTransaction) ProcessLogging()
func (*ExtendedTransaction) ProcessRequestBody ¶
func (t *ExtendedTransaction) ProcessRequestBody() (*types.Interruption, error)
func (*ExtendedTransaction) ProcessRequestHeaders ¶
func (t *ExtendedTransaction) ProcessRequestHeaders() *types.Interruption
func (*ExtendedTransaction) ProcessURI ¶
func (t *ExtendedTransaction) ProcessURI(uri string, method string, httpVersion string)
func (*ExtendedTransaction) RemoveRuleByIDWithError ¶
func (t *ExtendedTransaction) RemoveRuleByIDWithError(id int) error
func (*ExtendedTransaction) RemoveRuleByTagWithError ¶
func (t *ExtendedTransaction) RemoveRuleByTagWithError(tag string) error
func (*ExtendedTransaction) SetServerName ¶
func (t *ExtendedTransaction) SetServerName(name string)
func (*ExtendedTransaction) Variables ¶
func (t *ExtendedTransaction) Variables() plugintypes.TransactionVariables
func (*ExtendedTransaction) WriteRequestBody ¶
func (t *ExtendedTransaction) WriteRequestBody(body []byte) (*types.Interruption, int, error)
type Hook ¶
type ParsedRequest ¶
type ParsedRequest struct { RemoteAddr string `json:"remote_addr,omitempty"` Host string `json:"host,omitempty"` ClientIP string `json:"client_ip,omitempty"` URI string `json:"uri,omitempty"` Args url.Values `json:"args,omitempty"` ClientHost string `json:"client_host,omitempty"` Headers http.Header `json:"headers,omitempty"` URL *url.URL `json:"url,omitempty"` Method string `json:"method,omitempty"` Proto string `json:"proto,omitempty"` Body []byte `json:"body,omitempty"` TransferEncoding []string `json:"transfer_encoding,omitempty"` UUID string `json:"uuid,omitempty"` Tx ExtendedTransaction `json:"-"` ResponseChannel chan AppsecTempResponse `json:"-"` IsInBand bool `json:"-"` IsOutBand bool `json:"-"` AppsecEngine string `json:"appsec_engine,omitempty"` RemoteAddrNormalized string `json:"normalized_remote_addr,omitempty"` HTTPRequest *http.Request `json:"-"` }
func NewParsedRequestFromRequest ¶
Generate a ParsedRequest from a http.Request. ParsedRequest can be consumed by the App security Engine
func (*ParsedRequest) DumpRequest ¶
func (r *ParsedRequest) DumpRequest(params ...any) *ReqDumpFilter
type ReqDumpFilter ¶
type ReqDumpFilter struct { HeadersContentFilters []string HeadersNameFilters []string HeadersDrop bool BodyDrop bool ArgsContentFilters []string ArgsNameFilters []string ArgsDrop bool // contains filtered or unexported fields }
func (*ReqDumpFilter) FilterArgs ¶
func (r *ReqDumpFilter) FilterArgs(out *ParsedRequest) error
func (*ReqDumpFilter) FilterBody ¶
func (r *ReqDumpFilter) FilterBody(out *ParsedRequest) error
func (*ReqDumpFilter) FilterHeaders ¶
func (r *ReqDumpFilter) FilterHeaders(out *ParsedRequest) error
func (*ReqDumpFilter) GetFilteredRequest ¶
func (r *ReqDumpFilter) GetFilteredRequest() *ParsedRequest
func (*ReqDumpFilter) ToJSON ¶
func (r *ReqDumpFilter) ToJSON() error
func (*ReqDumpFilter) WithArgsContentFilter ¶
func (r *ReqDumpFilter) WithArgsContentFilter(filter string) *ReqDumpFilter
func (*ReqDumpFilter) WithArgsNameFilter ¶
func (r *ReqDumpFilter) WithArgsNameFilter(filter string) *ReqDumpFilter
func (*ReqDumpFilter) WithBody ¶
func (r *ReqDumpFilter) WithBody() *ReqDumpFilter
func (*ReqDumpFilter) WithEmptyArgsFilters ¶
func (r *ReqDumpFilter) WithEmptyArgsFilters() *ReqDumpFilter
func (*ReqDumpFilter) WithEmptyHeadersFilters ¶
func (r *ReqDumpFilter) WithEmptyHeadersFilters() *ReqDumpFilter
func (*ReqDumpFilter) WithHeaders ¶
func (r *ReqDumpFilter) WithHeaders() *ReqDumpFilter
func (*ReqDumpFilter) WithHeadersContentFilter ¶
func (r *ReqDumpFilter) WithHeadersContentFilter(filter string) *ReqDumpFilter
func (*ReqDumpFilter) WithHeadersNameFilter ¶
func (r *ReqDumpFilter) WithHeadersNameFilter(filter string) *ReqDumpFilter
func (*ReqDumpFilter) WithNoBody ¶
func (r *ReqDumpFilter) WithNoBody() *ReqDumpFilter
func (*ReqDumpFilter) WithNoHeaders ¶
func (r *ReqDumpFilter) WithNoHeaders() *ReqDumpFilter