appsecacquisition

package
v1.6.4-rc4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: MIT Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source
const (
	InBand    = "inband"
	OutOfBand = "outofband"
)

Variables

View Source
var AppsecBlockCounter = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_block_total",
		Help: "Total events blocked by the Application Security Engine.",
	},
	[]string{"source", "appsec_engine"},
)
View Source
var AppsecGlobalParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the Application Security Engine.",
		Name:    "cs_appsec_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)
View Source
var AppsecInbandParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the inband Application Security Engine.",
		Name:    "cs_appsec_inband_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)
View Source
var AppsecOutbandParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the Application Security Engine.",
		Name:    "cs_appsec_outband_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)
View Source
var AppsecReqCounter = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_reqs_total",
		Help: "Total events processed by the Application Security Engine.",
	},
	[]string{"source", "appsec_engine"},
)
View Source
var AppsecRuleHits = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_rule_hits",
		Help: "Count of triggered rule, by rule_name, type (inband/outofband), appsec_engine and source",
	},
	[]string{"rule_name", "type", "appsec_engine", "source"},
)
View Source
var DefaultAuthCacheDuration = (1 * time.Minute)

Functions

func AppsecEventGeneration

func AppsecEventGeneration(inEvt types.Event, request *http.Request) (*types.Event, error)

func AppsecEventGenerationGeoIPEnrich

func AppsecEventGenerationGeoIPEnrich(src *models.Source) error

func EventFromRequest

func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error)

func LogAppsecEvent

func LogAppsecEvent(evt *types.Event, logger *log.Entry)

func RegisterRX

func RegisterRX()

RegisterRX registers the rx operator using a WASI implementation instead of Go.

Types

type AppsecRunner

type AppsecRunner struct {
	UUID                string
	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
	AppsecInbandEngine  coraza.WAF
	AppsecOutbandEngine coraza.WAF
	Labels              map[string]string
	// contains filtered or unexported fields
}

that's the runtime structure of the Application security engine as seen from the acquis

func (*AppsecRunner) AccumulateTxToEvent

func (r *AppsecRunner) AccumulateTxToEvent(evt *types.Event, req *appsec.ParsedRequest) error

func (*AppsecRunner) Init

func (r *AppsecRunner) Init(datadir string) error

func (*AppsecRunner) MergeDedupRules

func (r *AppsecRunner) MergeDedupRules(collections []appsec.AppsecCollection, logger *log.Entry) string

func (*AppsecRunner) ProcessInBandRules

func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) ProcessOutOfBandRules

func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) Run

func (r *AppsecRunner) Run(t *tomb.Tomb) error

type AppsecSource

type AppsecSource struct {
	InChan        chan appsec.ParsedRequest
	AppsecRuntime *appsec.AppsecRuntimeConfig
	AppsecConfigs map[string]appsec.AppsecConfig

	AuthCache     AuthCache
	AppsecRunners []AppsecRunner // one for each go-routine
	// contains filtered or unexported fields
}

runtime structure of AppsecSourceConfig

func (*AppsecSource) CanRun

func (w *AppsecSource) CanRun() error

func (*AppsecSource) Configure

func (w *AppsecSource) Configure(yamlConfig []byte, logger *log.Entry, MetricsLevel int) error

func (*AppsecSource) ConfigureByDSN

func (w *AppsecSource) ConfigureByDSN(dsn string, labels map[string]string, logger *log.Entry, uuid string) error

func (*AppsecSource) Dump

func (w *AppsecSource) Dump() interface{}

func (*AppsecSource) GetAggregMetrics

func (w *AppsecSource) GetAggregMetrics() []prometheus.Collector

func (*AppsecSource) GetMetrics

func (w *AppsecSource) GetMetrics() []prometheus.Collector

func (*AppsecSource) GetMode

func (w *AppsecSource) GetMode() string

func (*AppsecSource) GetName

func (w *AppsecSource) GetName() string

func (*AppsecSource) GetUuid

func (w *AppsecSource) GetUuid() string

func (*AppsecSource) IsAuth

func (w *AppsecSource) IsAuth(apiKey string) bool

func (*AppsecSource) OneShotAcquisition

func (w *AppsecSource) OneShotAcquisition(_ context.Context, _ chan types.Event, _ *tomb.Tomb) error

func (*AppsecSource) StreamingAcquisition

func (w *AppsecSource) StreamingAcquisition(ctx context.Context, out chan types.Event, t *tomb.Tomb) error

func (*AppsecSource) UnmarshalConfig

func (w *AppsecSource) UnmarshalConfig(yamlConfig []byte) error

type AppsecSourceConfig

type AppsecSourceConfig struct {
	ListenAddr                        string         `yaml:"listen_addr"`
	ListenSocket                      string         `yaml:"listen_socket"`
	CertFilePath                      string         `yaml:"cert_file"`
	KeyFilePath                       string         `yaml:"key_file"`
	Path                              string         `yaml:"path"`
	Routines                          int            `yaml:"routines"`
	AppsecConfig                      string         `yaml:"appsec_config"`
	AppsecConfigs                     []string       `yaml:"appsec_configs"`
	AppsecConfigPath                  string         `yaml:"appsec_config_path"`
	AuthCacheDuration                 *time.Duration `yaml:"auth_cache_duration"`
	configuration.DataSourceCommonCfg `yaml:",inline"`
}

configuration structure of the acquis for the application security engine

type AuthCache

type AuthCache struct {
	APIKeys map[string]time.Time
	// contains filtered or unexported fields
}

Struct to handle cache of authentication

func NewAuthCache

func NewAuthCache() AuthCache

func (*AuthCache) Get

func (ac *AuthCache) Get(apiKey string) (time.Time, bool)

func (*AuthCache) Set

func (ac *AuthCache) Set(apiKey string, expiration time.Time)

type BodyResponse

type BodyResponse struct {
	Action string `json:"action"`
}

@tko + @sbl : we might want to get rid of that or improve it

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL