Documentation ¶
Index ¶
- Constants
- Variables
- func AppsecEventGeneration(inEvt types.Event, request *http.Request) (*types.Event, error)
- func AppsecEventGenerationGeoIPEnrich(src *models.Source) error
- func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error)
- func LogAppsecEvent(evt *types.Event, logger *log.Entry)
- func RegisterRX()
- type AppsecRunner
- func (r *AppsecRunner) AccumulateTxToEvent(evt *types.Event, req *appsec.ParsedRequest) error
- func (r *AppsecRunner) Init(datadir string) error
- func (r *AppsecRunner) MergeDedupRules(collections []appsec.AppsecCollection, logger *log.Entry) string
- func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error
- func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error
- func (r *AppsecRunner) Run(t *tomb.Tomb) error
- type AppsecSource
- func (w *AppsecSource) CanRun() error
- func (w *AppsecSource) Configure(yamlConfig []byte, logger *log.Entry, MetricsLevel int) error
- func (w *AppsecSource) ConfigureByDSN(dsn string, labels map[string]string, logger *log.Entry, uuid string) error
- func (w *AppsecSource) Dump() interface{}
- func (w *AppsecSource) GetAggregMetrics() []prometheus.Collector
- func (w *AppsecSource) GetMetrics() []prometheus.Collector
- func (w *AppsecSource) GetMode() string
- func (w *AppsecSource) GetName() string
- func (w *AppsecSource) GetUuid() string
- func (w *AppsecSource) IsAuth(apiKey string) bool
- func (w *AppsecSource) OneShotAcquisition(_ context.Context, _ chan types.Event, _ *tomb.Tomb) error
- func (w *AppsecSource) StreamingAcquisition(ctx context.Context, out chan types.Event, t *tomb.Tomb) error
- func (w *AppsecSource) UnmarshalConfig(yamlConfig []byte) error
- type AppsecSourceConfig
- type AuthCache
- type BodyResponse
Constants ¶
View Source
const ( InBand = "inband" OutOfBand = "outofband" )
Variables ¶
View Source
var AppsecBlockCounter = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_appsec_block_total", Help: "Total events blocked by the Application Security Engine.", }, []string{"source", "appsec_engine"}, )
View Source
var AppsecGlobalParsingHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Help: "Time spent processing a request by the Application Security Engine.", Name: "cs_appsec_parsing_time_seconds", Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25}, }, []string{"source", "appsec_engine"}, )
View Source
var AppsecInbandParsingHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Help: "Time spent processing a request by the inband Application Security Engine.", Name: "cs_appsec_inband_parsing_time_seconds", Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25}, }, []string{"source", "appsec_engine"}, )
View Source
var AppsecOutbandParsingHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Help: "Time spent processing a request by the Application Security Engine.", Name: "cs_appsec_outband_parsing_time_seconds", Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25}, }, []string{"source", "appsec_engine"}, )
View Source
var AppsecReqCounter = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_appsec_reqs_total", Help: "Total events processed by the Application Security Engine.", }, []string{"source", "appsec_engine"}, )
View Source
var AppsecRuleHits = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "cs_appsec_rule_hits", Help: "Count of triggered rule, by rule_name, type (inband/outofband), appsec_engine and source", }, []string{"rule_name", "type", "appsec_engine", "source"}, )
View Source
var DefaultAuthCacheDuration = (1 * time.Minute)
Functions ¶
func AppsecEventGeneration ¶
func EventFromRequest ¶
func RegisterRX ¶
func RegisterRX()
RegisterRX registers the rx operator using a WASI implementation instead of Go.
Types ¶
type AppsecRunner ¶
type AppsecRunner struct { UUID string AppsecRuntime *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc. AppsecInbandEngine coraza.WAF AppsecOutbandEngine coraza.WAF Labels map[string]string // contains filtered or unexported fields }
that's the runtime structure of the Application security engine as seen from the acquis
func (*AppsecRunner) AccumulateTxToEvent ¶
func (r *AppsecRunner) AccumulateTxToEvent(evt *types.Event, req *appsec.ParsedRequest) error
func (*AppsecRunner) Init ¶
func (r *AppsecRunner) Init(datadir string) error
func (*AppsecRunner) MergeDedupRules ¶
func (r *AppsecRunner) MergeDedupRules(collections []appsec.AppsecCollection, logger *log.Entry) string
func (*AppsecRunner) ProcessInBandRules ¶
func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error
func (*AppsecRunner) ProcessOutOfBandRules ¶
func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error
func (*AppsecRunner) Run ¶
func (r *AppsecRunner) Run(t *tomb.Tomb) error
type AppsecSource ¶
type AppsecSource struct { InChan chan appsec.ParsedRequest AppsecRuntime *appsec.AppsecRuntimeConfig AppsecConfigs map[string]appsec.AppsecConfig AuthCache AuthCache AppsecRunners []AppsecRunner // one for each go-routine // contains filtered or unexported fields }
runtime structure of AppsecSourceConfig
func (*AppsecSource) CanRun ¶
func (w *AppsecSource) CanRun() error
func (*AppsecSource) ConfigureByDSN ¶
func (*AppsecSource) Dump ¶
func (w *AppsecSource) Dump() interface{}
func (*AppsecSource) GetAggregMetrics ¶
func (w *AppsecSource) GetAggregMetrics() []prometheus.Collector
func (*AppsecSource) GetMetrics ¶
func (w *AppsecSource) GetMetrics() []prometheus.Collector
func (*AppsecSource) GetMode ¶
func (w *AppsecSource) GetMode() string
func (*AppsecSource) GetName ¶
func (w *AppsecSource) GetName() string
func (*AppsecSource) GetUuid ¶
func (w *AppsecSource) GetUuid() string
func (*AppsecSource) IsAuth ¶
func (w *AppsecSource) IsAuth(apiKey string) bool
func (*AppsecSource) OneShotAcquisition ¶
func (*AppsecSource) StreamingAcquisition ¶
func (*AppsecSource) UnmarshalConfig ¶
func (w *AppsecSource) UnmarshalConfig(yamlConfig []byte) error
type AppsecSourceConfig ¶
type AppsecSourceConfig struct { ListenAddr string `yaml:"listen_addr"` ListenSocket string `yaml:"listen_socket"` CertFilePath string `yaml:"cert_file"` KeyFilePath string `yaml:"key_file"` Path string `yaml:"path"` Routines int `yaml:"routines"` AppsecConfig string `yaml:"appsec_config"` AppsecConfigs []string `yaml:"appsec_configs"` AppsecConfigPath string `yaml:"appsec_config_path"` AuthCacheDuration *time.Duration `yaml:"auth_cache_duration"` configuration.DataSourceCommonCfg `yaml:",inline"` }
configuration structure of the acquis for the application security engine
type AuthCache ¶
Struct to handle cache of authentication
func NewAuthCache ¶
func NewAuthCache() AuthCache
type BodyResponse ¶
type BodyResponse struct {
Action string `json:"action"`
}
@tko + @sbl : we might want to get rid of that or improve it
Click to show internal directories.
Click to hide internal directories.