Documentation
¶
Overview ¶
Package audit contains types and functions to summarize the features used in a configuration and to emit recommendations and comments when executing a check
Index ¶
Examples ¶
Constants ¶
View Source
const ( SeverityCritical = "CRITICAL" SeverityHigh = "HIGH" SeverityMedium = "MEDIUM" SeverityLow = "LOW" )
View Source
const ( BitEndpointWildcard int = 0 BitEndpointQueryStringWildcard = 1 BitEndpointHeaderStringWildcard = 2 BitEndpointCatchAll = 3 )
View Source
const ( ServicePlugin = iota ServiceSequentialStart ServiceDebug ServiceAllowInsecureConnections ServiceDisableStrictREST ServiceHasTLS ServiceTLSEnabled ServiceTLSEnableMTLS ServiceTLSDisableSystemCaPool ServiceTLSCaCerts ServiceEcho ServiceUseH2C )
View Source
const ( EncodingNOOP = iota EncodingJSON EncodingSAFEJSON EncodingSTRING EncodingRSS EncodingXML EncodingOther )
View Source
const ( BackendAllow = iota + EncodingOther + 1 BackendDeny BackendMapping BackendGroup BackendTarget BackendIsCollection BackendHeadersToPass BackendQuery )
View Source
const ( RouterErrorBody = iota RouterDisableHealth RouterDisableAccessLog RouterHealthPath RouterErrorMsg RouterDisableRedirectTrailingSlash RouterDisableRedirectFixedPath RouterExtraSlash RouterHandleMethodNotAllowed RouterPathDecoding RouterAutoOptions RouterForwardedByClientIp RouterRemoteIpHeaders RouterTrustedProxies RouterAppEngine RouterMaxMultipartMemory RouterLoggerSkipPaths RouterHideVersionHeader RouterUseH2C )
View Source
const ( BackendComponentHTTPClient = iota BackendComponentHTTPClientAllowInsecureConnections BackendComponentHTTPClientCerts )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Agent ¶
type Agent struct {
Details []int `json:"d"`
Backends []Backend `json:"b"`
Components Component `json:"c"`
}
Agent captures details of the AsyncAgents present at the configuration
type AuditResult ¶
type AuditResult struct {
Recommendations []Recommendation `json:"recommendations"`
Stats Stats `json:"stats"`
}
AuditResult contains all the recommendations and stats generated by the audit process
func Audit ¶
func Audit(cfg *config.ServiceConfig, ignore, severities []string) (AuditResult, error)
Audit audits the received configuration and generates an AuditResult with all the Recommendations
Example ¶
cfg, err := config.NewParser().Parse("./tests/example1.json")
if err != nil {
fmt.Println(err.Error())
return
}
cfg.Normalize()
exclude := []string{"1.1.1", "1.1.2"}
levels := []string{SeverityCritical, SeverityHigh, SeverityMedium}
result, err := Audit(&cfg, exclude, levels)
if err != nil {
fmt.Println(err)
return
}
for i, r := range result.Recommendations {
fmt.Printf("%02d: %s %s \t%s\n", i, r.Rule, r.Severity, r.Message)
}
Output: 00: 2.1.3 CRITICAL TLS is configured but its disable flag prevents from using it. 01: 2.1.7 HIGH Enable HTTP security header checks (security/http). 02: 2.1.8 HIGH Avoid clear text communication (h2c). 03: 2.2.1 MEDIUM Hide the version banner in runtime. 04: 2.2.2 HIGH Enable CORS. 05: 2.2.3 HIGH Avoid passing all input headers to the backend. 06: 2.2.4 HIGH Avoid passing all input query strings to the backend. 07: 3.1.2 HIGH Implement a rate-limiting strategy and avoid having an All-You-Can-Eat API. 08: 3.1.3 HIGH Protect your backends with a circuit breaker. 09: 3.3.2 MEDIUM Set timeouts to below 5 seconds for improved performance. 10: 3.3.3 HIGH Set timeouts to below 30 seconds for improved performance. 11: 3.3.4 CRITICAL Set timeouts to below 1 minute for improved performance. 12: 4.1.1 MEDIUM Implement a telemetry system for collecting metrics for monitoring and troubleshooting. 13: 4.2.1 MEDIUM Implement a telemetry system for tracing for monitoring and troubleshooting. 14: 4.3.1 MEDIUM Use the improved logging component for better log parsing. 15: 5.1.5 MEDIUM Declare explicit endpoints instead of using /__catchall. 16: 5.1.6 MEDIUM Avoid using multiple write methods in endpoint definitions. 17: 5.1.7 MEDIUM Avoid using sequential proxy.
type Endpoint ¶
type Endpoint struct {
Details []int `json:"d"`
Backends []Backend `json:"b"`
Components Component `json:"c"`
}
Endpoint captures details of the endpoints present at the configuration
type Recommendation ¶
type Recommendation struct {
Rule string `json:"rule"`
Severity string `json:"severity"`
Message string `json:"message"`
}
Recommendation maps a rule id with a severity and a message
type Rule ¶
type Rule struct {
Recommendation Recommendation
Evaluate func(*Service) bool
}
Rule encapsulates a recommendation and an evaluation function that determines if the recommendation applies for a given service definition
type Service ¶
type Service struct {
Details []int `json:"d"`
Agents []Agent `json:"a"`
Endpoints []Endpoint `json:"e"`
Components Component `json:"c"`
}
Service represents a KrakenD configuration as a tree of bitsets representing which components and flags are enabled at the KrakenD configuration
func Parse ¶
func Parse(cfg *config.ServiceConfig) Service
Parse creates a Service capturing the details of the received configuration
Example ¶
cfg, err := config.NewParser().Parse("./tests/example1.json")
if err != nil {
fmt.Println(err.Error())
return
}
cfg.Normalize()
result := Parse(&cfg)
fmt.Println("details:", result.Details)
fmt.Println("agents:", result.Agents)
fmt.Println("endpoints:", result.Endpoints)
fmt.Println("components:", result.Components)
Output: details: [3124] agents: [] endpoints: [{[2 0 0 140000 0 0] [{[64] map[]}] map[github.com/devopsfaith/krakend-jose/validator:[]]} {[2 1 1 10000 7 0] [{[64] map[backend/http/client:[3]]}] map[]} {[2 0 0 10000 8 2] [{[64] map[]} {[64] map[]} {[64] map[]}] map[proxy:[]]}] components: map[auth/api-keys:[] github_com/devopsfaith/krakend/transport/http/server/handler:[4] github_com/davron112/lura/router/gin:[262144]]
Source Files
Click to show internal directories.
Click to hide internal directories.