rules

package
v3.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 3, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action interface {
	// Init initializes the action.
	Init(RuleMetadata, string) error

	// Evaluate evaluates the action.
	Evaluate(RuleMetadata, TransactionState)

	// Type returns the type of action.
	Type() ActionType
}

Action is an action that can be used within a rule.

type ActionType 

type ActionType int

ActionType is used to define when an action is going to be triggered 

const (
	// ActionTypeMetadata is used to provide more information about rules.
	ActionTypeMetadata ActionType = 1
	// ActionTypeDisruptive is used to make the integrator do something like drop the request.
	ActionTypeDisruptive ActionType = 2
	// ActionTypeData Not really actions, these are mere containers that hold data used by other actions.
	ActionTypeData ActionType = 3
	// ActionTypeNondisruptive is used to do something that does not affect the flow of the rule.
	ActionTypeNondisruptive ActionType = 4
	// ActionTypeFlow is used to affect the rule flow (for example skip or skipAfter).
	ActionTypeFlow ActionType = 5
)

type Operator 

type Operator interface {
	// Evaluate is used during the rule evaluation,
	// it returns true if the operator succeeded against
	// the input data for the transaction
	Evaluate(TransactionState, string) bool
}

Operator interface is used to define rule @operators

type OperatorFactory 

type OperatorFactory func(options OperatorOptions) (Operator, error)

type OperatorOptions 

type OperatorOptions struct {
	// Arguments is used to store the operator args
	Arguments string

	// Path is used to store a list of possible data paths
	Path []string

	// Root is the root to resolve Path from.
	Root fs.FS

	// Datasets contains input datasets or dictionaries
	Datasets map[string][]string
}

OperatorOptions is used to store the options for a rule operator

type Rule 

type Rule interface {
	// Evaluate evaluates the rule, returning data related to matches if any.
	Evaluate(state TransactionState) []types.MatchData
}

Rule is a rule executed against a transaction.

type RuleMetadata 

type RuleMetadata interface {
	// GetID returns the ID of the rule.
	ID() int

	// GetParentID returns the ID of the parent of the rule for a chained rule.
	ParentID() int

	// Status returns the status to set if the rule matches.
	Status() int
}

RuleMetadata is information about a rule parsed from directives.

type TransactionState 

type TransactionState interface {
	// ID returns the ID of the transaction.
	ID() string // TODO(anuraaga): If only for logging, can be built into logger

	// Variables returns the TransactionVariables of the transaction.
	Variables() TransactionVariables

	// Collection returns a collection from the transaction.
	Collection(idx variables.RuleVariable) collection.Collection

	// Interrupt interrupts the transaction.
	Interrupt(interruption *types.Interruption)

	// ResponseBodyWriter allows writing to the response body.
	// TODO(anuraaga): Should this be combined with interruption? Any action writing anything to response can be dangerous.
	ResponseBodyWriter() io.Writer

	// ContentInjection returns whether content injection is enabled for this transaction.
	ContentInjection() bool // TODO(anuraaga): Should be resolved at Init time when WAF is truly immutable.
	// DebugLogger returns the logger for this transaction.
	DebugLogger() loggers.DebugLogger

	// Capturing returns whether the transaction is capturing. CaptureField only works if capturing, this can be used
	// as an optimization to avoid processing specific to capturing fields.
	Capturing() bool // TODO(anuraaga): Only needed in operators?
	// CaptureField captures a field.
	CaptureField(idx int, value string)
}

TransactionState tracks the state of a transaction for use in actions and operators.

type TransactionVariables 

type TransactionVariables interface {
	// Simple Variables
	UserID() *collection.Simple
	UrlencodedError() *collection.Simple
	ResponseContentType() *collection.Simple
	UniqueID() *collection.Simple
	ArgsCombinedSize() *collection.SizeProxy
	AuthType() *collection.Simple
	FilesCombinedSize() *collection.Simple
	FullRequest() *collection.Simple
	FullRequestLength() *collection.Simple
	InboundDataError() *collection.Simple
	MatchedVar() *collection.Simple
	MatchedVarName() *collection.Simple
	MultipartBoundaryQuoted() *collection.Simple
	MultipartBoundaryWhitespace() *collection.Simple
	MultipartCrlfLfLines() *collection.Simple
	MultipartDataAfter() *collection.Simple
	MultipartDataBefore() *collection.Simple
	MultipartFileLimitExceeded() *collection.Simple
	MultipartPartHeaders() *collection.Map
	MultipartHeaderFolding() *collection.Simple
	MultipartInvalidHeaderFolding() *collection.Simple
	MultipartInvalidPart() *collection.Simple
	MultipartInvalidQuoting() *collection.Simple
	MultipartLfLine() *collection.Simple
	MultipartMissingSemicolon() *collection.Simple
	MultipartStrictError() *collection.Simple
	MultipartUnmatchedBoundary() *collection.Simple
	OutboundDataError() *collection.Simple
	PathInfo() *collection.Simple
	QueryString() *collection.Simple
	RemoteAddr() *collection.Simple
	RemoteHost() *collection.Simple
	RemotePort() *collection.Simple
	RequestBodyError() *collection.Simple
	RequestBodyErrorMsg() *collection.Simple
	RequestBodyProcessorError() *collection.Simple
	RequestBodyProcessorErrorMsg() *collection.Simple
	RequestBodyProcessor() *collection.Simple
	RequestBasename() *collection.Simple
	RequestBody() *collection.Simple
	RequestBodyLength() *collection.Simple
	RequestFilename() *collection.Simple
	RequestLine() *collection.Simple
	RequestMethod() *collection.Simple
	RequestProtocol() *collection.Simple
	RequestURI() *collection.Simple
	RequestURIRaw() *collection.Simple
	ResponseBody() *collection.Simple
	ResponseContentLength() *collection.Simple
	ResponseProtocol() *collection.Simple
	ResponseStatus() *collection.Simple
	ServerAddr() *collection.Simple
	ServerName() *collection.Simple
	ServerPort() *collection.Simple
	SessionID() *collection.Simple
	HighestSeverity() *collection.Simple
	StatusLine() *collection.Simple
	InboundErrorData() *collection.Simple
	// Custom
	Env() *collection.Map
	TX() *collection.Map
	Rule() *collection.Map
	Duration() *collection.Simple
	// Proxy Variables
	Args() *collection.Proxy
	// Maps Variables
	ArgsGet() *collection.Map
	ArgsPost() *collection.Map
	ArgsPath() *collection.Map
	FilesTmpNames() *collection.Map
	Geo() *collection.Map
	Files() *collection.Map
	RequestCookies() *collection.Map
	RequestHeaders() *collection.Map
	ResponseHeaders() *collection.Map
	MultipartName() *collection.Map
	MatchedVarsNames() *collection.Map
	MultipartFilename() *collection.Map
	MatchedVars() *collection.Map
	FilesSizes() *collection.Map
	FilesNames() *collection.Map
	FilesTmpContent() *collection.Map
	ResponseHeadersNames() *collection.Map
	RequestHeadersNames() *collection.Map
	RequestCookiesNames() *collection.Map
	XML() *collection.Map
	RequestXML() *collection.Map
	ResponseXML() *collection.Map
	// Persistent variables
	IP() *collection.Map
	// Translation Proxy Variables
	ArgsNames() *collection.TranslationProxy
	ArgsGetNames() *collection.TranslationProxy
	ArgsPostNames() *collection.TranslationProxy
}

TransactionVariables has pointers to all the variables of the transaction

type Transformation 

type Transformation = func(input string) (string, error)

Transformation is used to create transformation plugins See the documentation for more information If a transformation fails to run it will return the same string and an error, errors are only used for logging, it won't stop the execution of the rule

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.