Documentation
¶
Index ¶
Constants ¶
const ( // AuditLogPartAuditLogHeader is the mandatory header part AuditLogPartAuditLogHeader auditLogPart = 'A' // AuditLogPartRequestHeaders is the request headers part AuditLogPartRequestHeaders auditLogPart = 'B' // AuditLogPartRequestBody is the request body part AuditLogPartRequestBody auditLogPart = 'C' // AuditLogPartIntermediaryResponseHeaders is the intermediary response headers part AuditLogPartIntermediaryResponseHeaders auditLogPart = 'D' // AuditLogPartIntermediaryResponseBody is the intermediary response body part AuditLogPartIntermediaryResponseBody auditLogPart = 'E' // AuditLogPartResponseHeaders is the final response headers part AuditLogPartResponseHeaders auditLogPart = 'F' // AuditLogPartResponseBody is the final response body part AuditLogPartResponseBody auditLogPart = 'G' // AuditLogPartAuditLogTrailer is the audit log trailer part AuditLogPartAuditLogTrailer auditLogPart = 'H' // AuditLogPartRequestBodyAlternative is the request body replaced part AuditLogPartRequestBodyAlternative auditLogPart = 'I' // AuditLogPartUploadedFiles is the uploaded files part AuditLogPartUploadedFiles auditLogPart = 'J' // AuditLogPartRulesMatched is the matched rules part AuditLogPartRulesMatched auditLogPart = 'K' // AuditLogPartFinalBoundary is the mandatory final boundary part AuditLogPartFinalBoundary auditLogPart = 'Z' )
const VariablesCount = 92
VariablesCount contains the number of variables handled by the variables package It is used to create arrays of the correct size
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnchoredVar ¶
AnchoredVar stores the case preserved Original name and value of the variable
type AuditEngineStatus ¶
type AuditEngineStatus int
AuditEngineStatus represents the functionality of the audit engine.
const ( // AuditEngineOn will audit each auditable event AuditEngineOn AuditEngineStatus = iota // AuditEngineOff will not audit any event AuditEngineOff AuditEngineStatus = iota // AuditEngineRelevantOnly will audit only relevant events AuditEngineRelevantOnly AuditEngineStatus = iota )
func ParseAuditEngineStatus ¶
func ParseAuditEngineStatus(as string) (AuditEngineStatus, error)
ParseAuditEngineStatus parses the audit engine status
type AuditLogParts ¶
type AuditLogParts []auditLogPart
AuditLogParts represents the parts of the audit log A: Audit log header (mandatory). B: Request headers. C: Request body D: Reserved for intermediary response headers; not implemented yet. E: Intermediary response body (not implemented yet). F: Final response headers G: Reserved for the actual response body; not implemented yet. H: Audit log trailer. I: This part is a replacement for part C. J: This part contains information about the files uploaded using multipart/form-data encoding. K: This part contains a full list of every rule that matched (one per line) Z: Final boundary, signifies the end of the entry (mandatory).
type BodyBufferOptions ¶
type BodyBufferOptions struct {
// TmpPath is the path to store temporary files
TmpPath string
// MemoryLimit is the maximum amount of memory to be stored in memory
// Once the limit is reached, the file will be stored on disk
MemoryLimit int64
}
BodyBufferOptions is used to feed a coraza.BodyBuffer with parameters
type Config ¶
type Config map[string]interface{}
Config is used to store the configuration of the WAF Internal configurations are not exported. This is used to connect directives with audit loggers. A WAF instance will share it's Config object with the audit loggers.
type Interruption ¶
type Interruption struct {
// Rule that caused the interruption
RuleID int
// drop, deny, redirect
Action string
// Force this status code
Status int
// Parameters used by proxy and redirect
Data string
}
Interruption is used to notify the Coraza implementation that the transaction must be disrupted, for example:
if it := tx.Interruption; it != nil {
return show403()
}
type MatchData ¶
type MatchData interface {
// VariableName stored for cache
VariableName() string
// Variable
Variable() variables.RuleVariable
// Key of the variable, blank if no key is required
Key() string
// Value of the current VARIABLE:KEY
Value() string
// Message is the expanded macro message
Message() string
// Data is the expanded logdata of the macro
Data() string
// IsNil is used to check whether the MatchData is empty
IsNil() bool
}
MatchData works like VariableKey but is used for logging, so it contains the collection as a string, and it's value
type MatchedRule ¶
type MatchedRule interface {
// Message is the macro expanded message
Message() string
// Data is the macro expanded logdata
Data() string
// URI is the full request uri unparsed
URI() string
// TransactionID is the transaction ID
TransactionID() string
// Disruptive is whether this rule will block the request
Disruptive() bool
// ServerIPAddress is the address of the server
ServerIPAddress() string
// ClientIPAddress is the address of the client
ClientIPAddress() string
// MatchedDatas is the matched variables.
MatchedDatas() []MatchData
Rule() RuleMetadata
AuditLog(code int) string
ErrorLog(code int) string
}
MatchedRule contains a list of macro expanded messages, matched variables and a pointer to the rule
type RequestBodyLimitAction ¶
type RequestBodyLimitAction int
RequestBodyLimitAction represents the action to take when the request body size exceeds the configured limit.
const ( // RequestBodyLimitActionProcessPartial will process the request body // up to the limit and then reject the request RequestBodyLimitActionProcessPartial RequestBodyLimitAction = 0 // RequestBodyLimitActionReject will reject the request in case // the request body size exceeds the configured limit RequestBodyLimitActionReject RequestBodyLimitAction = 1 )
func ParseRequestBodyLimitAction ¶
func ParseRequestBodyLimitAction(rbla string) (RequestBodyLimitAction, error)
ParseRequestBodyLimitAction parses the request body limit action
type RuleEngineStatus ¶
type RuleEngineStatus int
RuleEngineStatus represents the functionality of the rule engine.
const ( // RuleEngineOn will process each rule and may generate // disruptive actions RuleEngineOn RuleEngineStatus = iota // RuleEngineDetectionOnly will process each rule but won't // generate disruptive actions RuleEngineDetectionOnly RuleEngineStatus = iota // RuleEngineOff will not process any rule RuleEngineOff RuleEngineStatus = iota )
func ParseRuleEngineStatus ¶
func ParseRuleEngineStatus(re string) (RuleEngineStatus, error)
ParseRuleEngineStatus parses the rule engine status
func (RuleEngineStatus) String ¶
func (re RuleEngineStatus) String() string
String returns the string representation of the rule engine status
type RuleMetadata ¶
type RuleMetadata interface {
ID() int
File() string
Line() int
Revision() string
Severity() RuleSeverity
Version() string
Tags() []string
Maturity() int
Accuracy() int
Operator() string
Phase() RulePhase
Raw() string
SecMark() string
}
RuleMetadata is used to store rule metadata that can be used across packages
type RulePhase ¶
type RulePhase int
RulePhase is the phase of the rule
const ( // PhaseRequestHeaders will process once the request headers are received PhaseRequestHeaders RulePhase = 1 // PhaseRequestBody will process once the request body is received PhaseRequestBody RulePhase = 2 // PhaseResponseHeaders will process once the response headers are received PhaseResponseHeaders RulePhase = 3 // PhaseResponseBody will process once the response body is received PhaseResponseBody RulePhase = 4 // PhaseLogging will process once the request is sent // This phase will always run PhaseLogging RulePhase = 5 )
func ParseRulePhase ¶
ParseRulePhase parses the phase of the rule from a to 5 or request:2, response:4, logging:5 if the phase is invalid it will return an error
type RuleSeverity ¶
type RuleSeverity int
RuleSeverity represents the severity of a triggered rule It can have a numeric value or string value There are 8 levels of severity: 0 - Emergency 1 - Alert 2 - Critical 3 - Error 4 - Warning 5 - Notice 6 - Info 7 - Debug RuleSeverity is used by error callbacks to chose wether to log the error or not
const ( // RuleSeverityEmergency represents the emergency severity // We "shold" exit the process immediately RuleSeverityEmergency RuleSeverity = 0 // RuleSeverityAlert represents the alert severity RuleSeverityAlert RuleSeverity = 1 // RuleSeverityCritical represents the critical severity RuleSeverityCritical RuleSeverity = 2 // RuleSeverityError represents the error severity RuleSeverityError RuleSeverity = 3 // RuleSeverityWarning represents the warning severity RuleSeverityWarning RuleSeverity = 4 // RuleSeverityNotice represents the notice severity RuleSeverityNotice RuleSeverity = 5 // RuleSeverityInfo represents the info severity RuleSeverityInfo RuleSeverity = 6 // RuleSeverityDebug represents the debug severity RuleSeverityDebug RuleSeverity = 7 )
func ParseRuleSeverity ¶
func ParseRuleSeverity(input string) (RuleSeverity, error)
ParseRuleSeverity parses a string into a RuleSeverity
func (RuleSeverity) Int ¶
func (rs RuleSeverity) Int() int
Int returns the integer value of the severity
func (RuleSeverity) String ¶
func (rs RuleSeverity) String() string
String returns the string representation of the severity
type Transaction ¶
type Transaction interface {
// ProcessConnection should be called at very beginning of a request process, it is
// expected to be executed prior to the virtual host resolution, when the
// connection arrives on the server.
// Important: Remember to check for a possible intervention.
ProcessConnection(client string, cPort int, server string, sPort int)
// ProcessURI Performs the analysis on the URI and all the query string variables.
// This method should be called at very beginning of a request process, it is
// expected to be executed prior to the virtual host resolution, when the
// connection arrives on the server.
// note: There is no direct connection between this function and any phase of
//
// the SecLanguages phases. It is something that may occur between the
// SecLanguage phase 1 and 2.
//
// note: This function won't add GET arguments, they must be added with AddArgument
ProcessURI(uri string, method string, httpVersion string)
// AddRequestHeader Adds a request header
//
// With this method it is possible to feed Coraza with a request header.
// Note: Golang's *http.Request object will not contain a "Host" header,
// and you might have to force it
AddRequestHeader(key string, value string)
// ProcessRequestHeaders Performs the analysis on the request readers.
//
// This method perform the analysis on the request headers, notice however
// that the headers should be added prior to the execution of this function.
//
// note: Remember to check for a possible intervention.
ProcessRequestHeaders() *Interruption
// RequestBodyWriter returns a io.Writer for writing the request body to.
// Contents will be buffered until the transaction is closed.
RequestBodyWriter() io.Writer
// RequestBodyReader returns a reader for content that has been written by
// RequestBodyWriter. This can be useful for buffering the request body
// within the Transaction while also passing it further in an HTTP framework.
RequestBodyReader() (io.Reader, error)
// ProcessRequestBody Performs the request body (if any)
//
// This method perform the analysis on the request body. It is optional to
// call that function. If this API consumer already know that there isn't a
// body for inspect it is recommended to skip this step.
//
// Remember to check for a possible intervention.
ProcessRequestBody() (*Interruption, error)
// AddResponseHeader Adds a response header variable
//
// With this method it is possible to feed Coraza with a response header.
AddResponseHeader(key string, value string)
// ProcessResponseHeaders Perform the analysis on the response readers.
//
// This method perform the analysis on the response headers, notice however
// that the headers should be added prior to the execution of this function.
//
// note: Remember to check for a possible intervention.
ProcessResponseHeaders(code int, proto string) *Interruption
// ResponseBodyWriter returns a io.Writer for writing the response body to.
// Contents will be buffered until the transaction is closed.
ResponseBodyWriter() io.Writer
// ResponseBodyReader returns a reader for content that has been written by
// ResponseBodyWriter. This can be useful for buffering the response body
// within the Transaction while also passing it further in an HTTP framework.
ResponseBodyReader() (io.Reader, error)
// ProcessResponseBody Perform the request body (if any)
//
// This method perform the analysis on the request body. It is optional to
// call that method. If this API consumer already know that there isn't a
// body for inspect it is recommended to skip this step.
//
// note Remember to check for a possible intervention.
ProcessResponseBody() (*Interruption, error)
// ProcessLogging Logging all information relative to this transaction.
// An error log
// At this point there is not need to hold the connection, the response can be
// delivered prior to the execution of this method.
ProcessLogging()
// Interrupted will return true if the transaction was interrupted
Interrupted() bool
// Interruption returns the types.Interruption if the request was interrupted,
// or nil otherwise.
Interruption() *Interruption
// MatchedRules returns the rules that have matched the requests with associated information.
MatchedRules() []MatchedRule
// Closer closes the transaction and releases any resources associated with it such as request/response bodies.
io.Closer
}
Transaction is created from a WAF instance to handle web requests and responses, it contains a copy of most WAF configurations that can be safely changed. Transactions are used to store all data like URLs, request and response headers. Transactions are used to evaluate rules by phase and generate disruptive actions. Disruptive actions can be read from *tx.Interruption. It is safe to manage multiple transactions but transactions themself are not thread safe
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package variables contains the representation of the variables used in the rules Variables are created as bytes and they have a string representation
|
Package variables contains the representation of the variables used in the rules Variables are created as bytes and they have a string representation |