Documentation
¶
Index ¶
Constants ¶
const ( // AuditLogPartAuditLogHeader is the mandatory header part AuditLogPartAuditLogHeader auditLogPart = 'A' // AuditLogPartRequestHeaders is the request headers part AuditLogPartRequestHeaders auditLogPart = 'B' // AuditLogPartRequestBody is the request body part AuditLogPartRequestBody auditLogPart = 'C' // AuditLogPartIntermediaryResponseHeaders is the intermediary response headers part AuditLogPartIntermediaryResponseHeaders auditLogPart = 'D' // AuditLogPartIntermediaryResponseBody is the intermediary response body part AuditLogPartIntermediaryResponseBody auditLogPart = 'E' // AuditLogPartResponseHeaders is the final response headers part AuditLogPartResponseHeaders auditLogPart = 'F' // AuditLogPartResponseBody is the final response body part AuditLogPartResponseBody auditLogPart = 'G' // AuditLogPartAuditLogTrailer is the audit log trailer part AuditLogPartAuditLogTrailer auditLogPart = 'H' // AuditLogPartRequestBodyAlternative is the request body replaced part AuditLogPartRequestBodyAlternative auditLogPart = 'I' // AuditLogPartUploadedFiles is the uploaded files part AuditLogPartUploadedFiles auditLogPart = 'J' // AuditLogPartRulesMatched is the matched rules part AuditLogPartRulesMatched auditLogPart = 'K' // AuditLogPartFinalBoundary is the mandatory final boundary part AuditLogPartFinalBoundary auditLogPart = 'Z' )
const VariablesCount = 91
VariablesCount contains the number of variables handled by the variables package It is used to create arrays of the correct size
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnchoredVar ¶
AnchoredVar stores the case preserved Original name and value of the variable
type AuditEngineStatus ¶
type AuditEngineStatus int
AuditEngineStatus represents the functionality of the audit engine.
const ( // AuditEngineOn will audit each auditable event AuditEngineOn AuditEngineStatus = iota // AuditEngineOff will not audit any event AuditEngineOff AuditEngineStatus = iota // AuditEngineRelevantOnly will audit only relevant events AuditEngineRelevantOnly AuditEngineStatus = iota )
func ParseAuditEngineStatus ¶
func ParseAuditEngineStatus(as string) (AuditEngineStatus, error)
ParseAuditEngineStatus parses the audit engine status
type AuditLogParts ¶
type AuditLogParts []auditLogPart
AuditLogParts represents the parts of the audit log A: Audit log header (mandatory). B: Request headers. C: Request body D: Reserved for intermediary response headers; not implemented yet. E: Intermediary response body (not implemented yet). F: Final response headers G: Reserved for the actual response body; not implemented yet. H: Audit log trailer. I: This part is a replacement for part C. J: This part contains information about the files uploaded using multipart/form-data encoding. K: This part contains a full list of every rule that matched (one per line) Z: Final boundary, signifies the end of the entry (mandatory).
type BodyBufferOptions ¶
type BodyBufferOptions struct {
// TmpPath is the path to store temporary files
TmpPath string
// MemoryLimit is the maximum amount of memory to be stored in memory
// Once the limit is reached, the file will be stored on disk
MemoryLimit int64
}
BodyBufferOptions is used to feed a coraza.BodyBuffer with parameters
type Config ¶
type Config map[string]interface{}
Config is used to store the configuration of the WAF Internal configurations are not exported. This is used to connect directives with audit loggers. A Waf instance will share it's Config object with the audit loggers.
type Interruption ¶
type Interruption struct {
// Rule that caused the interruption
RuleID int
// drop, deny, redirect
Action string
// Force this status code
Status int
// Parameters used by proxy and redirect
Data string
}
Interruption is used to notify the Coraza implementation that the transaction must be disrupted, for example:
if it := tx.Interruption; it != nil {
return show403()
}
type MatchData ¶
type MatchData struct {
// variable name stored for cache
VariableName string
// Variable
Variable variables.RuleVariable
// Key of the variable, blank if no key is required
Key string
// Value of the current VARIABLE:KEY
Value string
// Macro expanded message
Message string
// Macro expanded logdata
Data string
}
MatchData works like VariableKey but is used for logging, so it contains the collection as a string, and it's value
type MatchedRule ¶
type MatchedRule struct {
// Macro expanded message
Message string
// Macro expanded logdata
Data string
// Full request uri unparsed
URI string
// Transaction id
ID string
// Is disruptive
Disruptive bool
// Server IP address
ServerIPAddress string
// Client IP address
ClientIPAddress string
// A slice of matched variables
MatchedDatas []MatchData
Rule RuleMetadata
}
MatchedRule contains a list of macro expanded messages, matched variables and a pointer to the rule
func (MatchedRule) AuditLog ¶
func (mr MatchedRule) AuditLog(code int) string
AuditLog transforms the matched rule into an error log using the legacy Modsecurity syntax
func (MatchedRule) ErrorLog ¶
func (mr MatchedRule) ErrorLog(code int) string
ErrorLog returns the same as audit log but without matchData
type RequestBodyLimitAction ¶
type RequestBodyLimitAction int
RequestBodyLimitAction represents the action to take when the request body size exceeds the configured limit.
const ( // RequestBodyLimitActionProcessPartial will process the request body // up to the limit and then reject the request RequestBodyLimitActionProcessPartial RequestBodyLimitAction = 0 // RequestBodyLimitActionReject will reject the request in case // the request body size exceeds the configured limit RequestBodyLimitActionReject RequestBodyLimitAction = 1 )
func ParseRequestBodyLimitAction ¶
func ParseRequestBodyLimitAction(rbla string) (RequestBodyLimitAction, error)
ParseRequestBodyLimitAction parses the request body limit action
type RuleActionType ¶
type RuleActionType int
RuleActionType is used to define when an action is going to be triggered
const ( // ActionTypeMetadata is used to provide more information about rules. ActionTypeMetadata RuleActionType = 1 // ActionTypeDisruptive is used to make the integrator do something like drop the request. ActionTypeDisruptive RuleActionType = 2 // ActionTypeData Not really actions, these are mere containers that hold data used by other actions. ActionTypeData RuleActionType = 3 // ActionTypeNondisruptive is used to do something that does not affect the flow of the rule. ActionTypeNondisruptive RuleActionType = 4 // ActionTypeFlow is used to affect the rule flow (for example skip or skipAfter). ActionTypeFlow RuleActionType = 5 )
type RuleEngineStatus ¶
type RuleEngineStatus int
RuleEngineStatus represents the functionality of the rule engine.
const ( // RuleEngineOn will process each rule and may generate // disruptive actions RuleEngineOn RuleEngineStatus = iota // RuleEngineDetectionOnly will process each rule but won't // generate disruptive actions RuleEngineDetectionOnly RuleEngineStatus = iota // RuleEngineOff will not process any rule RuleEngineOff RuleEngineStatus = iota )
func ParseRuleEngineStatus ¶
func ParseRuleEngineStatus(re string) (RuleEngineStatus, error)
ParseRuleEngineStatus parses the rule engine status
func (RuleEngineStatus) String ¶
func (re RuleEngineStatus) String() string
String returns the string representation of the rule engine status
type RuleMetadata ¶
type RuleMetadata struct {
ID int
File string
Line int
Rev string
Severity RuleSeverity
Version string
Tags []string
Maturity int
Accuracy int
Operator string
Phase RulePhase
Raw string
SecMark string
}
RuleMetadata is used to store rule metadata that can be used across packages
type RulePhase ¶
type RulePhase int
RulePhase is the phase of the rule
const ( // PhaseRequestHeaders will process once the request headers are received PhaseRequestHeaders RulePhase = 1 // PhaseRequestBody will process once the request body is received PhaseRequestBody RulePhase = 2 // PhaseResponseHeaders will process once the response headers are received PhaseResponseHeaders RulePhase = 3 // PhaseResponseBody will process once the response body is received PhaseResponseBody RulePhase = 4 // PhaseLogging will process once the request is sent // This phase will always run PhaseLogging RulePhase = 5 )
func ParseRulePhase ¶
ParseRulePhase parses the phase of the rule from a to 5 or request:2, response:4, logging:5 if the phase is invalid it will return an error
type RuleSeverity ¶
type RuleSeverity int
RuleSeverity represents the severity of a triggered rule It can have a numeric value or string value There are 8 levels of severity: 0 - Emergency 1 - Alert 2 - Critical 3 - Error 4 - Warning 5 - Notice 6 - Info 7 - Debug RuleSeverity is used by error callbacks to chose wether to log the error or not
const ( // RuleSeverityEmergency represents the emergency severity // We "shold" exit the process immediately RuleSeverityEmergency RuleSeverity = 0 // RuleSeverityAlert represents the alert severity RuleSeverityAlert RuleSeverity = 1 // RuleSeverityCritical represents the critical severity RuleSeverityCritical RuleSeverity = 2 // RuleSeverityError represents the error severity RuleSeverityError RuleSeverity = 3 // RuleSeverityWarning represents the warning severity RuleSeverityWarning RuleSeverity = 4 // RuleSeverityNotice represents the notice severity RuleSeverityNotice RuleSeverity = 5 // RuleSeverityInfo represents the info severity RuleSeverityInfo RuleSeverity = 6 // RuleSeverityDebug represents the debug severity RuleSeverityDebug RuleSeverity = 7 )
func ParseRuleSeverity ¶
func ParseRuleSeverity(input string) (RuleSeverity, error)
ParseRuleSeverity parses a string into a RuleSeverity
func (RuleSeverity) Int ¶
func (rs RuleSeverity) Int() int
Int returns the integer value of the severity
func (RuleSeverity) String ¶
func (rs RuleSeverity) String() string
String returns the string representation of the severity
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package variables contains the representation of the variables used in the rules Variables are created as bytes and they have a string representation
|
Package variables contains the representation of the variables used in the rules Variables are created as bytes and they have a string representation |