detection

package
v0.0.0-...-8e880ef Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckRule 

func CheckRule(rule Rule, logger logging.ILogger) error

Checks if the rule is valid or not @param rule - the rule struct to be tested @param logger - the logger to be used Returns an error which specifies the problem with the rule

func CheckRuleInfo 

func CheckRuleInfo(info *RuleInfo) error

Check if the rule information is valid or not @param info - the rule information structure Returns an error if the info field is not valid

func ConvertSeverityStringToInteger 

func ConvertSeverityStringToInteger(severity string) int64

Converts the severity string to integer value @param severity - the string format of the representation (can be low, medium, high, critical) - case insensitive Returns the integer coresponding to severity or -1 if the severity type does not exist

Types

type BodyHashMatch 

type BodyHashMatch struct {
	BodyHash          string
	BodyHashAlgorithm string
}

Holds all the information about the matched hash of the body

type BodyRule 

type BodyRule struct {
	SHA256Sum string `yaml:"sha256sum"` //The SHA256 hash of the body to match
	MD5Sum    string `yaml:"md5sum"`    //The MD5 hash of the body
	Match     string `yaml:"match"`     //The string to match exactly
	Regex     string `yaml:"regex"`     //The regex used for searching
}

Holds all the information about the body

type HeadersRule 

type HeadersRule struct {
	Name  string `yaml:"name"`  //The name of the search to search for matches
	Match string `yaml:"match"` //The string to match exactly
	Regex string `yaml:"regex"` //The regex used for searching
}

Holds all the information about headers

type RequestParametersRule 

type RequestParametersRule struct {
	Name  string `yaml:"name"`  //The name of the query variable (can be any which means look through all the query variable names for a match)
	Match string `yaml:"match"` //The string to match exactly
	Regex string `yaml:"regex"` //The regex used for searching
}

Holds all the information about request parameters

type RequestRule 

type RequestRule struct {
	Method     *RuleSearchMode          `yaml:"method"`  //The modes to search on the method
	URL        *RuleSearchMode          `yaml:"url"`     //The modes to search on the URL
	Headers    []*HeadersRule           `yaml:"headers"` //The headers to be checked
	Parameters []*RequestParametersRule `yaml:"params"`  //The request parameters (both from URL and body)
	Body       []*BodyRule              `yaml:"body"`    //The string to search for in the body
}

Holds all the information in the request field of the rule YAML file

type ResponseRule 

type ResponseRule struct {
	Code    *RuleSearchMode `yaml:"code"`    //The modes to search on the status code
	Headers []*HeadersRule  `yaml:"headers"` //The headers to be checked
	Body    []*BodyRule     `yaml:"body"`    //The string to search for in the body
}

Holds all the information in the response field of the rule YAML file

type Rule 

type Rule struct {
	Id       string        `yaml:"id"`       //The ID of the rule (should be unique)
	Info     *RuleInfo     `yaml:"info"`     //The info structure
	Request  *RequestRule  `yaml:"request"`  //The request matchers
	Response *ResponseRule `yaml:"response"` //The response matchers
}

Structure which holds all the information about the rule parsed from the rule.yaml file

func LoadRulesFromDirectory 

func LoadRulesFromDirectory(rulesDirectory string, logger logging.ILogger) ([]Rule, error)

Loads all the rules that can be found in the specified directory Pass the logger as a parameter for better view of the problems @param rulesDirectory - the directory from which the rules should be pulled @param logger - the logger to be used to display the errors If the directory cannot be opened to read all the files in it then an error is returned

func (*Rule) FromYAML 

func (yr *Rule) FromYAML(r io.Reader) error

Function to read the yaml rule from a reader into the struct

type RuleInfo 

type RuleInfo struct {
	Name           string `yaml:"name"`           //The name of the rule
	Description    string `yaml:"description"`    //The description of the rule
	Severity       string `yaml:"severity"`       //The severity of the rule, in the string representation
	Classification string `yaml:"classification"` //The classification if it matches, in the string representation
}

Holds all the information in the info field of the rule.yaml files

type RuleRunner 

type RuleRunner struct {
	// contains filtered or unexported fields
}

Structure which will hold all the necessary data to match the rules on the request and the response

func NewRuleRunner 

func NewRuleRunner(logger logging.ILogger, rules []Rule, apiWsConn *websocket.APIWebSocketConnection, configuration config.Configuration) *RuleRunner

Creates a new rule runner struct

func (*RuleRunner) RunRulesOnRequest 

func (rl *RuleRunner) RunRulesOnRequest(r *http.Request) ([]*data.RuleFindingData, error)

Run all the rules on the request @param r - the http request to operate on Returns a list of findings or an error if something occured

func (*RuleRunner) RunRulesOnResponse 

func (rl *RuleRunner) RunRulesOnResponse(r *http.Response) ([]*data.RuleFindingData, error)

Run all the rules on the response @param r - the http response to operate on Returns a list of findings or an error if something occured

type RuleSearchMode 

type RuleSearchMode struct {
	Match string `yaml:"match"` //The string to match exactly
	Regex string `yaml:"regex"` //The regex used for searching
}

Holds all the modes the search can be made

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.