processor

package

v2.32.2 Latest Latest Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nginx/agent

Links

Open Source Insights

Documentation ¶

Index ¶

func NewMetadata(timestamp *types.Timestamp, correlationID string) (*pb.Metadata, error)
type BADMSG
type Client
- func GetClient(cfg *Config) (*Client, error)
- func (c *Client) Process(ctx context.Context, wg *sync.WaitGroup, collected <-chan *monitoring.RawLog, ...)
type Config
type Cookie
type Eventer
type Header
type NAPConfig
- func (f *NAPConfig) GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*models.Event, error)
type ParamData
type ParameterData
type UriObjectData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewMetadata ¶

func NewMetadata(timestamp *types.Timestamp, correlationID string) (*pb.Metadata, error)

NewMetadata provides the event metadata for a given timestamp and correlationID.

Types ¶

type BADMSG ¶

type BADMSG struct {
	XMLName        xml.Name `xml:"BAD_MSG"`
	Text           string   `xml:",chardata"`
	ViolationMasks struct {
		Text    string `xml:",chardata"`
		Block   string `xml:"block"`
		Alarm   string `xml:"alarm"`
		Learn   string `xml:"learn"`
		Staging string `xml:"staging"`
	} `xml:"violation_masks"`
	RequestViolations struct {
		Text       string `xml:",chardata"`
		Violations []struct {
			Text      string `xml:",chardata"`
			ViolIndex string `xml:"viol_index"`
			ViolName  string `xml:"viol_name"`
			Context   string `xml:"context"`
			// ParameterData and ParamData are both received when context == "parameter" | ""
			// We receive either ParameterData or ParamData separately and not in the same XML message
			// ParameterData and ParamData semantically represent the same thing (with ParameterData having more fields).
			ParameterData     ParameterData `xml:"parameter_data"`
			ParamData         ParamData     `xml:"param_data"`
			ParamName         string        `xml:"param_name"`
			IsBase64Decoded   bool          `xml:"is_base64_decoded"`
			Header            Header        `xml:"header"`
			HeaderData        Header        `xml:"header_data"`
			HeaderName        string        `xml:"header_name"`
			HeaderLength      string        `xml:"header_len"`
			HeaderLengthLimit string        `xml:"header_len_limit"`
			Cookie            Cookie        `xml:"cookie"`
			CookieName        string        `xml:"cookie_name"`
			CookieLength      string        `xml:"cookie_len"`
			CookieLengthLimit string        `xml:"cookie_len_limit"`
			Buffer            string        `xml:"buffer"`
			SpecificDesc      string        `xml:"specific_desc"`
			Uri               string        `xml:"uri"`
			UriObjectData     UriObjectData `xml:"object_data"`
			UriLength         string        `xml:"uri_len"`
			UriLengthLimit    string        `xml:"uri_len_limit"`
			DefinedLength     string        `xml:"defined_length"`
			DetectedLength    string        `xml:"detected_length"`
			TotalLen          string        `xml:"total_len"`
			TotalLenLimit     string        `xml:"total_len_limit"`
			Staging           string        `xml:"staging"`
			SigData           []struct {
				Text         string `xml:",chardata"`
				SigID        string `xml:"sig_id"`
				BlockingMask string `xml:"blocking_mask"`
				KwData       struct {
					Text   string `xml:",chardata"`
					Buffer string `xml:"buffer"`
					Offset string `xml:"offset"`
					Length string `xml:"length"`
				} `xml:"kw_data"`
			} `xml:"sig_data"`
			HTTPSanityChecksStatus string   `xml:"http_sanity_checks_status"`
			HTTPSubViolationStatus string   `xml:"http_sub_violation_status"`
			HTTPSubViolation       string   `xml:"http_sub_violation"`
			WildcardEntity         string   `xml:"wildcard_entity"`
			LanguageType           string   `xml:"language_type"`
			MetacharIndex          []string `xml:"metachar_index"`
		} `xml:"violation"`
	} `xml:"request-violations"`
}

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client for Processor with capability of logging.

func GetClient ¶

func GetClient(cfg *Config) (*Client, error)

GetClient gives you a Client for processing.

func (*Client) Process ¶

func (c *Client) Process(ctx context.Context, wg *sync.WaitGroup, collected <-chan *monitoring.RawLog, processed chan<- *pb.Event)

Process processes the raw log entries from collected chan into Security Events on processed chan.

type Config ¶

type Config struct {
	Logger     *logrus.Entry
	Workers    int
	CommonDims *metrics.CommonDim
}

Config holds the config for Processor.

type Cookie struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"cookie_name"`
	Value           string `xml:"cookie_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type Eventer ¶

type Eventer interface {
	// GetEvent will generate a protobuf Security Event
	GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*pb.Event, error)
}

Eventer is the interface implemented to generate an Event from a log entry.

type Header ¶

type Header struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"header_name"`
	Value           string `xml:"header_value"`
	ActualValue     string `xml:"header_actual_value"`
	MatchedValue    string `xml:"header_matched_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type NAPConfig ¶

type NAPConfig struct {
	DateTime                 string
	BlockingExceptionReason  string
	HTTPServerPort           string
	HTTPRemoteAddr           string
	IsTruncated              string
	HTTPRequestMethod        string
	PolicyName               string
	Protocol                 string
	RequestStatus            string
	HTTPResponseCode         string
	Severity                 string
	SignatureCVEs            string
	SigSetNames              string
	HTTPRemotePort           string
	SubViolations            string
	SupportID                string
	ThreatCampaignNames      string
	UnitHostname             string
	HTTPURI                  string
	ViolationRating          string
	HTTPHostname             string
	XForwardedForHeaderVal   string
	RequestOutcome           string
	RequestOutcomeReason     string
	Violations               string
	ViolationDetailsXML      *BADMSG
	BotSignatureName         string
	BotCategory              string
	BotAnomalies             string
	EnforcedBotAnomalies     string
	ClientClass              string
	ClientApplication        string
	ClientApplicationVersion string
	Request                  string
	TransportProtocol        string
	ViolationContext         string
}

func (*NAPConfig) GetEvent ¶

func (f *NAPConfig) GetEvent(hostPattern *regexp.Regexp, logger *logrus.Entry) (*models.Event, error)

GetEvent will generate a protobuf Security Event.

type ParamData ¶

type ParamData struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"param_name"`
	Value           string `xml:"param_value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type ParameterData ¶

type ParameterData struct {
	Text            string `xml:",chardata"`
	Name            string `xml:"name"`
	Value           string `xml:"value"`
	IsBase64Decoded bool   `xml:"is_base64_decoded"`
}

type UriObjectData ¶ added in v2.25.0

type UriObjectData struct {
	Text   string `xml:",chardata"`
	Object string `xml:"object"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL