corazarules

package
v1.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 7, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MatchData

type MatchData struct {
	// Variable
	Variable_ variables.RuleVariable
	// Key of the variable, blank if no key is required
	Key_ string
	// Value of the current VARIABLE:KEY
	Value_ string
	// Macro expanded message
	Message_ string
	// Macro expanded logdata
	Data_ string
	// Keeps track of the chain depth in which the data matched.
	// Multiphase specific field
	ChainLevel_ int
}

MatchData works like VariableKey but is used for logging, so it contains the collection as a string, and it's value

func (*MatchData) ChainLevel

func (m *MatchData) ChainLevel() int

func (*MatchData) Data

func (m *MatchData) Data() string

func (*MatchData) Key

func (m *MatchData) Key() string

func (*MatchData) Message

func (m *MatchData) Message() string

func (*MatchData) Value

func (m *MatchData) Value() string

func (*MatchData) Variable

func (m *MatchData) Variable() variables.RuleVariable

type MatchedRule

type MatchedRule struct {
	// Macro expanded message
	Message_ string
	// Macro expanded logdata
	Data_ string
	// Full request uri unparsed
	URI_ string
	// Transaction id
	TransactionID_ string
	// Is disruptive
	Disruptive_ bool
	// Server IP address
	ServerIPAddress_ string
	// Client IP address
	ClientIPAddress_ string
	// A slice of matched variables
	MatchedDatas_ []types.MatchData

	Rule_ types.RuleMetadata
}

MatchedRule contains a list of macro expanded messages, matched variables and a pointer to the rule

func (MatchedRule) AuditLog

func (mr MatchedRule) AuditLog() string

AuditLog transforms the matched rule into an error log using the legacy Modsecurity syntax

func (*MatchedRule) ClientIPAddress

func (mr *MatchedRule) ClientIPAddress() string

func (*MatchedRule) Data

func (mr *MatchedRule) Data() string

func (*MatchedRule) Disruptive

func (mr *MatchedRule) Disruptive() bool

func (MatchedRule) ErrorLog

func (mr MatchedRule) ErrorLog() string

ErrorLog returns the same as audit log but without matchData

func (*MatchedRule) MatchedDatas

func (mr *MatchedRule) MatchedDatas() []types.MatchData

func (*MatchedRule) Message

func (mr *MatchedRule) Message() string

func (*MatchedRule) Rule

func (mr *MatchedRule) Rule() types.RuleMetadata

func (*MatchedRule) ServerIPAddress

func (mr *MatchedRule) ServerIPAddress() string

func (*MatchedRule) TransactionID

func (mr *MatchedRule) TransactionID() string

func (*MatchedRule) URI

func (mr *MatchedRule) URI() string

type RuleMetadata

type RuleMetadata struct {
	ID_       int
	File_     string
	Line_     int
	Rev_      string
	Severity_ types.RuleSeverity
	Version_  string
	Tags_     []string
	Maturity_ int
	Accuracy_ int
	Operator_ string
	Phase_    types.RulePhase
	Raw_      string
	SecMark_  string
}

RuleMetadata is used to store rule metadata that can be used across packages

func (*RuleMetadata) Accuracy

func (r *RuleMetadata) Accuracy() int

func (*RuleMetadata) File

func (r *RuleMetadata) File() string

func (*RuleMetadata) ID

func (r *RuleMetadata) ID() int

func (*RuleMetadata) Line

func (r *RuleMetadata) Line() int

func (*RuleMetadata) Maturity

func (r *RuleMetadata) Maturity() int

func (*RuleMetadata) Operator

func (r *RuleMetadata) Operator() string

func (*RuleMetadata) Phase

func (r *RuleMetadata) Phase() types.RulePhase

func (*RuleMetadata) Raw

func (r *RuleMetadata) Raw() string

func (*RuleMetadata) Revision

func (r *RuleMetadata) Revision() string

func (*RuleMetadata) SecMark

func (r *RuleMetadata) SecMark() string

func (*RuleMetadata) Severity

func (r *RuleMetadata) Severity() types.RuleSeverity

func (*RuleMetadata) Tags

func (r *RuleMetadata) Tags() []string

func (*RuleMetadata) Version

func (r *RuleMetadata) Version() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL