plugintypes

package
v1.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action

type Action interface {
	// Init initializes the action.
	Init(RuleMetadata, string) error

	// Evaluate evaluates the action.
	Evaluate(RuleMetadata, TransactionState)

	// Type returns the type of action.
	Type() ActionType
}

Action is an action that can be used within a rule.

type ActionType

type ActionType int

ActionType is used to define when an action is going to be triggered

const (
	// ActionTypeMetadata is used to provide more information about rules.
	ActionTypeMetadata ActionType = 1
	// ActionTypeDisruptive is used to make the integrator do something like drop the request.
	ActionTypeDisruptive ActionType = 2
	// ActionTypeData Not really actions, these are mere containers that hold data used by other actions.
	ActionTypeData ActionType = 3
	// ActionTypeNondisruptive is used to do something that does not affect the flow of the rule.
	ActionTypeNondisruptive ActionType = 4
	// ActionTypeFlow is used to affect the rule flow (for example skip or skipAfter).
	ActionTypeFlow ActionType = 5
)

type AuditLog

type AuditLog interface {
	Parts() types.AuditLogParts
	Transaction() AuditLogTransaction
	Messages() []AuditLogMessage
}

AuditLog represents the main struct for audit log data

type AuditLogConfig

type AuditLogConfig struct {
	// Target is the path to the file to write the raw audit log to.
	Target string

	// FileMode is the mode to use when creating File.
	FileMode fs.FileMode

	// Dir is the path to the directory to write formatted audit logs to.
	Dir string

	// DirMode is the mode to use when creating Dir.
	DirMode fs.FileMode

	// Formatter is the formatter to use when writing formatted audit logs.
	Formatter AuditLogFormatter
}

AuditLogConfig is the configuration of a Writer.

type AuditLogFormatter

type AuditLogFormatter func(AuditLog) ([]byte, error)

AuditLogFormatter formats an audit log to a byte slice.

type AuditLogMessage

type AuditLogMessage interface {
	Actionset() string
	Message() string
	Data() AuditLogMessageData
}

AuditLogMessage contains information about the triggered rules

type AuditLogMessageData

type AuditLogMessageData interface {
	File() string
	Line() int
	ID() int
	Rev() string
	Msg() string
	Data() string
	Severity() types.RuleSeverity
	Ver() string
	Maturity() int
	Accuracy() int
	Tags() []string
	Raw() string
}

AuditLogMessageData contains information about the triggered rules in detail

type AuditLogTransaction

type AuditLogTransaction interface {
	Timestamp() string
	UnixTimestamp() int64
	ID() string
	ClientIP() string
	ClientPort() int
	HostIP() string
	HostPort() int
	ServerID() string
	Request() AuditLogTransactionRequest
	HasRequest() bool
	Response() AuditLogTransactionResponse
	HasResponse() bool
	Producer() AuditLogTransactionProducer
}

AuditLogTransaction contains transaction specific information

type AuditLogTransactionProducer

type AuditLogTransactionProducer interface {
	Connector() string
	Version() string
	Server() string
	RuleEngine() string
	Stopwatch() string
	Rulesets() []string
}

AuditLogTransactionProducer contains producer specific information for debugging

type AuditLogTransactionRequest

type AuditLogTransactionRequest interface {
	Method() string
	Protocol() string
	URI() string
	HTTPVersion() string
	Headers() map[string][]string
	Body() string
	Files() []AuditLogTransactionRequestFiles
}

AuditLogTransactionRequest contains request specific information

type AuditLogTransactionRequestFiles

type AuditLogTransactionRequestFiles interface {
	Name() string
	Size() int64
	Mime() string
}

AuditLogTransactionRequestFiles contains information for the uploaded files using multipart forms

type AuditLogTransactionResponse

type AuditLogTransactionResponse interface {
	Protocol() string
	Status() int
	Headers() map[string][]string
	Body() string
}

AuditLogTransactionResponse contains response specific information

type AuditLogWriter

type AuditLogWriter interface {
	// Init the writer requires previous preparations
	Init(AuditLogConfig) error
	// Write the audit log to the output destination.
	// Using the Formatter is mandatory to generate a "readable" audit log
	// It is not sent as a bslice because some writers may require some Audit
	// metadata.
	Write(AuditLog) error
	// Close the writer if required
	Close() error
}

AuditLogWriter is the interface for all log writers. It receives an auditlog and writes it to the output stream An output stream may be a file, a socket, an URL, etc

type BodyProcessor

type BodyProcessor interface {
	ProcessRequest(reader io.Reader, variables TransactionVariables, options BodyProcessorOptions) error
	ProcessResponse(reader io.Reader, variables TransactionVariables, options BodyProcessorOptions) error
}

BodyProcessor interface is used to create body processors for different content-types. They are able to read the body, force a collection. Hook to some variable and return data based on special expressions like XPATH, JQ, etc.

type BodyProcessorOptions

type BodyProcessorOptions struct {
	// Mime is the type of the body, it may contain parameters
	// like charset, boundary, etc.
	Mime string
	// StoragePath is the path where the body will be stored
	StoragePath string
	// FileMode is the mode of the file that will be created
	FileMode fs.FileMode
	// DirMode is the mode of the directory that will be created
	DirMode fs.FileMode
}

BodyProcessorOptions are used by BodyProcessors to provide some settings like a path to store temporary files. Implementations may ignore the options.

type Operator

type Operator interface {
	// Evaluate is used during the rule evaluation,
	// it returns true if the operator succeeded against
	// the input data for the transaction
	Evaluate(TransactionState, string) bool
}

Operator interface is used to define rule @operators

type OperatorFactory

type OperatorFactory func(options OperatorOptions) (Operator, error)

type OperatorOptions

type OperatorOptions struct {
	// Arguments is used to store the operator args
	Arguments string

	// Path is used to store a list of possible data paths
	Path []string

	// Root is the root to resolve Path from.
	Root fs.FS

	// Datasets contains input datasets or dictionaries
	Datasets map[string][]string
}

OperatorOptions is used to store the options for a rule operator

type Rule

type Rule interface {
	// Evaluate evaluates the rule, returning data related to matches if any.
	Evaluate(state TransactionState) []types.MatchData
}

Rule is a rule executed against a transaction.

type RuleMetadata

type RuleMetadata interface {
	// GetID returns the ID of the rule.
	ID() int

	// GetParentID returns the ID of the parent of the rule for a chained rule.
	ParentID() int

	// Status returns the status to set if the rule matches.
	Status() int
}

RuleMetadata is information about a rule parsed from directives.

type TransactionState

type TransactionState interface {
	// ID returns the ID of the transaction.
	ID() string // TODO(anuraaga): If only for logging, can be built into logger

	// Variables returns the TransactionVariables of the transaction.
	Variables() TransactionVariables

	// Collection returns a collection from the transaction.
	Collection(idx variables.RuleVariable) collection.Collection

	// Interrupt interrupts the transaction.
	Interrupt(interruption *types.Interruption)

	// DebugLogger returns the logger for this transaction.
	DebugLogger() debuglog.Logger

	// Capturing returns whether the transaction is capturing. CaptureField only works if capturing, this can be used
	// as an optimization to avoid processing specific to capturing fields.
	Capturing() bool // TODO(anuraaga): Only needed in operators?

	// CaptureField captures a field.
	CaptureField(idx int, value string)

	LastPhase() types.RulePhase
}

TransactionState tracks the state of a transaction for use in actions and operators.

type TransactionVariables

type TransactionVariables interface {
	// All iterates over all the variables in this TransactionVariables, invoking f for each.
	// Results are passed in no defined order. If f returns false, iteration stops.
	All(f func(v variables.RuleVariable, col collection.Collection) bool)

	// Simple Variables
	UrlencodedError() collection.Single
	ResponseContentType() collection.Single
	UniqueID() collection.Single
	ArgsCombinedSize() collection.Collection
	FilesCombinedSize() collection.Single
	FullRequestLength() collection.Single
	InboundDataError() collection.Single
	MatchedVar() collection.Single
	MatchedVarName() collection.Single
	MultipartDataAfter() collection.Single
	MultipartPartHeaders() collection.Map
	OutboundDataError() collection.Single
	QueryString() collection.Single
	RemoteAddr() collection.Single
	RemoteHost() collection.Single
	RemotePort() collection.Single
	RequestBodyError() collection.Single
	RequestBodyErrorMsg() collection.Single
	RequestBodyProcessorError() collection.Single
	RequestBodyProcessorErrorMsg() collection.Single
	RequestBodyProcessor() collection.Single
	RequestBasename() collection.Single
	RequestBody() collection.Single
	RequestBodyLength() collection.Single
	RequestFilename() collection.Single
	RequestLine() collection.Single
	RequestMethod() collection.Single
	RequestProtocol() collection.Single
	RequestURI() collection.Single
	RequestURIRaw() collection.Single
	ResponseBody() collection.Single
	ResponseArgs() collection.Map
	ResponseContentLength() collection.Single
	ResponseProtocol() collection.Single
	ResponseStatus() collection.Single
	ResponseBodyProcessor() collection.Single
	ServerAddr() collection.Single
	ServerName() collection.Single
	ServerPort() collection.Single
	HighestSeverity() collection.Single
	StatusLine() collection.Single
	Env() collection.Map
	TX() collection.Map
	Rule() collection.Map
	Duration() collection.Single
	Args() collection.Keyed
	ArgsGet() collection.Map
	ArgsPost() collection.Map
	ArgsPath() collection.Map
	FilesTmpNames() collection.Map
	Geo() collection.Map
	Files() collection.Map
	RequestCookies() collection.Map
	RequestHeaders() collection.Map
	ResponseHeaders() collection.Map
	MultipartName() collection.Map
	MatchedVarsNames() collection.Collection
	MultipartFilename() collection.Map
	MatchedVars() collection.Map
	FilesSizes() collection.Map
	FilesNames() collection.Map
	FilesTmpContent() collection.Map
	ResponseHeadersNames() collection.Collection
	RequestHeadersNames() collection.Collection
	RequestCookiesNames() collection.Collection
	XML() collection.Map
	RequestXML() collection.Map
	ResponseXML() collection.Map
	ArgsNames() collection.Collection
	ArgsGetNames() collection.Collection
	ArgsPostNames() collection.Collection
}

TransactionVariables has pointers to all the variables of the transaction

type Transformation

type Transformation = func(input string) (string, bool, error)

Transformation is used to create transformation plugins See the documentation for more information If a transformation fails to run it will return the same string and an error, errors are only used for logging, it won't stop the execution of the rule

type ValidateOpenAPI

type ValidateOpenAPI = func(input string)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL