Documentation ¶
Index ¶
- type Action
- type ActionType
- type AuditLog
- type AuditLogConfig
- type AuditLogFormatter
- type AuditLogMessage
- type AuditLogMessageData
- type AuditLogTransaction
- type AuditLogTransactionProducer
- type AuditLogTransactionRequest
- type AuditLogTransactionRequestFiles
- type AuditLogTransactionResponse
- type AuditLogWriter
- type BodyProcessor
- type BodyProcessorOptions
- type Operator
- type OperatorFactory
- type OperatorOptions
- type Rule
- type RuleMetadata
- type TransactionState
- type TransactionVariables
- type Transformation
- type ValidateOpenAPI
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action interface { // Init initializes the action. Init(RuleMetadata, string) error // Evaluate evaluates the action. Evaluate(RuleMetadata, TransactionState) // Type returns the type of action. Type() ActionType }
Action is an action that can be used within a rule.
type ActionType ¶
type ActionType int
ActionType is used to define when an action is going to be triggered
const ( // ActionTypeMetadata is used to provide more information about rules. ActionTypeMetadata ActionType = 1 // ActionTypeDisruptive is used to make the integrator do something like drop the request. ActionTypeDisruptive ActionType = 2 // ActionTypeData Not really actions, these are mere containers that hold data used by other actions. ActionTypeData ActionType = 3 // ActionTypeNondisruptive is used to do something that does not affect the flow of the rule. ActionTypeNondisruptive ActionType = 4 // ActionTypeFlow is used to affect the rule flow (for example skip or skipAfter). ActionTypeFlow ActionType = 5 )
type AuditLog ¶
type AuditLog interface { Parts() types.AuditLogParts Transaction() AuditLogTransaction Messages() []AuditLogMessage }
AuditLog represents the main struct for audit log data
type AuditLogConfig ¶
type AuditLogConfig struct { // Target is the path to the file to write the raw audit log to. Target string // FileMode is the mode to use when creating File. FileMode fs.FileMode // Dir is the path to the directory to write formatted audit logs to. Dir string // DirMode is the mode to use when creating Dir. DirMode fs.FileMode // Formatter is the formatter to use when writing formatted audit logs. Formatter AuditLogFormatter }
AuditLogConfig is the configuration of a Writer.
type AuditLogFormatter ¶
AuditLogFormatter formats an audit log to a byte slice.
type AuditLogMessage ¶
type AuditLogMessage interface { Actionset() string Message() string Data() AuditLogMessageData }
AuditLogMessage contains information about the triggered rules
type AuditLogMessageData ¶
type AuditLogMessageData interface { File() string Line() int ID() int Rev() string Msg() string Data() string Severity() types.RuleSeverity Ver() string Maturity() int Accuracy() int Tags() []string Raw() string }
AuditLogMessageData contains information about the triggered rules in detail
type AuditLogTransaction ¶
type AuditLogTransaction interface { Timestamp() string UnixTimestamp() int64 ID() string ClientIP() string ClientPort() int HostIP() string HostPort() int ServerID() string Request() AuditLogTransactionRequest HasRequest() bool Response() AuditLogTransactionResponse HasResponse() bool Producer() AuditLogTransactionProducer }
AuditLogTransaction contains transaction specific information
type AuditLogTransactionProducer ¶
type AuditLogTransactionProducer interface { Connector() string Version() string Server() string RuleEngine() string Stopwatch() string Rulesets() []string }
AuditLogTransactionProducer contains producer specific information for debugging
type AuditLogTransactionRequest ¶
type AuditLogTransactionRequest interface { Method() string Protocol() string URI() string HTTPVersion() string Headers() map[string][]string Body() string Files() []AuditLogTransactionRequestFiles }
AuditLogTransactionRequest contains request specific information
type AuditLogTransactionRequestFiles ¶
AuditLogTransactionRequestFiles contains information for the uploaded files using multipart forms
type AuditLogTransactionResponse ¶
type AuditLogTransactionResponse interface { Protocol() string Status() int Headers() map[string][]string Body() string }
AuditLogTransactionResponse contains response specific information
type AuditLogWriter ¶
type AuditLogWriter interface { // Init the writer requires previous preparations Init(AuditLogConfig) error // Write the audit log to the output destination. // Using the Formatter is mandatory to generate a "readable" audit log // It is not sent as a bslice because some writers may require some Audit // metadata. Write(AuditLog) error // Close the writer if required Close() error }
AuditLogWriter is the interface for all log writers. It receives an auditlog and writes it to the output stream An output stream may be a file, a socket, an URL, etc
type BodyProcessor ¶
type BodyProcessor interface { ProcessRequest(reader io.Reader, variables TransactionVariables, options BodyProcessorOptions) error ProcessResponse(reader io.Reader, variables TransactionVariables, options BodyProcessorOptions) error }
BodyProcessor interface is used to create body processors for different content-types. They are able to read the body, force a collection. Hook to some variable and return data based on special expressions like XPATH, JQ, etc.
type BodyProcessorOptions ¶
type BodyProcessorOptions struct { // Mime is the type of the body, it may contain parameters // like charset, boundary, etc. Mime string // StoragePath is the path where the body will be stored StoragePath string // FileMode is the mode of the file that will be created FileMode fs.FileMode // DirMode is the mode of the directory that will be created DirMode fs.FileMode }
BodyProcessorOptions are used by BodyProcessors to provide some settings like a path to store temporary files. Implementations may ignore the options.
type Operator ¶
type Operator interface { // Evaluate is used during the rule evaluation, // it returns true if the operator succeeded against // the input data for the transaction Evaluate(TransactionState, string) bool }
Operator interface is used to define rule @operators
type OperatorFactory ¶
type OperatorFactory func(options OperatorOptions) (Operator, error)
type OperatorOptions ¶
type OperatorOptions struct { // Arguments is used to store the operator args Arguments string // Path is used to store a list of possible data paths Path []string // Root is the root to resolve Path from. Root fs.FS // Datasets contains input datasets or dictionaries Datasets map[string][]string }
OperatorOptions is used to store the options for a rule operator
type Rule ¶
type Rule interface { // Evaluate evaluates the rule, returning data related to matches if any. Evaluate(state TransactionState) []types.MatchData }
Rule is a rule executed against a transaction.
type RuleMetadata ¶
type RuleMetadata interface { // GetID returns the ID of the rule. ID() int // GetParentID returns the ID of the parent of the rule for a chained rule. ParentID() int // Status returns the status to set if the rule matches. Status() int }
RuleMetadata is information about a rule parsed from directives.
type TransactionState ¶
type TransactionState interface { // ID returns the ID of the transaction. ID() string // TODO(anuraaga): If only for logging, can be built into logger // Variables returns the TransactionVariables of the transaction. Variables() TransactionVariables // Collection returns a collection from the transaction. Collection(idx variables.RuleVariable) collection.Collection // Interrupt interrupts the transaction. Interrupt(interruption *types.Interruption) // DebugLogger returns the logger for this transaction. DebugLogger() debuglog.Logger // Capturing returns whether the transaction is capturing. CaptureField only works if capturing, this can be used // as an optimization to avoid processing specific to capturing fields. Capturing() bool // TODO(anuraaga): Only needed in operators? // CaptureField captures a field. CaptureField(idx int, value string) LastPhase() types.RulePhase }
TransactionState tracks the state of a transaction for use in actions and operators.
type TransactionVariables ¶
type TransactionVariables interface { // All iterates over all the variables in this TransactionVariables, invoking f for each. // Results are passed in no defined order. If f returns false, iteration stops. All(f func(v variables.RuleVariable, col collection.Collection) bool) // Simple Variables UrlencodedError() collection.Single ResponseContentType() collection.Single UniqueID() collection.Single ArgsCombinedSize() collection.Collection FilesCombinedSize() collection.Single FullRequestLength() collection.Single InboundDataError() collection.Single MatchedVar() collection.Single MatchedVarName() collection.Single MultipartDataAfter() collection.Single MultipartPartHeaders() collection.Map OutboundDataError() collection.Single QueryString() collection.Single RemoteAddr() collection.Single RemoteHost() collection.Single RemotePort() collection.Single RequestBodyError() collection.Single RequestBodyErrorMsg() collection.Single RequestBodyProcessorError() collection.Single RequestBodyProcessorErrorMsg() collection.Single RequestBodyProcessor() collection.Single RequestBasename() collection.Single RequestBody() collection.Single RequestBodyLength() collection.Single RequestFilename() collection.Single RequestLine() collection.Single RequestMethod() collection.Single RequestProtocol() collection.Single RequestURI() collection.Single RequestURIRaw() collection.Single ResponseBody() collection.Single ResponseArgs() collection.Map ResponseContentLength() collection.Single ResponseProtocol() collection.Single ResponseStatus() collection.Single ResponseBodyProcessor() collection.Single ServerAddr() collection.Single ServerName() collection.Single ServerPort() collection.Single HighestSeverity() collection.Single StatusLine() collection.Single Env() collection.Map TX() collection.Map Rule() collection.Map Duration() collection.Single Args() collection.Keyed ArgsGet() collection.Map ArgsPost() collection.Map ArgsPath() collection.Map FilesTmpNames() collection.Map Geo() collection.Map Files() collection.Map RequestCookies() collection.Map RequestHeaders() collection.Map ResponseHeaders() collection.Map MultipartName() collection.Map MatchedVarsNames() collection.Collection MultipartFilename() collection.Map MatchedVars() collection.Map FilesSizes() collection.Map FilesNames() collection.Map FilesTmpContent() collection.Map ResponseHeadersNames() collection.Collection RequestHeadersNames() collection.Collection RequestCookiesNames() collection.Collection XML() collection.Map RequestXML() collection.Map ResponseXML() collection.Map ArgsNames() collection.Collection ArgsGetNames() collection.Collection ArgsPostNames() collection.Collection }
TransactionVariables has pointers to all the variables of the transaction
type Transformation ¶
Transformation is used to create transformation plugins See the documentation for more information If a transformation fails to run it will return the same string and an error, errors are only used for logging, it won't stop the execution of the rule
type ValidateOpenAPI ¶
type ValidateOpenAPI = func(input string)