corazarules

package
v3.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 26, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DisruptiveActionMap = map[string]DisruptiveAction{
	"allow":    DisruptiveActionAllow,
	"deny":     DisruptiveActionDeny,
	"drop":     DisruptiveActionDrop,
	"pass":     DisruptiveActionPass,
	"redirect": DisruptiveActionRedirect,
}

Functions

This section is empty.

Types

type DisruptiveAction 

type DisruptiveAction int

ActionName is used to identify an action. 

const (
	DisruptiveActionUnknown DisruptiveAction = iota
	DisruptiveActionAllow
	DisruptiveActionDeny
	DisruptiveActionDrop
	DisruptiveActionPass
	DisruptiveActionRedirect
)

type MatchData 

type MatchData struct {
	// Variable
	Variable_ variables.RuleVariable
	// Key of the variable, blank if no key is required
	Key_ string
	// Value of the current VARIABLE:KEY
	Value_ string
	// Macro expanded message
	Message_ string
	// Macro expanded logdata
	Data_ string
	// Keeps track of the chain depth in which the data matched.
	// Multiphase specific field
	ChainLevel_ int
}

MatchData works like VariableKey but is used for logging, so it contains the collection as a string, and it's value

func (*MatchData) ChainLevel 

func (m *MatchData) ChainLevel() int

func (*MatchData) Data 

func (m *MatchData) Data() string

func (*MatchData) Key 

func (m *MatchData) Key() string

func (*MatchData) Message 

func (m *MatchData) Message() string

func (*MatchData) Value 

func (m *MatchData) Value() string

func (*MatchData) Variable 

func (m *MatchData) Variable() variables.RuleVariable

type MatchedRule 

type MatchedRule struct {
	// Macro expanded message
	Message_ string
	// Macro expanded logdata
	Data_ string
	// Full request uri unparsed
	URI_ string
	// Transaction id
	TransactionID_ string
	// Is disruptive
	Disruptive_ bool
	// Name of the disruptive action
	// Note: not exposed in coraza v3.0.*
	DisruptiveAction_ DisruptiveAction
	// Is meant to be logged
	Log_ bool
	// Server IP address
	ServerIPAddress_ string
	// Client IP address
	ClientIPAddress_ string
	// A slice of matched variables
	MatchedDatas_ []types.MatchData

	Rule_ types.RuleMetadata

	Context_ context.Context
}

MatchedRule contains a list of macro expanded messages, matched variables and a pointer to the rule

func (MatchedRule) AuditLog 

func (mr MatchedRule) AuditLog() string

AuditLog transforms the matched rule into an error log using the legacy Modsecurity syntax

func (*MatchedRule) ClientIPAddress 

func (mr *MatchedRule) ClientIPAddress() string

func (*MatchedRule) Context 

func (mr *MatchedRule) Context() context.Context

Context returns the context associated with the transaction This is useful for logging purposes where you want to add additional information to the log. The context can be easily retrieved in the logger using an ancillary interface: ``` 

 type Contexter interface {
		Context() context.Context
	}

``` and then using it like this:

``` 

func errorLogCb(mr types.MatchedRule) {
     ctx := context.Background()
	 if ctxer, ok := mr.(Contexter); ok {
    	ctx = ctxer.Context()
	 }
     logger.Context(ctx).Error().Msg("...")
}

```

func (*MatchedRule) Data 

func (mr *MatchedRule) Data() string

func (*MatchedRule) Disruptive 

func (mr *MatchedRule) Disruptive() bool

func (MatchedRule) ErrorLog 

func (mr MatchedRule) ErrorLog() string

ErrorLog returns the same as audit log but without matchData

func (*MatchedRule) Log 

func (mr *MatchedRule) Log() bool

func (*MatchedRule) MatchedDatas 

func (mr *MatchedRule) MatchedDatas() []types.MatchData

func (*MatchedRule) Message 

func (mr *MatchedRule) Message() string

func (*MatchedRule) Rule 

func (mr *MatchedRule) Rule() types.RuleMetadata

func (*MatchedRule) ServerIPAddress 

func (mr *MatchedRule) ServerIPAddress() string

func (*MatchedRule) TransactionID 

func (mr *MatchedRule) TransactionID() string

func (*MatchedRule) URI 

func (mr *MatchedRule) URI() string

type RuleMetadata 

type RuleMetadata struct {
	ID_ int
	// Stores the string representation of the rule ID for logging purposes.
	// If the rule is part of a chain, the parent ID is used as log ID.
	// This approach prevents repeated computations in performance-critical sections, enhancing efficiency.
	// It is stored for performance reasons, avoiding to perfrom the computation multiple times in the hot path
	LogID_    string
	File_     string
	Line_     int
	Rev_      string
	Severity_ types.RuleSeverity
	Version_  string
	Tags_     []string
	Maturity_ int
	Accuracy_ int
	Operator_ string
	Phase_    types.RulePhase
	Raw_      string
	SecMark_  string
	// Contains the Id of the parent rule if you are inside
	// a chain. Otherwise, it will be 0
	ParentID_ int
}

RuleMetadata is used to store rule metadata that can be used across packages

func (*RuleMetadata) Accuracy 

func (r *RuleMetadata) Accuracy() int

func (*RuleMetadata) File 

func (r *RuleMetadata) File() string

func (*RuleMetadata) ID 

func (r *RuleMetadata) ID() int

func (*RuleMetadata) Line 

func (r *RuleMetadata) Line() int

func (*RuleMetadata) LogID 

func (r *RuleMetadata) LogID() string

func (*RuleMetadata) Maturity 

func (r *RuleMetadata) Maturity() int

func (*RuleMetadata) Operator 

func (r *RuleMetadata) Operator() string

func (*RuleMetadata) Phase 

func (r *RuleMetadata) Phase() types.RulePhase

func (*RuleMetadata) Raw 

func (r *RuleMetadata) Raw() string

func (*RuleMetadata) Revision 

func (r *RuleMetadata) Revision() string

func (*RuleMetadata) SecMark 

func (r *RuleMetadata) SecMark() string

func (*RuleMetadata) Severity 

func (r *RuleMetadata) Severity() types.RuleSeverity

func (*RuleMetadata) Tags 

func (r *RuleMetadata) Tags() []string

func (*RuleMetadata) Version 

func (r *RuleMetadata) Version() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.