corazawaf

package
v3.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 24, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsSSEContent added in v3.0.4 

func IsSSEContent(s string) bool

Types

type BodyBuffer 

type BodyBuffer struct {
	// contains filtered or unexported fields
}

BodyBuffer is used to read RequestBody and ResponseBody objects It will handle memory usage for buffering and processing It implements io.Copy(bodyBuffer, someReader) by inherit io.Writer

func NewBodyBuffer 

func NewBodyBuffer(options types.BodyBufferOptions) *BodyBuffer

NewBodyBuffer Initializes a body reader After writing memLimit bytes to the memory buffer, data will be written to a temporary file Temporary files will be written to tmpDir

func (*BodyBuffer) Reader 

func (br *BodyBuffer) Reader() (io.Reader, error)

Reader Returns a working reader for the body buffer in memory or file

func (*BodyBuffer) Reset 

func (br *BodyBuffer) Reset() error

Reset will reset buffers and delete temporary files

func (*BodyBuffer) Size 

func (br *BodyBuffer) Size() int64

Size returns the current size of the body buffer

func (*BodyBuffer) Write 

func (br *BodyBuffer) Write(data []byte) (n int, err error)

Write appends data to the body buffer by chunks You may dump io.Readers using io.Copy(br, reader)

func (*BodyBuffer) WriteTo 

func (br *BodyBuffer) WriteTo(w io.Writer) (int64, error)

type ByteLenger 

type ByteLenger interface {
	Len() int
}

ByteLenger returns the length in bytes of a data stream.

type Options 

type Options struct {
	ID      string
	Context context.Context
}

Options is used to pass options to the WAF instance

type Rule 

type Rule struct {
	corazarules.RuleMetadata

	// Capture is used by the transaction to tell the operator
	// to capture variables on TX:0-9
	Capture bool

	// Contains the child rule to chain, nil if there are no chains
	Chain *Rule

	// DisruptiveStatus is the status that will be set to interruptions
	// by disruptive rules
	DisruptiveStatus int

	// Message text to be macro expanded and logged
	// In future versions we might use a special type of string that
	// supports cached macro expansions. For performance
	Msg macro.Macro

	// Rule logdata
	LogData macro.Macro

	// If true, triggering this rule write to the error log
	Log bool

	// If true, triggering this rule write to the audit log
	Audit bool

	// If true, the transformations will be multi matched
	MultiMatch bool

	HasChain bool
	// contains filtered or unexported fields
}

Rule is used to test a Transaction against certain operators and execute actions

func NewRule 

func NewRule() *Rule

NewRule returns a new initialized rule By default, the rule is set to phase 2

func (*Rule) AddAction 

func (r *Rule) AddAction(name string, action plugintypes.Action) error

AddAction adds an action to the rule

func (*Rule) AddTransformation 

func (r *Rule) AddTransformation(name string, t plugintypes.Transformation) error

AddTransformation adds a transformation to the rule it fails if the transformation cannot be found

func (*Rule) AddVariable 

func (r *Rule) AddVariable(v variables.RuleVariable, key string, iscount bool) error

AddVariable adds a variable to the rule The key can be a regexp.Regexp, a string or nil, in case of regexp it will be used to match the variable, in case of string it will be a fixed match, in case of nil it will match everything

func (*Rule) AddVariableNegation 

func (r *Rule) AddVariableNegation(v variables.RuleVariable, key string) error

AddVariableNegation adds an exception to a variable It passes through if the variable is not used It returns an error if the selector is empty, or applied on an undefined rule for example: OK: SecRule ARGS|!ARGS:id "..." OK: SecRule !ARGS:id "..." ERROR: SecRule !ARGS: "..."

func (*Rule) ClearTransformations 

func (r *Rule) ClearTransformations()

ClearTransformations clears all the transformations it is mostly used by the "none" transformation

func (*Rule) Evaluate 

func (r *Rule) Evaluate(phase types.RulePhase, tx plugintypes.TransactionState, cache map[transformationKey]*transformationValue)

Evaluate will evaluate the current rule for the indicated transaction If the operator matches, actions will be evaluated, and it will return the matched variables, keys and values (MatchData)

func (*Rule) ParentID 

func (r *Rule) ParentID() int

func (*Rule) SetOperator 

func (r *Rule) SetOperator(operator plugintypes.Operator, functionName string, params string)

SetOperator sets the operator of the rule There can be only one operator per rule functionName and params are used for logging

func (*Rule) Status 

func (r *Rule) Status() int

type RuleGroup 

type RuleGroup struct {
	// contains filtered or unexported fields
}

RuleGroup is a collection of rules It contains all helpers required to manage the rules It is not concurrent safe, so it's not recommended to use it after compilation

func NewRuleGroup 

func NewRuleGroup() RuleGroup

NewRuleGroup creates an empty RuleGroup that can be attached to a WAF instance You might use this function to replace the rules and "reload" the WAF

func (*RuleGroup) Add 

func (rg *RuleGroup) Add(rule *Rule) error

Add a rule to the collection Will return an error if the ID is already used

func (*RuleGroup) Count 

func (rg *RuleGroup) Count() int

Count returns the count of rules

func (*RuleGroup) DeleteByID 

func (rg *RuleGroup) DeleteByID(id int)

DeleteByID removes a rule by its ID

func (*RuleGroup) DeleteByMsg 

func (rg *RuleGroup) DeleteByMsg(msg string)

DeleteByMsg deletes rules with the given message.

func (*RuleGroup) DeleteByRange 

func (rg *RuleGroup) DeleteByRange(start, end int)

DeleteByRange removes rules by their ID in a range

func (*RuleGroup) DeleteByTag 

func (rg *RuleGroup) DeleteByTag(tag string)

DeleteByTag deletes rules with the given tag.

func (*RuleGroup) Eval 

func (rg *RuleGroup) Eval(phase types.RulePhase, tx *Transaction) bool

Eval rules for the specified phase, between 1 and 5 Rules are evaluated in syntactic order and the evaluation finishes as soon as an interruption has been triggered. Returns true if transaction is disrupted

func (*RuleGroup) FindByID 

func (rg *RuleGroup) FindByID(id int) *Rule

FindByID return a Rule with the requested Id

func (*RuleGroup) GetRules 

func (rg *RuleGroup) GetRules() []Rule

GetRules returns the slice of rules,

type Transaction 

type Transaction struct {

	// This is used to store log messages
	// Deprecated since Coraza 3.0.5: this variable is not used, logdata values are stored in the matched rules
	Logdata string

	// Rules will be skipped after a rule with this SecMarker is found
	SkipAfter string

	// AllowType is used by the allow disruptive action to skip evaluating rules after being allowed
	AllowType corazatypes.AllowType

	// Copies from the WAF instance that may be overwritten by the ctl action
	AuditEngine               types.AuditEngineStatus
	AuditLogParts             types.AuditLogParts
	AuditLogFormat            string
	ForceRequestBodyVariable  bool
	RequestBodyAccess         bool
	RequestBodyLimit          int64
	ForceResponseBodyVariable bool
	ResponseBodyAccess        bool
	ResponseBodyLimit         int64
	RuleEngine                types.RuleEngineStatus
	HashEngine                bool
	HashEnforcement           bool

	// Will skip this number of rules, this value will be decreased on each skip
	Skip int

	// Actions with capture features will read the capture state from this field
	// We have currently removed this feature as Capture will always run
	// We must reuse it in the future
	Capture bool

	// Contains a WAF instance for the current transaction
	WAF *WAF

	// Timestamp of the request
	Timestamp int64
	// contains filtered or unexported fields
}

Transaction is created from a WAF instance to handle web requests and responses, it contains a copy of most WAF configurations that can be safely changed. Transactions are used to store all data like URLs, request and response headers. Transactions are used to evaluate rules by phase and generate disruptive actions. Disruptive actions can be read from *tx.Interruption. It is safe to manage multiple transactions but transactions themself are not thread safe

func (*Transaction) AddGetRequestArgument 

func (tx *Transaction) AddGetRequestArgument(key string, value string)

AddGetRequestArgument

func (*Transaction) AddPathRequestArgument 

func (tx *Transaction) AddPathRequestArgument(key string, value string)

AddPathRequestArgument

func (*Transaction) AddPostRequestArgument 

func (tx *Transaction) AddPostRequestArgument(key string, value string)

AddPostRequestArgument

func (*Transaction) AddRequestHeader 

func (tx *Transaction) AddRequestHeader(key string, value string)

AddRequestHeader Adds a request header

With this method it is possible to feed Coraza with a request header. Note: Golang's *http.Request object will not contain a "Host" header, and you might have to force it

func (*Transaction) AddResponseArgument 

func (tx *Transaction) AddResponseArgument(key string, value string)

AddResponseArgument

func (*Transaction) AddResponseHeader 

func (tx *Transaction) AddResponseHeader(key string, value string)

AddResponseHeader Adds a response header variable

With this method it is possible to feed Coraza with a response header.

func (*Transaction) AuditLog 

func (tx *Transaction) AuditLog() *auditlog.Log

AuditLog returns an AuditLog struct, used to write audit logs. It implies the log parts starts with A and ends with Z as in the types.ParseAuditLogParts.

func (*Transaction) CaptureField 

func (tx *Transaction) CaptureField(index int, value string)

CaptureField is used to set the TX:[index] variables by operators that supports capture, like @rx

func (*Transaction) Capturing 

func (tx *Transaction) Capturing() bool

func (*Transaction) Close 

func (tx *Transaction) Close() error

Close closes the transaction after phase 5 This method helps the GC to clean up the transaction faster and release resources It also allows caches the transaction back into the sync.Pool

func (*Transaction) Collection 

func (tx *Transaction) Collection(idx variables.RuleVariable) collection.Collection

func (*Transaction) DebugLogger 

func (tx *Transaction) DebugLogger() debuglog.Logger

func (*Transaction) ExtractGetArguments 

func (tx *Transaction) ExtractGetArguments(uri string)

ExtractGetArguments transforms an url encoded string to a map and creates ARGS_GET

func (*Transaction) GetField 

func (tx *Transaction) GetField(rv ruleVariableParams) []types.MatchData

GetField Retrieve data from collections applying exceptions In future releases we may remove the exceptions slice and make it easier to use

func (*Transaction) GetStopWatch 

func (tx *Transaction) GetStopWatch() string

GetStopWatch is used to debug phase durations Normally it should be named StopWatch() but it would be confusing

func (*Transaction) ID 

func (tx *Transaction) ID() string

func (*Transaction) Interrupt 

func (tx *Transaction) Interrupt(interruption *types.Interruption)

func (*Transaction) Interruption 

func (tx *Transaction) Interruption() *types.Interruption

func (*Transaction) IsInterrupted 

func (tx *Transaction) IsInterrupted() bool

IsInterrupted will return true if the transaction was interrupted

func (*Transaction) IsRequestBodyAccessible 

func (tx *Transaction) IsRequestBodyAccessible() bool

IsRequestBodyAccessible will return true if RequestBody access has been enabled by RequestBodyAccess

func (*Transaction) IsResponseBodyAccessible 

func (tx *Transaction) IsResponseBodyAccessible() bool

IsResponseBodyAccessible will return true if ResponseBody access has been enabled by ResponseBodyAccess

func (*Transaction) IsResponseBodyProcessable 

func (tx *Transaction) IsResponseBodyProcessable() bool

IsResponseBodyProcessable returns true if the response body meets the criteria to be processed, response headers must be set before this. The content-type response header must be in the SecResponseBodyMimeType This is used by webservers to choose whether to stream response buffers directly to the client or write them to Coraza's buffer.

func (*Transaction) IsRuleEngineOff 

func (tx *Transaction) IsRuleEngineOff() bool

IsRuleEngineOff will return true if RuleEngine is set to Off

func (*Transaction) LastPhase 

func (tx *Transaction) LastPhase() types.RulePhase

func (*Transaction) MatchRule 

func (tx *Transaction) MatchRule(r *Rule, mds []types.MatchData)

MatchRule Matches a rule to be logged

func (*Transaction) MatchedRules 

func (tx *Transaction) MatchedRules() []types.MatchedRule

func (*Transaction) ParseRequestReader 

func (tx *Transaction) ParseRequestReader(data io.Reader) (*types.Interruption, error)

ParseRequestReader Parses binary request including body, it does only support http/1.1 and http/1.0 This function does not run ProcessConnection This function will store in memory the whole reader, DON't USE IT FOR PRODUCTION yet

func (*Transaction) ProcessConnection 

func (tx *Transaction) ProcessConnection(client string, cPort int, server string, sPort int)

ProcessConnection should be called at very beginning of a request process, it is expected to be executed prior to the virtual host resolution, when the connection arrives on the server.

func (*Transaction) ProcessLogging 

func (tx *Transaction) ProcessLogging()

ProcessLogging Logging all information relative to this transaction. An error log At this point there is not need to hold the connection, the response can be delivered prior to the execution of this method.

func (*Transaction) ProcessRequestBody 

func (tx *Transaction) ProcessRequestBody() (*types.Interruption, error)

ProcessRequestBody Performs the analysis of the request body (if any)

This method perform the analysis on the request body. It is optional to call that function. If this API consumer already knows that there isn't a body for inspect it is recommended to skip this step.

Remember to check for a possible intervention.

func (*Transaction) ProcessRequestHeaders 

func (tx *Transaction) ProcessRequestHeaders() *types.Interruption

ProcessRequestHeaders Performs the analysis on the request readers.

This method perform the analysis on the request headers, notice however that the headers should be added prior to the execution of this function.

note: Remember to check for a possible intervention.

func (*Transaction) ProcessResponseBody 

func (tx *Transaction) ProcessResponseBody() (*types.Interruption, error)

ProcessResponseBody Perform the analysis of the the response body (if any)

This method perform the analysis on the response body. It is optional to call that method. If this API consumer already knows that there isn't a body for inspect it is recommended to skip this step.

note Remember to check for a possible intervention.

func (*Transaction) ProcessResponseHeaders 

func (tx *Transaction) ProcessResponseHeaders(code int, proto string) *types.Interruption

ProcessResponseHeaders Perform the analysis on the response readers.

This method perform the analysis on the response headers, notice however that the headers should be added prior to the execution of this function.

note: Remember to check for a possible intervention.

func (*Transaction) ProcessURI 

func (tx *Transaction) ProcessURI(uri string, method string, httpVersion string)

ProcessURI Performs the analysis on the URI and all the query string variables. This method should be called at very beginning of a request process, it is expected to be executed prior to the virtual host resolution, when the connection arrives on the server. note: There is no direct connection between this function and any phase of the SecLanguages phases. It is something that may occur between the SecLanguage phase 1 and 2.

note: This function won't add GET arguments, they must be added with AddArgument

func (*Transaction) ReadRequestBodyFrom 

func (tx *Transaction) ReadRequestBodyFrom(r io.Reader) (*types.Interruption, int, error)

ReadRequestBodyFrom writes bytes from a reader into the request body it returns an interruption if the writing bytes go beyond the request body limit. It won't read the reader if the body access isn't accessible.

func (*Transaction) ReadResponseBodyFrom 

func (tx *Transaction) ReadResponseBodyFrom(r io.Reader) (*types.Interruption, int, error)

ReadResponseBodyFrom writes bytes from a reader into the response body it returns an interruption if the writing bytes go beyond the response body limit. It won't read the reader if the body access isn't accessible.

func (*Transaction) RemoveRuleByID 

func (tx *Transaction) RemoveRuleByID(id int)

RemoveRuleByID Removes a rule from the transaction It does not affect the WAF rules

func (*Transaction) RemoveRuleTargetByID 

func (tx *Transaction) RemoveRuleTargetByID(id int, variable variables.RuleVariable, key string)

RemoveRuleTargetByID Removes the VARIABLE:KEY from the rule ID It's mostly used by CTL to dynamically remove targets from rules

func (*Transaction) RequestBodyReader 

func (tx *Transaction) RequestBodyReader() (io.Reader, error)

func (*Transaction) ResponseBodyReader 

func (tx *Transaction) ResponseBodyReader() (io.Reader, error)

func (*Transaction) SetDebugLogLevel 

func (tx *Transaction) SetDebugLogLevel(lvl debuglog.Level)

func (*Transaction) SetServerAddress added in v3.0.7 

func (tx *Transaction) SetServerAddress(addr string, port string)

设置tx.variables.serverAddr和tx.variables.serverPort

func (*Transaction) SetServerName 

func (tx *Transaction) SetServerName(serverName string)

SetServerName allows to set server name details.

The API consumer is in charge of retrieving the value (e.g. from the host header). It is expected to be executed before calling ProcessRequestHeaders.

func (*Transaction) String 

func (tx *Transaction) String() string

String will return a string with the transaction debug information

func (*Transaction) Variables 

func (tx *Transaction) Variables() plugintypes.TransactionVariables

func (*Transaction) WriteRequestBody 

func (tx *Transaction) WriteRequestBody(b []byte) (*types.Interruption, int, error)

WriteRequestBody writes bytes from a slice of bytes into the request body, it returns an interruption if the writing bytes go beyond the request body limit. It won't copy the bytes if the body access isn't accessible.

func (*Transaction) WriteRequestHeader added in v3.0.4 

func (tx *Transaction) WriteRequestHeader(req *http.Request)

新增将http.Request的请求头和Host写入requestHeader的方法

func (*Transaction) WriteResponseBody 

func (tx *Transaction) WriteResponseBody(b []byte, rw http.ResponseWriter) (*types.Interruption, int, error)

WriteResponseBody writes bytes from a slice of bytes into the response body, it returns an interruption if the writing bytes go beyond the response body limit. It won't copy the bytes if the body access isn't accessible. 为了支持SSE流式回答,新增http.ResponseWriter入参

func (*Transaction) WriteResponseHeader added in v3.0.4 

func (tx *Transaction) WriteResponseHeader(rw http.ResponseWriter)

将http.ResponseWriter中的头部信息写入到transaction的responseHeader中(字符串形式)

type TransactionVariables 

type TransactionVariables struct {
	// contains filtered or unexported fields
}

TransactionVariables has pointers to all the variables of the transaction

func NewTransactionVariables 

func NewTransactionVariables() *TransactionVariables

func (*TransactionVariables) All 

func (v *TransactionVariables) All(f func(v variables.RuleVariable, col collection.Collection) bool)

All iterates over the variables. We return both variable and its collection, i.e. key/value, to follow general range iteration in Go which always has a key and value (key is int index for slices). Notably, this is consistent with discussions for custom iterable types in a future language version https://github.com/golang/go/discussions/56413

func (*TransactionVariables) Args 

func (v *TransactionVariables) Args() collection.Keyed

func (*TransactionVariables) ArgsCombinedSize 

func (v *TransactionVariables) ArgsCombinedSize() collection.Collection

func (*TransactionVariables) ArgsGet 

func (v *TransactionVariables) ArgsGet() collection.Map

func (*TransactionVariables) ArgsGetNames 

func (v *TransactionVariables) ArgsGetNames() collection.Collection

func (*TransactionVariables) ArgsNames 

func (v *TransactionVariables) ArgsNames() collection.Collection

func (*TransactionVariables) ArgsPath 

func (v *TransactionVariables) ArgsPath() collection.Map

func (*TransactionVariables) ArgsPost 

func (v *TransactionVariables) ArgsPost() collection.Map

func (*TransactionVariables) ArgsPostNames 

func (v *TransactionVariables) ArgsPostNames() collection.Collection

func (*TransactionVariables) Duration 

func (v *TransactionVariables) Duration() collection.Single

func (*TransactionVariables) Env 

func (v *TransactionVariables) Env() collection.Map

func (*TransactionVariables) Files 

func (v *TransactionVariables) Files() collection.Map

func (*TransactionVariables) FilesCombinedSize 

func (v *TransactionVariables) FilesCombinedSize() collection.Single

func (*TransactionVariables) FilesNames 

func (v *TransactionVariables) FilesNames() collection.Map

func (*TransactionVariables) FilesSizes 

func (v *TransactionVariables) FilesSizes() collection.Map

func (*TransactionVariables) FilesTmpContent 

func (v *TransactionVariables) FilesTmpContent() collection.Map

func (*TransactionVariables) FilesTmpNames 

func (v *TransactionVariables) FilesTmpNames() collection.Map

func (*TransactionVariables) FullRequestLength 

func (v *TransactionVariables) FullRequestLength() collection.Single

func (*TransactionVariables) Geo 

func (v *TransactionVariables) Geo() collection.Map

func (*TransactionVariables) HighestSeverity 

func (v *TransactionVariables) HighestSeverity() collection.Single

func (*TransactionVariables) InboundDataError 

func (v *TransactionVariables) InboundDataError() collection.Single

func (*TransactionVariables) JSON added in v3.0.1 

func (v *TransactionVariables) JSON() collection.Map

添加针对JSON成员的方法支持

func (*TransactionVariables) MatchedVar 

func (v *TransactionVariables) MatchedVar() collection.Single

func (*TransactionVariables) MatchedVarName 

func (v *TransactionVariables) MatchedVarName() collection.Single

func (*TransactionVariables) MatchedVars 

func (v *TransactionVariables) MatchedVars() collection.Map

func (*TransactionVariables) MatchedVarsNames 

func (v *TransactionVariables) MatchedVarsNames() collection.Collection

func (*TransactionVariables) MultipartDataAfter 

func (v *TransactionVariables) MultipartDataAfter() collection.Single

func (*TransactionVariables) MultipartFilename 

func (v *TransactionVariables) MultipartFilename() collection.Map

func (*TransactionVariables) MultipartName 

func (v *TransactionVariables) MultipartName() collection.Map

func (*TransactionVariables) MultipartPartHeaders 

func (v *TransactionVariables) MultipartPartHeaders() collection.Map

func (*TransactionVariables) MultipartStrictError 

func (v *TransactionVariables) MultipartStrictError() collection.Single

func (*TransactionVariables) OutboundDataError 

func (v *TransactionVariables) OutboundDataError() collection.Single

func (*TransactionVariables) QueryString 

func (v *TransactionVariables) QueryString() collection.Single

func (*TransactionVariables) RemoteAddr 

func (v *TransactionVariables) RemoteAddr() collection.Single

func (*TransactionVariables) RemoteHost 

func (v *TransactionVariables) RemoteHost() collection.Single

func (*TransactionVariables) RemotePort 

func (v *TransactionVariables) RemotePort() collection.Single

func (*TransactionVariables) RequestBasename 

func (v *TransactionVariables) RequestBasename() collection.Single

func (*TransactionVariables) RequestBody 

func (v *TransactionVariables) RequestBody() collection.Single

func (*TransactionVariables) RequestBodyError 

func (v *TransactionVariables) RequestBodyError() collection.Single

func (*TransactionVariables) RequestBodyErrorMsg 

func (v *TransactionVariables) RequestBodyErrorMsg() collection.Single

func (*TransactionVariables) RequestBodyLength 

func (v *TransactionVariables) RequestBodyLength() collection.Single

func (*TransactionVariables) RequestBodyProcessor 

func (v *TransactionVariables) RequestBodyProcessor() collection.Single

func (*TransactionVariables) RequestBodyProcessorError 

func (v *TransactionVariables) RequestBodyProcessorError() collection.Single

func (*TransactionVariables) RequestBodyProcessorErrorMsg 

func (v *TransactionVariables) RequestBodyProcessorErrorMsg() collection.Single

func (*TransactionVariables) RequestCookies 

func (v *TransactionVariables) RequestCookies() collection.Map

func (*TransactionVariables) RequestCookiesNames 

func (v *TransactionVariables) RequestCookiesNames() collection.Collection

func (*TransactionVariables) RequestFilename 

func (v *TransactionVariables) RequestFilename() collection.Single

func (*TransactionVariables) RequestHeaders 

func (v *TransactionVariables) RequestHeaders() collection.Map

func (*TransactionVariables) RequestHeadersNames 

func (v *TransactionVariables) RequestHeadersNames() collection.Collection

func (*TransactionVariables) RequestJSON added in v3.0.1 

func (v *TransactionVariables) RequestJSON() collection.Map

func (*TransactionVariables) RequestLine 

func (v *TransactionVariables) RequestLine() collection.Single

func (*TransactionVariables) RequestMethod 

func (v *TransactionVariables) RequestMethod() collection.Single

func (*TransactionVariables) RequestProtocol 

func (v *TransactionVariables) RequestProtocol() collection.Single

func (*TransactionVariables) RequestURI 

func (v *TransactionVariables) RequestURI() collection.Single

func (*TransactionVariables) RequestURIRaw 

func (v *TransactionVariables) RequestURIRaw() collection.Single

func (*TransactionVariables) RequestXML 

func (v *TransactionVariables) RequestXML() collection.Map

func (*TransactionVariables) ResBodyError 

func (v *TransactionVariables) ResBodyError() collection.Single

func (*TransactionVariables) ResBodyErrorMsg 

func (v *TransactionVariables) ResBodyErrorMsg() collection.Single

func (*TransactionVariables) ResBodyProcessorError 

func (v *TransactionVariables) ResBodyProcessorError() collection.Single

func (*TransactionVariables) ResBodyProcessorErrorMsg 

func (v *TransactionVariables) ResBodyProcessorErrorMsg() collection.Single

func (*TransactionVariables) ResponseArgs 

func (v *TransactionVariables) ResponseArgs() collection.Map

func (*TransactionVariables) ResponseBody 

func (v *TransactionVariables) ResponseBody() collection.Single

func (*TransactionVariables) ResponseBodyProcessor 

func (v *TransactionVariables) ResponseBodyProcessor() collection.Single

func (*TransactionVariables) ResponseContentLength 

func (v *TransactionVariables) ResponseContentLength() collection.Single

func (*TransactionVariables) ResponseContentType 

func (v *TransactionVariables) ResponseContentType() collection.Single

func (*TransactionVariables) ResponseHeaders 

func (v *TransactionVariables) ResponseHeaders() collection.Map

func (*TransactionVariables) ResponseHeadersNames 

func (v *TransactionVariables) ResponseHeadersNames() collection.Collection

func (*TransactionVariables) ResponseJSON added in v3.0.1 

func (v *TransactionVariables) ResponseJSON() collection.Map

func (*TransactionVariables) ResponseProtocol 

func (v *TransactionVariables) ResponseProtocol() collection.Single

func (*TransactionVariables) ResponseStatus 

func (v *TransactionVariables) ResponseStatus() collection.Single

func (*TransactionVariables) ResponseXML 

func (v *TransactionVariables) ResponseXML() collection.Map

func (*TransactionVariables) Rule 

func (v *TransactionVariables) Rule() collection.Map

func (*TransactionVariables) ServerAddr 

func (v *TransactionVariables) ServerAddr() collection.Single

func (*TransactionVariables) ServerName 

func (v *TransactionVariables) ServerName() collection.Single

func (*TransactionVariables) ServerPort 

func (v *TransactionVariables) ServerPort() collection.Single

func (*TransactionVariables) StatusLine 

func (v *TransactionVariables) StatusLine() collection.Single

func (*TransactionVariables) TX 

func (v *TransactionVariables) TX() collection.Map

func (*TransactionVariables) UniqueID 

func (v *TransactionVariables) UniqueID() collection.Single

func (*TransactionVariables) UrlencodedError 

func (v *TransactionVariables) UrlencodedError() collection.Single

func (*TransactionVariables) XML 

func (v *TransactionVariables) XML() collection.Map

type WAF 

type WAF struct {

	// ruleGroup object, contains all rules and helpers
	Rules RuleGroup

	// If true, transactions will have access to the request body
	RequestBodyAccess bool

	// Request body page file limit
	RequestBodyLimit int64

	// If true, transactions will have access to the response body
	ResponseBodyAccess bool

	// Response body memory limit
	ResponseBodyLimit int64

	// Defines if rules are going to be evaluated
	RuleEngine types.RuleEngineStatus

	// Responses will only be loaded if mime is listed here
	ResponseBodyMimeTypes []string

	// Web Application id, apps sharing the same id will share persistent collections
	WebAppID string

	// Add significant rule components to audit log
	ComponentNames []string

	// If true WAF engine will fail when remote rules cannot be loaded
	AbortOnRemoteRulesFail bool

	// Instructs the waf to change the Server response header
	ServerSignature string

	// This directory will be used to store page files
	TmpDir string

	// Sensor ID identifies the sensor in ac cluster
	SensorID string

	// Path to store data files (ex. cache)
	DataDir string

	// If true, the WAF will store the uploaded files in the UploadDir
	// directory
	UploadKeepFiles bool
	// UploadFileMode instructs the waf to set the file mode for uploaded files
	UploadFileMode fs.FileMode
	// UploadFileLimit is the maximum size of the uploaded file to be stored
	UploadFileLimit int
	// UploadDir is the directory where the uploaded files will be stored
	UploadDir string

	// Request body in memory limit excluding the size of any files being transported in the request.
	// TODO: SecRequestBodyNoFilesLimit directive is retrieving the value, but no logic based on it is implemented. See https://github.com/redwanghb/coraza/issues/896
	RequestBodyNoFilesLimit int64

	RequestBodyLimitAction types.BodyLimitAction

	ResponseBodyLimitAction types.BodyLimitAction

	ArgumentSeparator string

	// ProducerConnector is used by connectors to identify the producer
	// on audit logs, for example, apache-modcoraza
	ProducerConnector string

	// ProducerConnectorVersion is used by connectors to identify the producer
	// version on audit logs
	ProducerConnectorVersion string

	// Used for the debug logger
	Logger debuglog.Logger

	ErrorLogCb func(rule types.MatchedRule)

	// Audit mode status
	AuditEngine types.AuditEngineStatus

	// Array of logging parts to be used
	AuditLogParts types.AuditLogParts

	// Audit log format
	AuditLogFormat string

	// Contains the regular expression for relevant status audit logging
	AuditLogRelevantStatus *regexp.Regexp

	// AuditLogWriterConfig is configuration of audit logging, populated by multiple directives and consumed by
	// SecAuditLog.
	AuditLogWriterConfig plugintypes.AuditLogConfig

	// Configures the maximum number of ARGS that will be accepted for processing.
	ArgumentLimit int
	// contains filtered or unexported fields
}

WAF instance is used to store configurations and rules Every web application should have a different WAF instance, but you can share an instance if you are ok with sharing configurations, rules and logging. Transactions and SecLang parser requires a WAF instance You can use as many WAF instances as you want, and they are concurrent safe All WAF instance fields are immutable, if you update any of them in runtime you might create concurrency issues

func NewWAF 

func NewWAF() *WAF

NewWAF creates a new WAF instance with default variables

func (*WAF) AuditLogWriter 

func (w *WAF) AuditLogWriter() plugintypes.AuditLogWriter

AuditLogWriter returns the audit log writer. If the writer is not initialized, it will be initialized

func (*WAF) InitAuditLogWriter 

func (w *WAF) InitAuditLogWriter() error

InitAuditLogWriter initializes the audit log writer. If the writer is already initialized, it will return an error as initializing the audit log writer twice seems to be a bug.

func (*WAF) NewTransaction 

func (w *WAF) NewTransaction() *Transaction

NewTransaction Creates a new initialized transaction for this WAF instance

func (*WAF) NewTransactionWithOptions 

func (w *WAF) NewTransactionWithOptions(opts Options) *Transaction

NewTransactionWithOptions Creates a new initialized transaction for this WAF instance with the provided options

func (*WAF) RequestBodyInMemoryLimit 

func (w *WAF) RequestBodyInMemoryLimit() *int64

func (*WAF) SetAuditLogWriter 

func (w *WAF) SetAuditLogWriter(alw plugintypes.AuditLogWriter)

SetAuditLogWriter sets the audit log writer

func (*WAF) SetDebugLogLevel 

func (w *WAF) SetDebugLogLevel(lvl debuglog.Level) error

SetDebugLogLevel changes the debug level of the WAF instance

func (*WAF) SetDebugLogOutput 

func (w *WAF) SetDebugLogOutput(wr io.Writer)

func (*WAF) SetDebugLogPath 

func (w *WAF) SetDebugLogPath(path string) error

SetDebugLogPath sets the path for the debug log If the path is empty, the debug log will be disabled note: this is not thread safe

func (*WAF) SetErrorCallback 

func (w *WAF) SetErrorCallback(cb func(rule types.MatchedRule))

SetErrorCallback sets the callback function for error logging The error callback receives all the error data and some helpers to write modsecurity style logs

func (*WAF) SetRequestBodyInMemoryLimit 

func (w *WAF) SetRequestBodyInMemoryLimit(limit int64)

func (*WAF) Validate 

func (w *WAF) Validate() error

Validate validates the waf after all the settings have been set.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.