regosig

package

v0.0.0-...-a8f7581 Latest Latest Go to latest Published: Apr 12, 2021 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/simar7/tracee-signatures

Links

Open Source Insights

Documentation ¶

Index ¶

func NewRegoSignature(regoCodes ...string) (types.Signature, error)
type RegoSignature

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewRegoSignature ¶

func NewRegoSignature(regoCodes ...string) (types.Signature, error)

NewRegoSignature creates a new RegoSignature with the provided rego code string

Types ¶

type RegoSignature ¶

type RegoSignature struct {
	// contains filtered or unexported fields
}

RegoSignature is an abstract signature that is implemented in rego each struct instance is associated with a rego file the rego file declares the following rules: __rego_metadoc__: a *document* rule that defines the rule's metadata (see GetMetadata()) tracee_selected_events: a *set* rule that defines the event selectors (see GetSelectedEvent()) tracee_match: a *boolean*, or a *document* rule that defines the logic of the signature (see OnEvent())

func (*RegoSignature) GetMetadata ¶

func (sig *RegoSignature) GetMetadata() (types.SignatureMetadata, error)

GetMetadata implements the Signature interface by evaluating the Rego policy's __rego_metadoc__ rule this is a *document* rule that defines the rule's metadata based on WIP Rego convention for describing policy metadata: https://hackmd.io/@ZtQnh19kS26YiNlJLqKJnw/H1gAv5nBw

func (*RegoSignature) GetSelectedEvents ¶

func (sig *RegoSignature) GetSelectedEvents() ([]types.SignatureEventSelector, error)

GetSelectedEvents implements the Signature interface by evaluating the Rego policy's tracee_selected_events rule this is a *set* rule that defines the rule's SelectedEvents

func (*RegoSignature) Init ¶

func (sig *RegoSignature) Init(cb types.SignatureHandler) error

Init implements the Signature interface by resetting internal state

func (*RegoSignature) OnEvent ¶

func (sig *RegoSignature) OnEvent(e types.Event) error

OnEvent implements the Signature interface by evaluating the Rego policy's tracee_match rule this is a *boolean* or a *document* rule that defines the logic of the signature if bool is "returned", a true evaluation will generate a Finding with no data if document is "returned", any non-empty evaluation will generate a Finding with the document as the Finding's "Data"

func (*RegoSignature) OnSignal ¶

func (sig *RegoSignature) OnSignal(signal types.Signal) error

OnSignal implements the Signature interface by handling lifecycle events of the signature

Source Files ¶

View all Source files

traceerego.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL