sharedsec

package
v1.60.2-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 13, 2024 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExecuteUserIDOperation

func ExecuteUserIDOperation(parent dyngo.Operation, args UserIDOperationArgs) error

ExecuteUserIDOperation starts and finishes the UserID operation by emitting a dyngo start and finish events An error is returned if the user associated to that operation must be blocked

func MonitorUser

func MonitorUser(ctx context.Context, userID string) error

MonitorUser starts and finishes a UserID operation. A call to the WAF is made to check the user ID and an error is returned if the user should be blocked. The return value is nil otherwise.

func NewBlockHandler

func NewBlockHandler(status int, template string) http.Handler

NewBlockHandler creates, initializes and returns a new BlockRequestAction

func OnData

func OnData[T any](op dyngo.Operation, f func(T))

OnData is a facilitator that wraps a dyngo.Operation.OnData() call

func OnErrorData

func OnErrorData[T error](op dyngo.Operation, f func(T))

OnErrorData is a facilitator that wraps a dyngo.Operation.OnData() call with an error type constraint

Types

type Action

type Action struct {
	// contains filtered or unexported fields
}

Action represents a WAF action. It holds the HTTP and gRPC handlers to be used instead of the regular request handler when said action is executed.

func NewBlockRequestAction

func NewBlockRequestAction(httpStatus, grpcStatus int, template string) *Action

NewBlockRequestAction creates an action for the "block" action type

func NewRedirectRequestAction

func NewRedirectRequestAction(status int, loc string) *Action

NewRedirectRequestAction creates an action for the "redirect" action type

func (*Action) Blocking

func (a *Action) Blocking() bool

Blocking returns true if the action object represents a request blocking action

func (*Action) GRPC

func (a *Action) GRPC() GRPCWrapper

GRPC returns the gRPC handler linked to the action object

func (*Action) HTTP

func (a *Action) HTTP() http.Handler

HTTP returns the HTTP handler linked to the action object

type Actions

type Actions map[string]*Action

Actions represents a set of action bindings to an action name.

type GRPCWrapper

type GRPCWrapper func(map[string][]string) (uint32, error)

GRPCWrapper is an opaque prototype abstraction for a gRPC handler (to avoid importing grpc) that takes metadata as input and returns a status code and an error TODO: rely on strongly typed actions (with the actual grpc types) by introducing WAF constructors

 living in the contrib packages, along with their dependencies - something like `appsec.RegisterWAFConstructor(newGRPCWAF)`
Such constructors would receive the full appsec config and rules, so that they would be able to build
specific blocking actions.

type OnUserIDOperationStart

type OnUserIDOperationStart func(operation *UserIDOperation, args UserIDOperationArgs)

OnUserIDOperationStart function type, called when a user ID operation starts.

func (OnUserIDOperationStart) Call

func (f OnUserIDOperationStart) Call(op dyngo.Operation, v interface{})

Call the underlying event listener function by performing the type-assertion on v whose type is the one returned by ListenedType().

func (OnUserIDOperationStart) ListenedType

func (OnUserIDOperationStart) ListenedType() reflect.Type

ListenedType returns the type a OnUserIDOperationStart event listener listens to, which is the UserIDOperationStartArgs type.

type UserIDOperation

type UserIDOperation struct {
	dyngo.Operation
}

UserIDOperation type representing a call to appsec.SetUser(). It gets both created and destroyed in a single call to ExecuteUserIDOperation

type UserIDOperationArgs

type UserIDOperationArgs struct {
	UserID string
}

UserIDOperationArgs is the user ID operation arguments.

type UserIDOperationRes

type UserIDOperationRes struct{}

UserIDOperationRes is the user ID operation results.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL