v1alpha1

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 23, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

README

Security Data Package

This package serves as the beating heart of Guard.

It defines data structures that meet the v1alpha1 interface.

The guard/v1alpha1 API

The v1alpha1 interface includes three interfaces:

  • Profile: describing a sample of a data type
  • Pile: accumulating multiple samples of a data type to enable learning.
  • Config: the rules describing what is expected from the data type.

Core Activity

Per Sample:

  1. Profile.Profile(...sample...) - Create a profile from the sample
  2. Config.Decide(profile) - Decide if it conforms to the config rules
  3. Pile.Add(profile) - Add it to a pile.

Periodically:

  1. Pile.Merge(someOtherPile) - Merge someOtherPile to Pile.
  2. Config.Learn(pile) - Learn a new config rules based on a pile.
  3. Config.Fuse(someOtherConfig) - Fuse configs to form a new config from an old one.

Note:

  • Profiles, Piles and Configs are build to be transportable across a distributed system.

Distributed System

Guard supports working in a distributed system by allowing many instances to collect samples and take decisions.

The instances each collect piles and send them to a central service that merge the piles and learn a new config based on the enw piles and the old config.

The config is then sent back to the instances and is kept in a persistent store.

Documentation

Overview

Package v1alpha1 is the v1alpha1 version of the API.

Package v1alpha1 is the v1alpha1 version of the API.

Index

Constants

View Source
const (
	ExclamationSlot   = iota // 33 (0)
	DoubleQuoteSlot          // 34 (1)
	NumberSlot               // 35
	DollarSlot               // 36
	PercentSlot              // 37
	AmpersandSlot            // 38
	SingleQuoteSlot          // 39
	RoundBracketSlot         // 40, 41
	AsteriskSlot             // 42
	PlusSlot                 // 43 (9)
	CommaSlot                // 44 (10)
	MinusSlot                // 45
	PeriodSlot               // 46
	SlashSlot                // 47
	ColonSlot                // 58 (14)
	SemiSlot                 // 59
	LtGtSlot                 // 60, 62
	EqualSlot                // 61
	QuestionSlot             // 63
	AtSlot                   // 64 (19)
	BackslashSlot            // 92 (20)
	SquareBracketSlot        // 91, 93 (21)
	PowerSlot                // 94
	UnderscoreSlot           // 95
	AccentSlot               // 96
	PipeSlot                 // 124 (25)
	CurlyBracketSlot         // 123, 125 (26)
	HomeSlot                 // 126 (27)
	Unused_1_Slot            // (28)
	Unused_2_Slot            // (29)
	CommentsSlot             // (30)
	HexSlot                  // (31)
	// ---------------------------  up to here are flags
	LetterSlot      // (32)
	DigitSlot       // (33)
	NonReadableSlot // (34)
	SpaceSlot       // (35)
)
View Source
const (
	KindEmpty   = ""
	KindObject  = "object"
	KindArray   = "array"
	KindNumber  = "number"
	KindBoolean = "boolean"
	KindString  = "string"
	KindMulti   = "multi"
)
View Source
const MAX_KEYS_LEARNED = 7
View Source
const MAX_KEY_LENGTH = 64

Variables

View Source
var (
	// SchemeBuilder initializes a scheme builder
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var AsciiFlagNames = []string{
	SpaceSlot:         "Space",
	ExclamationSlot:   "Exclamation",
	DoubleQuoteSlot:   "DoubleQuote",
	NumberSlot:        "NumberSign",
	DollarSlot:        "DollarSign",
	PercentSlot:       "PercentSign",
	SingleQuoteSlot:   "SingleQuote",
	RoundBracketSlot:  "RoundBracket",
	AsteriskSlot:      "MultiplySign",
	PlusSlot:          "PlusSign",
	AtSlot:            "CommentSign",
	MinusSlot:         "MinusSign",
	PeriodSlot:        "DotSign",
	SlashSlot:         "DivideSign",
	ColonSlot:         "ColonSign",
	SemiSlot:          "SemicolonSign",
	LtGtSlot:          "Less/GreaterThanSign",
	EqualSlot:         "EqualSign",
	QuestionSlot:      "QuestionMark",
	CommaSlot:         "CommaSign",
	SquareBracketSlot: "SquareBracket",
	BackslashSlot:     "ReverseDivideSign",
	PowerSlot:         "PowerSign",
	UnderscoreSlot:    "UnderscoreSign",
	AccentSlot:        "AccentSign",
	CurlyBracketSlot:  "CurlyBracket",
	PipeSlot:          "PipeSign",
	NonReadableSlot:   "NonReadableChar",
	CommentsSlot:      "CommentsCombination",
	HexSlot:           "HexCombination",
}
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: guard.GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects

Functions

func DecideChild added in v0.3.0

func DecideChild(current **Decision, childDecision *Decision, format string, a ...any)

func DecideInner added in v0.3.0

func DecideInner(current **Decision, result int, format string, a ...any)

func IpNetFromProc

func IpNetFromProc(protocol string) (ips []net.IP)

Given a protocol {tcp|udp|udpite|tcp6|udp6|tcplite6} get the list of Remote Ips from /proc/net

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type Alert added in v0.5.0

type Alert struct {
	Decision *Decision `json:"decision"`
	Time     int64     `json:"time"`
	Level    string    `json:"level"`
	Count    uint      `json:"count"`
	// contains filtered or unexported fields
}

Level is "Session" or "Gate"

func AddAlert added in v0.5.0

func AddAlert(alerts []Alert, decision *Decision, level string) []Alert

func (*Alert) DeepCopy added in v0.5.0

func (in *Alert) DeepCopy() *Alert

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Alert.

func (*Alert) DeepCopyInto added in v0.5.0

func (in *Alert) DeepCopyInto(out *Alert)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AsciiFlagsConfig

type AsciiFlagsConfig uint32

Exposes ValueConfig interface

func (*AsciiFlagsConfig) Decide

func (config *AsciiFlagsConfig) Decide(profile AsciiFlagsProfile) *Decision

func (*AsciiFlagsConfig) Fuse

func (config *AsciiFlagsConfig) Fuse(otherConfig *AsciiFlagsConfig)

func (*AsciiFlagsConfig) Learn

func (config *AsciiFlagsConfig) Learn(pile AsciiFlagsPile)

pile is RO and unchanged - never uses pile internal objects

func (*AsciiFlagsConfig) Prepare added in v0.3.0

func (config *AsciiFlagsConfig) Prepare()

func (*AsciiFlagsConfig) Score added in v0.6.0

func (config *AsciiFlagsConfig) Score() uint32

type AsciiFlagsPile

type AsciiFlagsPile uint32

Exposes ValuePile interface

func (*AsciiFlagsPile) Add

func (pile *AsciiFlagsPile) Add(profile AsciiFlagsProfile)

profile is RO and unchanged - never uses profile internal objects

func (*AsciiFlagsPile) Clear

func (pile *AsciiFlagsPile) Clear()

func (*AsciiFlagsPile) Merge

func (pile *AsciiFlagsPile) Merge(otherPile AsciiFlagsPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type AsciiFlagsProfile

type AsciiFlagsProfile uint32

Exposes ValueProfile interface

func (*AsciiFlagsProfile) Profile

func (profile *AsciiFlagsProfile) Profile(val uint32)

type BodyConfig

type BodyConfig struct {
	Faults       SetConfig         `json:"faults"`
	Unstructured *SimpleValConfig  `json:"unstructured"`
	Structured   *StructuredConfig `json:"structured"`
}

Exposes ValueConfig interface

func (*BodyConfig) Decide

func (config *BodyConfig) Decide(profile *BodyProfile) *Decision

func (*BodyConfig) DeepCopy

func (in *BodyConfig) DeepCopy() *BodyConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyConfig.

func (*BodyConfig) DeepCopyInto

func (in *BodyConfig) DeepCopyInto(out *BodyConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BodyConfig) Learn

func (config *BodyConfig) Learn(pile *BodyPile)

pile is RO and unchanged - never uses pile internal objects

func (*BodyConfig) Prepare added in v0.3.0

func (config *BodyConfig) Prepare()

type BodyPile

type BodyPile struct {
	Faults       SetPile         `json:"faults"`
	Unstructured *SimpleValPile  `json:"unstructured"`
	Structured   *StructuredPile `json:"structured"`
}

Exposes ValuePile interface

func (*BodyPile) Add

func (pile *BodyPile) Add(profile *BodyProfile)

profile is RO and unchanged - never uses profile internal objects

func (*BodyPile) Clear

func (pile *BodyPile) Clear()

func (*BodyPile) DeepCopy

func (in *BodyPile) DeepCopy() *BodyPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyPile.

func (*BodyPile) DeepCopyInto

func (in *BodyPile) DeepCopyInto(out *BodyPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BodyPile) Merge

func (pile *BodyPile) Merge(otherPile *BodyPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type BodyProfile

type BodyProfile struct {
	Faults       SetProfile
	Unstructured *SimpleValProfile  `json:"unstructured"`
	Structured   *StructuredProfile `json:"structured"`
}

Exposes ValueProfile interface

func (*BodyProfile) DeepCopy

func (in *BodyProfile) DeepCopy() *BodyProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BodyProfile.

func (*BodyProfile) DeepCopyInto

func (in *BodyProfile) DeepCopyInto(out *BodyProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BodyProfile) ProfileFaults added in v0.5.0

func (profile *BodyProfile) ProfileFaults(fault string)

func (*BodyProfile) ProfileStructured

func (profile *BodyProfile) ProfileStructured(data interface{})

func (*BodyProfile) ProfileUnstructured

func (profile *BodyProfile) ProfileUnstructured(str string)

type CIDR

type CIDR net.IPNet

func (*CIDR) DeepCopy

func (in *CIDR) DeepCopy() *CIDR

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CIDR.

func (*CIDR) DeepCopyInto

func (in *CIDR) DeepCopyInto(out *CIDR)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CIDR) Include

func (cidr *CIDR) Include(otherCidr CIDR) bool

Return true if cidr include the ip range of otherCidr

func (*CIDR) InflateBy

func (cidr *CIDR) InflateBy(ip net.IP) bool

InflateBy try to add IP to a CIDR by extending the CIDR mask The maximal extension allowed by the implementation is a C Subnet (i.e. mask of 255.255.255.0 in IPv4) InflateBy returns true if successful

type CountConfig

type CountConfig []CountRange

Exposes ValueConfig interface

func (*CountConfig) Decide

func (config *CountConfig) Decide(profile CountProfile) *Decision

profile is RO and unchanged - never uses profile internal objects

func (CountConfig) DeepCopy

func (in CountConfig) DeepCopy() CountConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountConfig.

func (CountConfig) DeepCopyInto

func (in CountConfig) DeepCopyInto(out *CountConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CountConfig) Learn

func (config *CountConfig) Learn(pile CountPile)

Learn now offers the simplest single rule support pile is RO and unchanged - never uses pile internal objects Future: Improve Learn - e.g. by supporting more then one range

func (*CountConfig) Prepare added in v0.3.0

func (config *CountConfig) Prepare()

type CountPile

type CountPile []uint8

Exposes ValuePile interface

func (*CountPile) Add

func (pile *CountPile) Add(profile CountProfile)

profile is RO and unchanged - never uses profile internal objects

func (*CountPile) Clear

func (pile *CountPile) Clear()

func (CountPile) DeepCopy

func (in CountPile) DeepCopy() CountPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountPile.

func (CountPile) DeepCopyInto

func (in CountPile) DeepCopyInto(out *CountPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CountPile) Merge

func (pile *CountPile) Merge(otherPile CountPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type CountProfile

type CountProfile uint8

Exposes ValueProfile interface

func (*CountProfile) Profile

func (profile *CountProfile) Profile(val uint8)

type CountRange added in v0.5.0

type CountRange struct {
	Min uint8 `json:"min"`
	Max uint8 `json:"max"`
}

////////////////// CountConfig ////////////////

func (*CountRange) DeepCopy added in v0.5.0

func (in *CountRange) DeepCopy() *CountRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountRange.

func (*CountRange) DeepCopyInto added in v0.5.0

func (in *CountRange) DeepCopyInto(out *CountRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ctrl

type Ctrl struct {
	Alert bool `json:"alert"` // If true, use SessionDataConfig to identify alerts
	Block bool `json:"block"` // If true, block on alert.
	Learn bool `json:"learn"` // If true, and no alert identified, report piles
	Force bool `json:"force"` // If true, learning is done even when alert identified, report piles
	Auto  bool `json:"auto"`  // If true, use learned SessionDataConfig rather than configured SessionDataConfig
}

func (*Ctrl) DeepCopy

func (in *Ctrl) DeepCopy() *Ctrl

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ctrl.

func (*Ctrl) DeepCopyInto

func (in *Ctrl) DeepCopyInto(out *Ctrl)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Decision added in v0.3.0

type Decision struct {
	Children map[string]*Decision `json:"children"`
	Reasons  []string             `json:"reasons"`
	Result   int                  `json:"result"`
}

func (*Decision) DeepCopy added in v0.3.0

func (in *Decision) DeepCopy() *Decision

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Decision.

func (*Decision) DeepCopyInto added in v0.3.0

func (in *Decision) DeepCopyInto(out *Decision)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Decision) SortedSpillOut added in v0.3.0

func (parent *Decision) SortedSpillOut(sb *strings.Builder)

func (*Decision) SortedString added in v0.3.0

func (parent *Decision) SortedString(tag string) string

func (*Decision) SpillOut added in v0.3.0

func (parent *Decision) SpillOut(sb *strings.Builder)

func (*Decision) String added in v0.3.0

func (parent *Decision) String(tag string) string

func (*Decision) Summary added in v0.3.0

func (parent *Decision) Summary() string

type EnvelopConfig

type EnvelopConfig struct {
	ResponseTime   LimitConfig `json:"responsetime"`
	CompletionTime LimitConfig `json:"completiontime"`
}

Exposes ValueConfig interface

func (*EnvelopConfig) Decide

func (config *EnvelopConfig) Decide(profile *EnvelopProfile) *Decision

func (*EnvelopConfig) DeepCopy

func (in *EnvelopConfig) DeepCopy() *EnvelopConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvelopConfig.

func (*EnvelopConfig) DeepCopyInto

func (in *EnvelopConfig) DeepCopyInto(out *EnvelopConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvelopConfig) Learn

func (config *EnvelopConfig) Learn(pile *EnvelopPile)

func (*EnvelopConfig) Prepare added in v0.3.0

func (config *EnvelopConfig) Prepare()

type EnvelopPile

type EnvelopPile struct {
	ResponseTime   LimitPile `json:"responsetime"`
	CompletionTime LimitPile `json:"completiontime"`
}

Exposes ValuePile interface

func (*EnvelopPile) Add

func (pile *EnvelopPile) Add(profile *EnvelopProfile)

func (*EnvelopPile) Clear

func (pile *EnvelopPile) Clear()

func (*EnvelopPile) DeepCopy

func (in *EnvelopPile) DeepCopy() *EnvelopPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvelopPile.

func (*EnvelopPile) DeepCopyInto

func (in *EnvelopPile) DeepCopyInto(out *EnvelopPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvelopPile) Merge

func (pile *EnvelopPile) Merge(otherPile *EnvelopPile)

type EnvelopProfile

type EnvelopProfile struct {
	ResponseTime   LimitProfile `json:"responsetime"`
	CompletionTime LimitProfile `json:"completiontime"`
}

Exposes ValueProfile interface

func (*EnvelopProfile) DeepCopy

func (in *EnvelopProfile) DeepCopy() *EnvelopProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvelopProfile.

func (*EnvelopProfile) DeepCopyInto

func (in *EnvelopProfile) DeepCopyInto(out *EnvelopProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvelopProfile) Profile

func (profile *EnvelopProfile) Profile(reqTime int64, respTime int64, endTime int64)

type FlagSliceConfig

type FlagSliceConfig []uint32

Exposes ValueConfig interface

func (*FlagSliceConfig) Decide

func (config *FlagSliceConfig) Decide(profile FlagSliceProfile) *Decision

func (FlagSliceConfig) DeepCopy

func (in FlagSliceConfig) DeepCopy() FlagSliceConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlagSliceConfig.

func (FlagSliceConfig) DeepCopyInto

func (in FlagSliceConfig) DeepCopyInto(out *FlagSliceConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FlagSliceConfig) Fuse

func (config *FlagSliceConfig) Fuse(otherConfig *FlagSliceConfig)

func (*FlagSliceConfig) Learn

func (config *FlagSliceConfig) Learn(pile FlagSlicePile)

otherPile is RO and unchanged - never uses otherPile internal objects

func (*FlagSliceConfig) Prepare added in v0.3.0

func (config *FlagSliceConfig) Prepare()

func (*FlagSliceConfig) Score added in v0.6.0

func (config *FlagSliceConfig) Score() uint32

type FlagSlicePile

type FlagSlicePile []uint32

Exposes ValuePile interface

func (*FlagSlicePile) Add

func (pile *FlagSlicePile) Add(profile FlagSliceProfile)

profile is RO and unchanged - never uses profile internal objects

func (*FlagSlicePile) Clear

func (pile *FlagSlicePile) Clear()

func (FlagSlicePile) DeepCopy

func (in FlagSlicePile) DeepCopy() FlagSlicePile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlagSlicePile.

func (FlagSlicePile) DeepCopyInto

func (in FlagSlicePile) DeepCopyInto(out *FlagSlicePile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FlagSlicePile) Merge

func (pile *FlagSlicePile) Merge(otherPile FlagSlicePile)

otherPile is RO and unchanged - never uses otherPile internal objects

type FlagSliceProfile

type FlagSliceProfile []uint32

Exposes ValueProfile interface

func (FlagSliceProfile) DeepCopy

func (in FlagSliceProfile) DeepCopy() FlagSliceProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlagSliceProfile.

func (FlagSliceProfile) DeepCopyInto

func (in FlagSliceProfile) DeepCopyInto(out *FlagSliceProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FlagSliceProfile) Profile

func (profile *FlagSliceProfile) Profile(vals []uint32)

type Guardian

type Guardian struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec *GuardianSpec `json:"spec"`
}

+genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object Guardian is a specification for a Guardian resource

func (*Guardian) DeepCopy

func (in *Guardian) DeepCopy() *Guardian

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Guardian.

func (*Guardian) DeepCopyInto

func (in *Guardian) DeepCopyInto(out *Guardian)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Guardian) DeepCopyObject

func (in *Guardian) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GuardianList

type GuardianList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []Guardian `json:"items"`
}

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object GuardianList is a list of Guardian resources

func (*GuardianList) DeepCopy

func (in *GuardianList) DeepCopy() *GuardianList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GuardianList.

func (*GuardianList) DeepCopyInto

func (in *GuardianList) DeepCopyInto(out *GuardianList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GuardianList) DeepCopyObject

func (in *GuardianList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GuardianSpec

type GuardianSpec struct {
	Configured *SessionDataConfig `json:"configured"`        // configrued criteria
	Learned    *SessionDataConfig `json:"learned,omitempty"` // Learned citeria
	NumSamples uint32             `json:"samples"`           // Number of Samples Learned
	Control    *Ctrl              `json:"control"`           // Control
}

func (*GuardianSpec) DeepCopy

func (in *GuardianSpec) DeepCopy() *GuardianSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GuardianSpec.

func (*GuardianSpec) DeepCopyInto

func (in *GuardianSpec) DeepCopyInto(out *GuardianSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GuardianSpec) SetToMaximalAutomation

func (g *GuardianSpec) SetToMaximalAutomation()

AutoActivate is a Guardian operation mode that is useful for security automation of new services

type HeadersConfig

type HeadersConfig struct {
	Kv KeyValConfig `json:"kv"`
}

Exposes ValueConfig interface

func (*HeadersConfig) Decide

func (config *HeadersConfig) Decide(profile *HeadersProfile) *Decision

func (*HeadersConfig) DeepCopy

func (in *HeadersConfig) DeepCopy() *HeadersConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeadersConfig.

func (*HeadersConfig) DeepCopyInto

func (in *HeadersConfig) DeepCopyInto(out *HeadersConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HeadersConfig) Learn

func (config *HeadersConfig) Learn(pile *HeadersPile)

func (*HeadersConfig) Prepare added in v0.3.0

func (config *HeadersConfig) Prepare()

type HeadersPile

type HeadersPile struct {
	Kv *KeyValPile `json:"kv"`
}

Exposes ValuePile interface

func (*HeadersPile) Add

func (pile *HeadersPile) Add(profile *HeadersProfile)

func (*HeadersPile) Clear

func (pile *HeadersPile) Clear()

func (*HeadersPile) DeepCopy

func (in *HeadersPile) DeepCopy() *HeadersPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeadersPile.

func (*HeadersPile) DeepCopyInto

func (in *HeadersPile) DeepCopyInto(out *HeadersPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HeadersPile) Merge

func (pile *HeadersPile) Merge(otherPile *HeadersPile)

type HeadersProfile

type HeadersProfile struct {
	Kv KeyValProfile `json:"kv"`
}

Exposes ValueProfile interface

func (*HeadersProfile) DeepCopy

func (in *HeadersProfile) DeepCopy() *HeadersProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeadersProfile.

func (*HeadersProfile) DeepCopyInto

func (in *HeadersProfile) DeepCopyInto(out *HeadersProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HeadersProfile) Profile

func (profile *HeadersProfile) Profile(headers http.Header)

type IpSetConfig

type IpSetConfig []CIDR

Exposes ValueConfig interface

func (*IpSetConfig) Decide

func (config *IpSetConfig) Decide(profile *IpSetProfile) *Decision

func (IpSetConfig) DeepCopy

func (in IpSetConfig) DeepCopy() IpSetConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpSetConfig.

func (IpSetConfig) DeepCopyInto

func (in IpSetConfig) DeepCopyInto(out *IpSetConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IpSetConfig) Learn

func (config *IpSetConfig) Learn(pile *IpSetPile)

pile is RO and unchanged - never uses pile internal objects

func (*IpSetConfig) Prepare added in v0.3.0

func (config *IpSetConfig) Prepare()

type IpSetPile

type IpSetPile struct {
	List []net.IP
	// contains filtered or unexported fields
}

Exposes ValuePile interface During json.Marshal(), IpSetPile exposes only the List After json.Unmarshal(), the map will be nil even when the List is not empty If the map is nil, it should be populated from the information in List If the map is populated it is always kept in-sync with the information in List

func (*IpSetPile) Add

func (pile *IpSetPile) Add(profile *IpSetProfile)

profile is RO and unchanged - never uses profile internal objects

func (*IpSetPile) Clear

func (pile *IpSetPile) Clear()

func (*IpSetPile) DeepCopy

func (in *IpSetPile) DeepCopy() *IpSetPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpSetPile.

func (*IpSetPile) DeepCopyInto

func (in *IpSetPile) DeepCopyInto(out *IpSetPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IpSetPile) Merge

func (pile *IpSetPile) Merge(otherPile *IpSetPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type IpSetProfile

type IpSetProfile []net.IP

Exposes ValueProfile interface

func (IpSetProfile) DeepCopy

func (in IpSetProfile) DeepCopy() IpSetProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpSetProfile.

func (IpSetProfile) DeepCopyInto

func (in IpSetProfile) DeepCopyInto(out *IpSetProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IpSetProfile) ProfileIP

func (profile *IpSetProfile) ProfileIP(ip net.IP)

func (*IpSetProfile) ProfileIPSlice

func (profile *IpSetProfile) ProfileIPSlice(ipSlice []net.IP)

func (*IpSetProfile) ProfileString

func (profile *IpSetProfile) ProfileString(str string)

type KeyValConfig

type KeyValConfig struct {
	Vals          map[string]*SimpleValConfig `json:"vals"`          // Profile the value of known keys
	OtherVals     *SimpleValConfig            `json:"otherVals"`     // Profile the values of other keys
	OtherKeynames *SimpleValConfig            `json:"otherKeynames"` // Profile the keynames of other keys
	// contains filtered or unexported fields
}

Exposes ValueConfig interface

func (*KeyValConfig) Decide

func (config *KeyValConfig) Decide(profile *KeyValProfile) *Decision

func (*KeyValConfig) DeepCopy

func (in *KeyValConfig) DeepCopy() *KeyValConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyValConfig.

func (*KeyValConfig) DeepCopyInto

func (in *KeyValConfig) DeepCopyInto(out *KeyValConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KeyValConfig) Learn

func (config *KeyValConfig) Learn(pile *KeyValPile)

Learn implementation currently is not optimized for a large number of keys pile is RO and unchanged - never uses pile internal objects Future: When the number of keys grow, Learn may reduce the number of known keys by aggregating all known keys which have common low security fingerprint into OtherKeynames and OtherVals

func (*KeyValConfig) Prepare added in v0.3.0

func (config *KeyValConfig) Prepare()

type KeyValPile

type KeyValPile map[string]*SimpleValPile

Exposes ValuePile interface

func (*KeyValPile) Add

func (pile *KeyValPile) Add(profile *KeyValProfile)

profile is RO and unchanged - never uses profile internal objects

func (*KeyValPile) Clear

func (pile *KeyValPile) Clear()

func (KeyValPile) DeepCopy

func (in KeyValPile) DeepCopy() KeyValPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyValPile.

func (KeyValPile) DeepCopyInto

func (in KeyValPile) DeepCopyInto(out *KeyValPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KeyValPile) Merge

func (pile *KeyValPile) Merge(otherPile *KeyValPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type KeyValProfile

type KeyValProfile map[string]*SimpleValProfile

Exposes ValueProfile interface

func (KeyValProfile) DeepCopy

func (in KeyValProfile) DeepCopy() KeyValProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyValProfile.

func (KeyValProfile) DeepCopyInto

func (in KeyValProfile) DeepCopyInto(out *KeyValProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KeyValProfile) ProfileMapString

func (profile *KeyValProfile) ProfileMapString(keyValMap map[string]string)

func (*KeyValProfile) ProfileMapStringSlice

func (profile *KeyValProfile) ProfileMapStringSlice(keyValMap map[string][]string)

type LimitConfig added in v0.3.0

type LimitConfig uint8

Exposes ValueConfig interface

func (*LimitConfig) Decide added in v0.3.0

func (config *LimitConfig) Decide(profile LimitProfile) *Decision

profile is RO and unchanged - never uses profile internal objects

func (*LimitConfig) Fuse added in v0.6.0

func (config *LimitConfig) Fuse(otherConfig *LimitConfig)

func (*LimitConfig) Learn added in v0.3.0

func (config *LimitConfig) Learn(pile LimitPile)

Learn now offers the simplest single rule support

func (*LimitConfig) Prepare added in v0.3.0

func (config *LimitConfig) Prepare()

func (*LimitConfig) Score added in v0.6.0

func (config *LimitConfig) Score() uint32

type LimitPile added in v0.3.0

type LimitPile []uint8

Exposes ValuePile interface

func (*LimitPile) Add added in v0.3.0

func (pile *LimitPile) Add(profile LimitProfile)

profile is RO and unchanged - never uses profile internal objects

func (*LimitPile) Clear added in v0.3.0

func (pile *LimitPile) Clear()

func (LimitPile) DeepCopy added in v0.3.0

func (in LimitPile) DeepCopy() LimitPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LimitPile.

func (LimitPile) DeepCopyInto added in v0.3.0

func (in LimitPile) DeepCopyInto(out *LimitPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LimitPile) Merge added in v0.3.0

func (pile *LimitPile) Merge(otherPile LimitPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type LimitProfile added in v0.3.0

type LimitProfile uint8

Exposes ValueProfile interface

func (*LimitProfile) Profile added in v0.3.0

func (profile *LimitProfile) Profile(val uint)

Exponentially represent uint up to ~1M using a uint8 For inputs > ~1M use 255 Exponential representation help stabilize the limits and avoid unnecessary alerts For example 10 means 10, 20 means 24-25, 40 means 80-83 and 50 means 128-135, 80 means 496-527, etc.

type MediaTypeConfig

type MediaTypeConfig struct {
	TypeTokens SetConfig    `json:"type"`
	Params     KeyValConfig `json:"params"`
}

Exposes ValueConfig interface

func (*MediaTypeConfig) Decide

func (config *MediaTypeConfig) Decide(profile *MediaTypeProfile) *Decision

func (*MediaTypeConfig) DeepCopy

func (in *MediaTypeConfig) DeepCopy() *MediaTypeConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MediaTypeConfig.

func (*MediaTypeConfig) DeepCopyInto

func (in *MediaTypeConfig) DeepCopyInto(out *MediaTypeConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MediaTypeConfig) Learn

func (config *MediaTypeConfig) Learn(pile *MediaTypePile)

func (*MediaTypeConfig) Prepare added in v0.3.0

func (config *MediaTypeConfig) Prepare()

type MediaTypePile

type MediaTypePile struct {
	TypeTokens SetPile    `json:"type"`
	Params     KeyValPile `json:"params"`
}

Exposes ValuePile interface

func (*MediaTypePile) Add

func (pile *MediaTypePile) Add(profile *MediaTypeProfile)

func (*MediaTypePile) Clear

func (pile *MediaTypePile) Clear()

func (*MediaTypePile) DeepCopy

func (in *MediaTypePile) DeepCopy() *MediaTypePile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MediaTypePile.

func (*MediaTypePile) DeepCopyInto

func (in *MediaTypePile) DeepCopyInto(out *MediaTypePile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MediaTypePile) Merge

func (pile *MediaTypePile) Merge(otherPile *MediaTypePile)

type MediaTypeProfile

type MediaTypeProfile struct {
	TypeTokens SetProfile    `json:"type"`   // "text/html"
	Params     KeyValProfile `json:"params"` // {"charset": "utf-8"}
}

Exposes ValueProfile interface TypeToken include rfc7231 type "/" subtype

func (*MediaTypeProfile) DeepCopy

func (in *MediaTypeProfile) DeepCopy() *MediaTypeProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MediaTypeProfile.

func (*MediaTypeProfile) DeepCopyInto

func (in *MediaTypeProfile) DeepCopyInto(out *MediaTypeProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MediaTypeProfile) Profile

func (profile *MediaTypeProfile) Profile(str string)

type PodConfig

type PodConfig struct {
	Tcp4Peers     IpSetConfig `json:"tcp4peers"`     // from /proc/net/tcp
	Udp4Peers     IpSetConfig `json:"udp4peers"`     // from /proc/net/udp
	Udplite4Peers IpSetConfig `json:"udplite4peers"` // from /proc/udpline
	Tcp6Peers     IpSetConfig `json:"tcp6peers"`     // from /proc/net/tcp6
	Udp6Peers     IpSetConfig `json:"udp6peers"`     // from /proc/net/udp6
	Udplite6Peers IpSetConfig `json:"udplite6peers"` // from /proc/net/udpline6
}

Exposes ValueConfig interface

func (*PodConfig) Decide

func (config *PodConfig) Decide(profile *PodProfile) *Decision

func (*PodConfig) DeepCopy

func (in *PodConfig) DeepCopy() *PodConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodConfig.

func (*PodConfig) DeepCopyInto

func (in *PodConfig) DeepCopyInto(out *PodConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodConfig) Learn

func (config *PodConfig) Learn(pile *PodPile)

func (*PodConfig) Prepare added in v0.3.0

func (config *PodConfig) Prepare()

type PodPile

type PodPile struct {
	Tcp4Peers     IpSetPile `json:"tcp4peers"`     // from /proc/net/tcp
	Udp4Peers     IpSetPile `json:"udp4peers"`     // from /proc/net/udp
	Udplite4Peers IpSetPile `json:"udplite4peers"` // from /proc/udpline
	Tcp6Peers     IpSetPile `json:"tcp6peers"`     // from /proc/net/tcp6
	Udp6Peers     IpSetPile `json:"udp6peers"`     // from /proc/net/udp6
	Udplite6Peers IpSetPile `json:"udplite6peers"` // from /proc/net/udpline6
}

Exposes ValuePile interface

func (*PodPile) Add

func (pile *PodPile) Add(profile *PodProfile)

func (*PodPile) Clear

func (pile *PodPile) Clear()

func (*PodPile) DeepCopy

func (in *PodPile) DeepCopy() *PodPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodPile.

func (*PodPile) DeepCopyInto

func (in *PodPile) DeepCopyInto(out *PodPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodPile) Merge

func (pile *PodPile) Merge(otherPile *PodPile)

type PodProfile

type PodProfile struct {
	// from local /proc/net (same net namespace)
	Tcp4Peers     IpSetProfile `json:"tcp4peers"`     // from /proc/net/tcp
	Udp4Peers     IpSetProfile `json:"udp4peers"`     // from /proc/net/udp
	Udplite4Peers IpSetProfile `json:"udplite4peers"` // from /proc/udpline
	Tcp6Peers     IpSetProfile `json:"tcp6peers"`     // from /proc/net/tcp6
	Udp6Peers     IpSetProfile `json:"udp6peers"`     // from /proc/net/udp6
	Udplite6Peers IpSetProfile `json:"udplite6peers"` // from /proc/net/udpline6
}

Exposes ValueProfile interface Support monitoring /proc/net Ips Future support for monitoring /proc/<PID>, /proc/<PID>/fd, /proc/*/cmdline, /proc/<PID>/io while sharing Process Namespace...

func (*PodProfile) DeepCopy

func (in *PodProfile) DeepCopy() *PodProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodProfile.

func (*PodProfile) DeepCopyInto

func (in *PodProfile) DeepCopyInto(out *PodProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodProfile) Profile

func (profile *PodProfile) Profile(args ...interface{})

type QueryConfig

type QueryConfig struct {
	Kv KeyValConfig `json:"kv"`
}

Exposes ValueConfig interface

func (*QueryConfig) Decide

func (config *QueryConfig) Decide(profile *QueryProfile) *Decision

func (*QueryConfig) DeepCopy

func (in *QueryConfig) DeepCopy() *QueryConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryConfig.

func (*QueryConfig) DeepCopyInto

func (in *QueryConfig) DeepCopyInto(out *QueryConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QueryConfig) Learn

func (config *QueryConfig) Learn(pile *QueryPile)

func (*QueryConfig) Prepare added in v0.3.0

func (config *QueryConfig) Prepare()

type QueryPile

type QueryPile struct {
	Kv *KeyValPile `json:"kv"`
}

Exposes ValuePile interface

func (*QueryPile) Add

func (pile *QueryPile) Add(profile *QueryProfile)

func (*QueryPile) Clear

func (pile *QueryPile) Clear()

func (*QueryPile) DeepCopy

func (in *QueryPile) DeepCopy() *QueryPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryPile.

func (*QueryPile) DeepCopyInto

func (in *QueryPile) DeepCopyInto(out *QueryPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QueryPile) Merge

func (pile *QueryPile) Merge(otherPile *QueryPile)

type QueryProfile

type QueryProfile struct {
	Kv KeyValProfile `json:"kv"`
}

Exposes ValueProfile interface

func (*QueryProfile) DeepCopy

func (in *QueryProfile) DeepCopy() *QueryProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryProfile.

func (*QueryProfile) DeepCopyInto

func (in *QueryProfile) DeepCopyInto(out *QueryProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QueryProfile) Profile

func (profile *QueryProfile) Profile(values url.Values)

type ReqConfig

type ReqConfig struct {
	ClientIp      IpSetConfig     `json:"cip"`           // subnets for external IPs (normally empty)
	HopIp         IpSetConfig     `json:"hopip"`         // subnets for external IPs
	Method        SetConfig       `json:"method"`        // GET
	Proto         SetConfig       `json:"proto"`         // "HTTP/1.1"
	MediaType     MediaTypeConfig `json:"mediatype"`     // "text/html"
	ContentLength CountConfig     `json:"contentlength"` // 0
	Url           UrlConfig       `json:"url"`
	Qs            QueryConfig     `json:"qs"`
	Headers       HeadersConfig   `json:"headers"`
}

Exposes ValueConfig interface

func (*ReqConfig) Decide

func (config *ReqConfig) Decide(profile *ReqProfile) *Decision

func (*ReqConfig) DeepCopy

func (in *ReqConfig) DeepCopy() *ReqConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReqConfig.

func (*ReqConfig) DeepCopyInto

func (in *ReqConfig) DeepCopyInto(out *ReqConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ReqConfig) Learn

func (config *ReqConfig) Learn(pile *ReqPile)

func (*ReqConfig) Prepare added in v0.3.0

func (config *ReqConfig) Prepare()

type ReqPile

type ReqPile struct {
	ClientIp      IpSetPile     `json:"cip"`           // 192.168.32.1
	HopIp         IpSetPile     `json:"hopip"`         // 1.2.3.4
	Method        SetPile       `json:"method"`        // GET
	Proto         SetPile       `json:"proto"`         // "HTTP/1.1"
	MediaType     MediaTypePile `json:"mediatype"`     // "text/html"
	ContentLength CountPile     `json:"contentlength"` // 0
	Url           UrlPile       `json:"url"`
	Qs            QueryPile     `json:"qs"`
	Headers       HeadersPile   `json:"headers"`
}

Exposes ValuePile interface

func (*ReqPile) Add

func (pile *ReqPile) Add(profile *ReqProfile)

func (*ReqPile) Clear

func (pile *ReqPile) Clear()

func (*ReqPile) DeepCopy

func (in *ReqPile) DeepCopy() *ReqPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReqPile.

func (*ReqPile) DeepCopyInto

func (in *ReqPile) DeepCopyInto(out *ReqPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ReqPile) Merge

func (pile *ReqPile) Merge(otherPile *ReqPile)

type ReqProfile

type ReqProfile struct {
	ClientIp      IpSetProfile     `json:"cip"`           // 192.168.32.1
	HopIp         IpSetProfile     `json:"hopip"`         // 1.2.3.4
	Method        SetProfile       `json:"method"`        // GET
	Proto         SetProfile       `json:"proto"`         // "HTTP/1.1"
	MediaType     MediaTypeProfile `json:"mediatype"`     // "text/html"
	ContentLength CountProfile     `json:"contentlength"` // 0
	Url           UrlProfile       `json:"url"`
	Qs            QueryProfile     `json:"qs"`
	Headers       HeadersProfile   `json:"headers"`
}

Exposes ValueProfile interface

func (*ReqProfile) DeepCopy

func (in *ReqProfile) DeepCopy() *ReqProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReqProfile.

func (*ReqProfile) DeepCopyInto

func (in *ReqProfile) DeepCopyInto(out *ReqProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ReqProfile) Profile

func (profile *ReqProfile) Profile(req *http.Request, cip net.IP)

type RespConfig

type RespConfig struct {
	Headers       HeadersConfig   `json:"headers"`
	MediaType     MediaTypeConfig `json:"mediatype"`
	ContentLength CountConfig     `json:"contentlength"`
}

Exposes ValueConfig interface

func (*RespConfig) Decide

func (config *RespConfig) Decide(profile *RespProfile) *Decision

func (*RespConfig) DeepCopy

func (in *RespConfig) DeepCopy() *RespConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RespConfig.

func (*RespConfig) DeepCopyInto

func (in *RespConfig) DeepCopyInto(out *RespConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RespConfig) Learn

func (config *RespConfig) Learn(pile *RespPile)

func (*RespConfig) Prepare added in v0.3.0

func (config *RespConfig) Prepare()

type RespPile

type RespPile struct {
	Headers       HeadersPile   `json:"headers"`
	MediaType     MediaTypePile `json:"mediatype"`
	ContentLength CountPile     `json:"contentlength"`
}

Exposes ValuePile interface

func (*RespPile) Add

func (pile *RespPile) Add(profile *RespProfile)

func (*RespPile) Clear

func (pile *RespPile) Clear()

func (*RespPile) DeepCopy

func (in *RespPile) DeepCopy() *RespPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RespPile.

func (*RespPile) DeepCopyInto

func (in *RespPile) DeepCopyInto(out *RespPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RespPile) Merge

func (pile *RespPile) Merge(otherPile *RespPile)

type RespProfile

type RespProfile struct {
	Headers       HeadersProfile   `json:"headers"`
	MediaType     MediaTypeProfile `json:"mediatype"`     // "text/html"
	ContentLength CountProfile     `json:"contentlength"` // 0
}

Exposes ValueProfile interface

func (*RespProfile) DeepCopy

func (in *RespProfile) DeepCopy() *RespProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RespProfile.

func (*RespProfile) DeepCopyInto

func (in *RespProfile) DeepCopyInto(out *RespProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RespProfile) Profile

func (profile *RespProfile) Profile(resp *http.Response)

type SessionDataConfig

type SessionDataConfig struct {
	Active   bool          `json:"active"`   // If not active, criteria ignored
	Req      ReqConfig     `json:"req"`      // Request criteria for blocking/allowing
	Resp     RespConfig    `json:"resp"`     // Response criteria for blocking/allowing
	ReqBody  BodyConfig    `json:"reqbody"`  // Request body criteria for blocking/allowing
	RespBody BodyConfig    `json:"respbody"` // Response body criteria for blocking/allowing
	Envelop  EnvelopConfig `json:"envelop"`  // Envelop criteria for blocking/allowing
	Pod      PodConfig     `json:"pod"`      // Pod criteria for blocking/allowing
}

Exposes ValueConfig interface

func (*SessionDataConfig) Decide

func (config *SessionDataConfig) Decide(profile *SessionDataProfile) *Decision

func (*SessionDataConfig) DeepCopy

func (in *SessionDataConfig) DeepCopy() *SessionDataConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionDataConfig.

func (*SessionDataConfig) DeepCopyInto

func (in *SessionDataConfig) DeepCopyInto(out *SessionDataConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SessionDataConfig) Learn

func (config *SessionDataConfig) Learn(pile *SessionDataPile)

func (*SessionDataConfig) Prepare added in v0.3.0

func (config *SessionDataConfig) Prepare()

type SessionDataPile

type SessionDataPile struct {
	Count    uint32      `json:"count"`
	Req      ReqPile     `json:"req"`
	Resp     RespPile    `json:"resp"`
	ReqBody  BodyPile    `json:"reqbody"`
	RespBody BodyPile    `json:"respbody"`
	Envelop  EnvelopPile `json:"envelop"`
	Pod      PodPile     `json:"pod"`
}

Exposes ValuePile interface

func (*SessionDataPile) Add

func (pile *SessionDataPile) Add(profile *SessionDataProfile)

func (*SessionDataPile) Clear

func (pile *SessionDataPile) Clear()

func (*SessionDataPile) DeepCopy

func (in *SessionDataPile) DeepCopy() *SessionDataPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionDataPile.

func (*SessionDataPile) DeepCopyInto

func (in *SessionDataPile) DeepCopyInto(out *SessionDataPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SessionDataPile) Merge

func (pile *SessionDataPile) Merge(otherPile *SessionDataPile)

type SessionDataProfile

type SessionDataProfile struct {
	Req      ReqProfile     `json:"req"`
	Resp     RespProfile    `json:"resp"`
	ReqBody  BodyProfile    `json:"reqbody"`
	RespBody BodyProfile    `json:"respbody"`
	Envelop  EnvelopProfile `json:"envelop"`
	Pod      PodProfile     `json:"pod"`
}

Exposes ValueProfile interface

func (*SessionDataProfile) DeepCopy

func (in *SessionDataProfile) DeepCopy() *SessionDataProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionDataProfile.

func (*SessionDataProfile) DeepCopyInto

func (in *SessionDataProfile) DeepCopyInto(out *SessionDataProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SessionDataProfile) Profile

func (profile *SessionDataProfile) Profile(req *http.Request, cip net.IP, resp *http.Response, reqData interface{}, respData interface{}, reqTime int64, respTime int64, endTime int64)

type SetConfig

type SetConfig struct {
	List []string `json:"set"`
	// contains filtered or unexported fields
}

Exposes ValueConfig interface During json.Marshal(), SetConfig exposes only the List After json.Unmarshal(), the map will be nil even when the List is not empty If the map is nil, it should be populated from the information in List If the map is populated it is always kept in-sync with the information in List

func (*SetConfig) Decide

func (config *SetConfig) Decide(profile *SetProfile) *Decision

func (*SetConfig) DeepCopy

func (in *SetConfig) DeepCopy() *SetConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetConfig.

func (*SetConfig) DeepCopyInto

func (in *SetConfig) DeepCopyInto(out *SetConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SetConfig) Learn

func (config *SetConfig) Learn(pile *SetPile)

pile is RO and unchanged - never uses pile internal objects

func (*SetConfig) Prepare added in v0.3.0

func (config *SetConfig) Prepare()

type SetPile

type SetPile struct {
	List []string `json:"set"`
	// contains filtered or unexported fields
}

Exposes ValuePile interface During json.Marshal(), SetPile exposes only the List After json.Unmarshal(), the map will be nil even when the List is not empty If the map is nil, it should be populated from the information in List If the map is populated it is always kept in-sync with the information in List

func (*SetPile) Add

func (pile *SetPile) Add(profile *SetProfile)

profile is RO and unchanged - never uses profile internal objects

func (*SetPile) Clear

func (pile *SetPile) Clear()

func (*SetPile) DeepCopy

func (in *SetPile) DeepCopy() *SetPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetPile.

func (*SetPile) DeepCopyInto

func (in *SetPile) DeepCopyInto(out *SetPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SetPile) Merge

func (pile *SetPile) Merge(otherPile *SetPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type SetProfile

type SetProfile []string

Exposes ValueProfile interface A Slice of tokens

func (SetProfile) DeepCopy

func (in SetProfile) DeepCopy() SetProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SetProfile.

func (SetProfile) DeepCopyInto

func (in SetProfile) DeepCopyInto(out *SetProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SetProfile) ProfileString

func (profile *SetProfile) ProfileString(str string)

func (*SetProfile) ProfileStringSlice

func (profile *SetProfile) ProfileStringSlice(strSlice []string)

type SimpleValConfig

type SimpleValConfig struct {
	Digits       LimitConfig      `json:"digits"`
	Letters      LimitConfig      `json:"letters"`
	Spaces       LimitConfig      `json:"spaces"`
	SpecialChars LimitConfig      `json:"schars"`
	NonReadables LimitConfig      `json:"nonreadables"`
	Unicodes     LimitConfig      `json:"unicodes"`
	Sequences    LimitConfig      `json:"sequences"`
	Flags        AsciiFlagsConfig `json:"flags"`
	UnicodeFlags FlagSliceConfig  `json:"unicodeFlags"`
	// contains filtered or unexported fields
}

Exposes ValueConfig interface

func (*SimpleValConfig) Decide

func (config *SimpleValConfig) Decide(profile *SimpleValProfile) *Decision

func (*SimpleValConfig) DeepCopy

func (in *SimpleValConfig) DeepCopy() *SimpleValConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SimpleValConfig.

func (*SimpleValConfig) DeepCopyInto

func (in *SimpleValConfig) DeepCopyInto(out *SimpleValConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SimpleValConfig) Fuse

func (config *SimpleValConfig) Fuse(otherConfig *SimpleValConfig)

func (*SimpleValConfig) Learn

func (config *SimpleValConfig) Learn(pile *SimpleValPile)

func (*SimpleValConfig) Prepare added in v0.3.0

func (config *SimpleValConfig) Prepare()

func (*SimpleValConfig) Score added in v0.6.0

func (config *SimpleValConfig) Score() uint32

This is an initial design of Score

type SimpleValPile

type SimpleValPile struct {
	Digits       LimitPile
	Letters      LimitPile
	Spaces       LimitPile
	SpecialChars LimitPile
	NonReadables LimitPile
	Unicodes     LimitPile
	Sequences    LimitPile
	Flags        AsciiFlagsPile
	UnicodeFlags FlagSlicePile
}

Exposes ValuePile interface

func (*SimpleValPile) Add

func (pile *SimpleValPile) Add(profile *SimpleValProfile)

func (*SimpleValPile) Clear

func (pile *SimpleValPile) Clear()

func (*SimpleValPile) DeepCopy

func (in *SimpleValPile) DeepCopy() *SimpleValPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SimpleValPile.

func (*SimpleValPile) DeepCopyInto

func (in *SimpleValPile) DeepCopyInto(out *SimpleValPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SimpleValPile) Merge

func (pile *SimpleValPile) Merge(otherPile *SimpleValPile)

type SimpleValProfile

type SimpleValProfile struct {
	Digits       LimitProfile
	Letters      LimitProfile
	Spaces       LimitProfile
	SpecialChars LimitProfile
	NonReadables LimitProfile
	Unicodes     LimitProfile
	Sequences    LimitProfile
	Flags        AsciiFlagsProfile
	UnicodeFlags FlagSliceProfile
}

Exposes ValueProfile interface

func (*SimpleValProfile) DeepCopy

func (in *SimpleValProfile) DeepCopy() *SimpleValProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SimpleValProfile.

func (*SimpleValProfile) DeepCopyInto

func (in *SimpleValProfile) DeepCopyInto(out *SimpleValProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SimpleValProfile) Profile

func (profile *SimpleValProfile) Profile(str string)

type StructuredConfig

type StructuredConfig struct {
	Kind string           `json:"kind"` // boolean, number, string, skip, array, object
	Val  *SimpleValConfig `json:"val"`  // used for: array, boolean, number, string items
	Kv   KeyValConfig     `json:"kv"`   // used for: object items
}

Exposes ValueConfig interface

func (*StructuredConfig) Decide

func (config *StructuredConfig) Decide(profile *StructuredProfile) *Decision

func (*StructuredConfig) DeepCopy

func (in *StructuredConfig) DeepCopy() *StructuredConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StructuredConfig.

func (*StructuredConfig) DeepCopyInto

func (in *StructuredConfig) DeepCopyInto(out *StructuredConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*StructuredConfig) Learn

func (config *StructuredConfig) Learn(pile *StructuredPile)

pile is RO and unchanged - never uses pile internal objects

func (*StructuredConfig) Prepare added in v0.3.0

func (config *StructuredConfig) Prepare()

type StructuredPile

type StructuredPile struct {
	Kind string         `json:"kind"` // bool, float64, string, array, map
	Val  *SimpleValPile `json:"val"`  // used for: array, boolean, number, string items
	Kv   KeyValPile     `json:"kv"`   // used for: object items
}

Exposes ValuePile interface

func (*StructuredPile) Add

func (pile *StructuredPile) Add(profile *StructuredProfile)

profile is RO and unchanged - never uses profile internal objects

func (*StructuredPile) Clear

func (pile *StructuredPile) Clear()

func (*StructuredPile) DeepCopy

func (in *StructuredPile) DeepCopy() *StructuredPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StructuredPile.

func (*StructuredPile) DeepCopyInto

func (in *StructuredPile) DeepCopyInto(out *StructuredPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*StructuredPile) Merge

func (pile *StructuredPile) Merge(otherPile *StructuredPile)

otherPile is RO and unchanged - never uses otherPile internal objects

type StructuredProfile

type StructuredProfile struct {
	Kind string             `json:"kind"` // bool, float64, string, array, map
	Vals []SimpleValProfile `json:"vals"` // used for: array, boolean, number, string items
	Kv   KeyValProfile      `json:"kv"`   // used for: object items
}

Exposes ValueProfile interface

 JsonProfile struct - maintain the profile of a json with some structure
	Data Types: The default Golang data types for decoding and encoding JSON are as follows:
		bool for JSON booleans.
		float64 for JSON numbers.
		string for JSON strings.
		nil for JSON null.
		array as JSON array.
		map or struct as JSON Object.

func (*StructuredProfile) DeepCopy

func (in *StructuredProfile) DeepCopy() *StructuredProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StructuredProfile.

func (*StructuredProfile) DeepCopyInto

func (in *StructuredProfile) DeepCopyInto(out *StructuredProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*StructuredProfile) Profile

func (profile *StructuredProfile) Profile(data interface{})

type SyncMessageReq added in v0.5.0

type SyncMessageReq struct {
	Pile           *SessionDataPile `json:"pile"`
	Alerts         []Alert          `json:"alerts"`
	IamCompromised bool             `json:"compromised"`
}

func (*SyncMessageReq) DeepCopy added in v0.5.0

func (in *SyncMessageReq) DeepCopy() *SyncMessageReq

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncMessageReq.

func (*SyncMessageReq) DeepCopyInto added in v0.5.0

func (in *SyncMessageReq) DeepCopyInto(out *SyncMessageReq)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SyncMessageResp added in v0.5.0

type SyncMessageResp struct {
	Guardian *GuardianSpec `json:"guardian"`
}

func (*SyncMessageResp) DeepCopy added in v0.5.0

func (in *SyncMessageResp) DeepCopy() *SyncMessageResp

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncMessageResp.

func (*SyncMessageResp) DeepCopyInto added in v0.5.0

func (in *SyncMessageResp) DeepCopyInto(out *SyncMessageResp)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type UrlConfig

type UrlConfig struct {
	Val      SimpleValConfig `json:"val"`
	Segments CountConfig     `json:"segments"`
}

Exposes ValueConfig interface

func (*UrlConfig) Decide

func (config *UrlConfig) Decide(profile *UrlProfile) *Decision

func (*UrlConfig) DeepCopy

func (in *UrlConfig) DeepCopy() *UrlConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UrlConfig.

func (*UrlConfig) DeepCopyInto

func (in *UrlConfig) DeepCopyInto(out *UrlConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UrlConfig) Learn

func (config *UrlConfig) Learn(pile *UrlPile)

func (*UrlConfig) Prepare added in v0.3.0

func (config *UrlConfig) Prepare()

type UrlPile

type UrlPile struct {
	Val      SimpleValPile `json:"val"`
	Segments CountPile     `json:"segments"`
}

Exposes ValuePile interface

func (*UrlPile) Add

func (pile *UrlPile) Add(profile *UrlProfile)

func (*UrlPile) Clear

func (pile *UrlPile) Clear()

func (*UrlPile) DeepCopy

func (in *UrlPile) DeepCopy() *UrlPile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UrlPile.

func (*UrlPile) DeepCopyInto

func (in *UrlPile) DeepCopyInto(out *UrlPile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UrlPile) Merge

func (pile *UrlPile) Merge(otherPile *UrlPile)

type UrlProfile

type UrlProfile struct {
	Val      SimpleValProfile `json:"val"`
	Segments CountProfile     `json:"segments"`
}

Exposes ValueProfile interface

func (*UrlProfile) DeepCopy

func (in *UrlProfile) DeepCopy() *UrlProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UrlProfile.

func (*UrlProfile) DeepCopyInto

func (in *UrlProfile) DeepCopyInto(out *UrlProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UrlProfile) Profile

func (profile *UrlProfile) Profile(path string)

type ValueConfig

type ValueConfig interface {

	// Prepare the config during loading of a new config
	Prepare()
	// contains filtered or unexported methods
}

A Config defining what Value should adhere to

type ValuePile

type ValuePile interface {

	// Clear the pile from all profiles and free any memory held by pile
	Clear()
	// contains filtered or unexported methods
}

A Pile accumulating information from zero or more Values

type ValueProfile

type ValueProfile interface {
	// contains filtered or unexported methods
}

A Profile describing the Value

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL