appsecacquisition

package
v1.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2025 License: MIT Imports: 45 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	InBand    = "inband"
	OutOfBand = "outofband"
)

Variables

View Source 
var CRSAnomalyScores = []string{
	"sql_injection_score",
	"xss_score",
	"rfi_score",
	"lfi_score",
	"rce_score",
	"php_injection_score",
	"http_violation_score",
	"session_fixation_score",
	"anomaly_score",
}
View Source 
var DefaultAuthCacheDuration = (1 * time.Minute)

Functions

func AppsecEventGeneration 

func AppsecEventGeneration(inEvt types.Event, request *http.Request) (*types.Event, error)

func AppsecEventGenerationGeoIPEnrich added in v1.6.5 

func AppsecEventGenerationGeoIPEnrich(src *models.Source) error

func EventFromRequest 

func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error)

func LogAppsecEvent 

func LogAppsecEvent(evt *types.Event, logger *log.Entry)

func RegisterRX 

func RegisterRX()

RegisterRX registers the rx operator using a WASI implementation instead of Go.

Types

type AppsecRunner 

type AppsecRunner struct {
	UUID                string
	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
	AppsecInbandEngine  coraza.WAF
	AppsecOutbandEngine coraza.WAF
	Labels              map[string]string
	// contains filtered or unexported fields
}

that's the runtime structure of the Application security engine as seen from the acquis

func (*AppsecRunner) AccumulateTxToEvent 

func (r *AppsecRunner) AccumulateTxToEvent(evt *types.Event, req *appsec.ParsedRequest) error

func (*AppsecRunner) Init 

func (r *AppsecRunner) Init(datadir string) error

func (*AppsecRunner) MergeDedupRules added in v1.6.5 

func (r *AppsecRunner) MergeDedupRules(collections []appsec.AppsecCollection, logger *log.Entry) string

func (*AppsecRunner) ProcessInBandRules 

func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) ProcessOutOfBandRules 

func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) Run 

func (r *AppsecRunner) Run(t *tomb.Tomb) error

type AppsecSource 

type AppsecSource struct {
	InChan        chan appsec.ParsedRequest
	AppsecRuntime *appsec.AppsecRuntimeConfig
	AppsecConfigs map[string]appsec.AppsecConfig

	AuthCache     AuthCache
	AppsecRunners []AppsecRunner // one for each go-routine
	// contains filtered or unexported fields
}

runtime structure of AppsecSourceConfig

func (*AppsecSource) CanRun 

func (*AppsecSource) CanRun() error

func (*AppsecSource) Configure 

func (w *AppsecSource) Configure(yamlConfig []byte, logger *log.Entry, metricsLevel metrics.AcquisitionMetricsLevel) error

func (*AppsecSource) Dump 

func (w *AppsecSource) Dump() any

func (*AppsecSource) GetAggregMetrics 

func (*AppsecSource) GetAggregMetrics() []prometheus.Collector

func (*AppsecSource) GetMetrics 

func (*AppsecSource) GetMetrics() []prometheus.Collector

func (*AppsecSource) GetMode 

func (w *AppsecSource) GetMode() string

func (*AppsecSource) GetName 

func (*AppsecSource) GetName() string

func (*AppsecSource) GetUuid 

func (w *AppsecSource) GetUuid() string

func (*AppsecSource) StreamingAcquisition 

func (w *AppsecSource) StreamingAcquisition(ctx context.Context, out chan types.Event, t *tomb.Tomb) error

func (*AppsecSource) UnmarshalConfig 

func (w *AppsecSource) UnmarshalConfig(yamlConfig []byte) error

type AppsecSourceConfig 

type AppsecSourceConfig struct {
	ListenAddr                        string         `yaml:"listen_addr"`
	ListenSocket                      string         `yaml:"listen_socket"`
	CertFilePath                      string         `yaml:"cert_file"`
	KeyFilePath                       string         `yaml:"key_file"`
	Path                              string         `yaml:"path"`
	Routines                          int            `yaml:"routines"`
	AppsecConfig                      string         `yaml:"appsec_config"`
	AppsecConfigs                     []string       `yaml:"appsec_configs"`
	AppsecConfigPath                  string         `yaml:"appsec_config_path"`
	AuthCacheDuration                 *time.Duration `yaml:"auth_cache_duration"`
	configuration.DataSourceCommonCfg `yaml:",inline"`
}

configuration structure of the acquis for the application security engine

type AuthCache 

type AuthCache struct {
	APIKeys map[string]time.Time
	// contains filtered or unexported fields
}

Struct to handle cache of authentication

func NewAuthCache 

func NewAuthCache() AuthCache

func (*AuthCache) Delete added in v1.6.9 

func (ac *AuthCache) Delete(apiKey string)

func (*AuthCache) Get 

func (ac *AuthCache) Get(apiKey string) (time.Time, bool)

func (*AuthCache) Set 

func (ac *AuthCache) Set(apiKey string, expiration time.Time)

type BodyResponse 

type BodyResponse struct {
	Action string `json:"action"`
}

@tko + @sbl : we might want to get rid of that or improve it

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.