appsecacquisition

package

v1.7.4 Latest Latest Go to latest Published: Dec 3, 2025 License: MIT Imports: 45 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/crowdsecurity/crowdsec

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func AppsecEventGeneration(inEvt pipeline.Event, request *http.Request) (*pipeline.Event, error)
func AppsecEventGenerationGeoIPEnrich(src *models.Source) error
func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string, txUuid string) (pipeline.Event, error)
func LogAppsecEvent(evt *pipeline.Event, logger *log.Entry)
func RegisterRX()
type AppsecRunner
type AuthCache
- func NewAuthCache() AuthCache
type Configuration
type Source

Constants ¶

This section is empty.

Variables ¶

View Source

var CRSAnomalyScores = []string{
	"sql_injection_score",
	"xss_score",
	"rfi_score",
	"lfi_score",
	"rce_score",
	"php_injection_score",
	"http_violation_score",
	"session_fixation_score",
	"anomaly_score",
}

View Source

var DefaultAuthCacheDuration = (1 * time.Minute)

Functions ¶

func AppsecEventGeneration ¶

func AppsecEventGeneration(inEvt pipeline.Event, request *http.Request) (*pipeline.Event, error)

func AppsecEventGenerationGeoIPEnrich ¶ added in v1.6.5

func AppsecEventGenerationGeoIPEnrich(src *models.Source) error

func EventFromRequest ¶

func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string, txUuid string) (pipeline.Event, error)

func LogAppsecEvent ¶

func LogAppsecEvent(evt *pipeline.Event, logger *log.Entry)

func RegisterRX ¶

func RegisterRX()

RegisterRX registers the rx operator using a WASI implementation instead of Go.

Types ¶

type AppsecRunner ¶

type AppsecRunner struct {
	UUID                string
	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
	AppsecInbandEngine  coraza.WAF
	AppsecOutbandEngine coraza.WAF
	Labels              map[string]string
	// contains filtered or unexported fields
}

that's the runtime structure of the Application security engine as seen from the acquis

func (*AppsecRunner) AccumulateTxToEvent ¶

func (r *AppsecRunner) AccumulateTxToEvent(evt *pipeline.Event, state *appsec.AppsecRequestState, req *appsec.ParsedRequest)

func (*AppsecRunner) Init ¶

func (r *AppsecRunner) Init(datadir string) error

func (*AppsecRunner) MergeDedupRules ¶ added in v1.6.5

func (*AppsecRunner) MergeDedupRules(collections []appsec.AppsecCollection, logger *log.Entry) string

func (*AppsecRunner) ProcessInBandRules ¶

func (r *AppsecRunner) ProcessInBandRules(state *appsec.AppsecRequestState, request *appsec.ParsedRequest) error

func (*AppsecRunner) ProcessOutOfBandRules ¶

func (r *AppsecRunner) ProcessOutOfBandRules(state *appsec.AppsecRequestState, request *appsec.ParsedRequest) error

func (*AppsecRunner) Run ¶

func (r *AppsecRunner) Run(t *tomb.Tomb) error

type AuthCache ¶

type AuthCache struct {
	APIKeys map[string]time.Time
	// contains filtered or unexported fields
}

func NewAuthCache ¶

func NewAuthCache() AuthCache

func (*AuthCache) Delete ¶ added in v1.6.9

func (ac *AuthCache) Delete(apiKey string)

func (*AuthCache) Get ¶

func (ac *AuthCache) Get(apiKey string) (time.Time, bool)

func (*AuthCache) Set ¶

func (ac *AuthCache) Set(apiKey string, expiration time.Time)

type Configuration ¶ added in v1.7.4

type Configuration struct {
	ListenAddr                        string         `yaml:"listen_addr"`
	ListenSocket                      string         `yaml:"listen_socket"`
	CertFilePath                      string         `yaml:"cert_file"`
	KeyFilePath                       string         `yaml:"key_file"`
	Path                              string         `yaml:"path"`
	Routines                          int            `yaml:"routines"`
	AppsecConfig                      string         `yaml:"appsec_config"`
	AppsecConfigs                     []string       `yaml:"appsec_configs"`
	AppsecConfigPath                  string         `yaml:"appsec_config_path"`
	AuthCacheDuration                 *time.Duration `yaml:"auth_cache_duration"`
	configuration.DataSourceCommonCfg `yaml:",inline"`
}

configuration structure of the acquis for the application security engine

type Source ¶ added in v1.7.4

type Source struct {
	InChan        chan appsec.ParsedRequest
	AppsecRuntime *appsec.AppsecRuntimeConfig
	AppsecConfigs map[string]appsec.AppsecConfig

	AuthCache     AuthCache
	AppsecRunners []AppsecRunner // one for each go-routine
	// contains filtered or unexported fields
}

func (*Source) CanRun ¶ added in v1.7.4

func (*Source) CanRun() error

func (*Source) Configure ¶ added in v1.7.4

func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Entry, _ metrics.AcquisitionMetricsLevel) error

func (*Source) Dump ¶ added in v1.7.4

func (w *Source) Dump() any

func (*Source) GetAggregMetrics ¶ added in v1.7.4

func (*Source) GetAggregMetrics() []prometheus.Collector

func (*Source) GetMetrics ¶ added in v1.7.4

func (*Source) GetMetrics() []prometheus.Collector

func (*Source) GetMode ¶ added in v1.7.4

func (w *Source) GetMode() string

func (*Source) GetName ¶ added in v1.7.4

func (*Source) GetName() string

func (*Source) GetUuid ¶ added in v1.7.4

func (w *Source) GetUuid() string

func (*Source) StreamingAcquisition ¶ added in v1.7.4

func (w *Source) StreamingAcquisition(ctx context.Context, out chan pipeline.Event, t *tomb.Tomb) error

func (*Source) UnmarshalConfig ¶ added in v1.7.4

func (w *Source) UnmarshalConfig(yamlConfig []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL