Documentation
¶
Index ¶
- Constants
- Variables
- func FieldEncryptionInterceptor(encryptor FieldEncryptor) interface{}
- type AccessControl
- type CallRecord
- type CircuitBreaker
- type CircuitBreakerDecorator
- type CircuitBreakerState
- type ConfigDetector
- type DefaultAccessControl
- func (ac *DefaultAccessControl) AddRule(from, to ServiceIdentity, methods []string)
- func (ac *DefaultAccessControl) AllowCall(from, to ServiceIdentity, method string) bool
- func (ac *DefaultAccessControl) GetAllowed(from ServiceIdentity) []ServiceIdentity
- func (ac *DefaultAccessControl) GetRecords() []CallRecord
- func (ac *DefaultAccessControl) RecordCall(from, to ServiceIdentity, method string, timestamp time.Time, ...)
- func (ac *DefaultAccessControl) RemoveRule(from, to ServiceIdentity)
- func (ac *DefaultAccessControl) SetMaxRecords(max int)
- type Detector
- type FieldEncryptor
- type RateLimitDecorator
- type RateLimiter
- type ScanConfig
- type ScanResult
- type Scanner
- type SegregationDecorator
- type ServiceDecorator
- type ServiceIdentity
- type ServiceIsolator
- func (si *ServiceIsolator) AddDecorator(decorator ServiceDecorator)
- func (si *ServiceIsolator) DeregisterService(service ServiceIdentity)
- func (si *ServiceIsolator) GetAllowedServices(from ServiceIdentity) []ServiceIdentity
- func (si *ServiceIsolator) GetSegregationGroup(key string) (string, error)
- func (si *ServiceIsolator) GetService(serviceName string) (ServiceIdentity, bool)
- func (si *ServiceIsolator) PrepareCall(ctx context.Context, from, to ServiceIdentity, method string) (context.Context, error)
- func (si *ServiceIsolator) RecordCall(from, to ServiceIdentity, method string, timestamp time.Time, ...)
- func (si *ServiceIsolator) RegisterSegregationKey(key, group string)
- func (si *ServiceIsolator) RegisterService(service ServiceIdentity)
- func (si *ServiceIsolator) RemoveSegregationKey(key string)
- type ServiceIsolatorOption
- type Severity
- type TLSConfigDetector
- type Vulnerability
- type VulnerabilityType
Constants ¶
View Source
const ( // 完全加密 EncryptFull = "encrypt" // 部分掩码 (如信用卡只显示后4位) EncryptMask = "mask" // 仅用于传输加密,存储时明文 EncryptTransport = "transport" )
EncryptionTagValue 标记加密字段的值选项
View Source
const EncryptionTag = "secure"
EncryptionTag 标记需要加密的字段标签名
Variables ¶
View Source
var ( ErrInvalidKey = errors.New("无效的加密密钥") ErrEncryptionFailed = errors.New("字段加密失败") ErrDecryptionFailed = errors.New("字段解密失败") ErrInvalidCiphertext = errors.New("无效的密文格式") ErrInvalidMessageType = errors.New("无效的消息类型,无法处理") ErrFieldNotFound = errors.New("找不到指定的字段") )
定义可能的错误
View Source
var ( ErrServiceNotAllowed = errors.New("服务调用不被允许") ErrRateLimitExceeded = errors.New("超过服务调用速率限制") ErrMethodNotAllowed = errors.New("方法调用不被允许") ErrInvalidSegregationKey = errors.New("无效的隔离键") )
服务隔离错误定义
Functions ¶
func FieldEncryptionInterceptor ¶
func FieldEncryptionInterceptor(encryptor FieldEncryptor) interface{}
FieldEncryptionInterceptor 创建用于gRPC的字段加密拦截器
Types ¶
type AccessControl ¶
type AccessControl interface {
// AllowCall 决定是否允许服务调用
AllowCall(from, to ServiceIdentity, method string) bool
// RecordCall 记录服务调用
RecordCall(from, to ServiceIdentity, method string, timestamp time.Time, duration time.Duration, err error)
// GetAllowed 获取允许调用的服务列表
GetAllowed(from ServiceIdentity) []ServiceIdentity
}
AccessControl 是一个控制服务间访问的接口
type CallRecord ¶
type CallRecord struct {
From ServiceIdentity
To ServiceIdentity
Method string
Timestamp time.Time
Duration time.Duration
Error error
}
CallRecord 表示调用记录
type CircuitBreaker ¶
type CircuitBreaker interface {
// AllowRequest 判断是否允许请求
AllowRequest(key string) bool
// RecordSuccess 记录成功的请求
RecordSuccess(key string)
// RecordFailure 记录失败的请求
RecordFailure(key string, err error)
// GetState 获取熔断器状态
GetState(key string) CircuitBreakerState
}
CircuitBreaker 表示服务熔断器
type CircuitBreakerDecorator ¶
type CircuitBreakerDecorator struct {
// contains filtered or unexported fields
}
CircuitBreakerDecorator 实现了熔断装饰器
func NewCircuitBreakerDecorator ¶
func NewCircuitBreakerDecorator(breaker CircuitBreaker) *CircuitBreakerDecorator
NewCircuitBreakerDecorator 创建熔断装饰器
func (*CircuitBreakerDecorator) Decorate ¶
func (d *CircuitBreakerDecorator) Decorate(ctx context.Context, target ServiceIdentity, method string) (context.Context, error)
Decorate 实现ServiceDecorator接口
func (*CircuitBreakerDecorator) Name ¶
func (d *CircuitBreakerDecorator) Name() string
Name 实现ServiceDecorator接口
func (*CircuitBreakerDecorator) RecordResult ¶
func (d *CircuitBreakerDecorator) RecordResult(ctx context.Context, err error)
RecordResult 记录请求结果
type CircuitBreakerState ¶
type CircuitBreakerState int
CircuitBreakerState 定义了熔断器状态
const ( CircuitClosed CircuitBreakerState = iota // 关闭状态(允许请求) CircuitOpen // 开启状态(阻止请求) CircuitHalfOpen // 半开状态(允许部分请求) )
type ConfigDetector ¶
type ConfigDetector struct{}
配置漏洞检测器
func NewConfigDetector ¶
func NewConfigDetector() *ConfigDetector
func (*ConfigDetector) Description ¶
func (d *ConfigDetector) Description() string
func (*ConfigDetector) Detect ¶
func (d *ConfigDetector) Detect(ctx context.Context, target interface{}) ([]Vulnerability, error)
func (*ConfigDetector) Name ¶
func (d *ConfigDetector) Name() string
type DefaultAccessControl ¶
type DefaultAccessControl struct {
// contains filtered or unexported fields
}
DefaultAccessControl 是默认的访问控制实现
func NewDefaultAccessControl ¶
func NewDefaultAccessControl() *DefaultAccessControl
NewDefaultAccessControl 创建默认访问控制
func (*DefaultAccessControl) AddRule ¶
func (ac *DefaultAccessControl) AddRule(from, to ServiceIdentity, methods []string)
AddRule 添加访问规则
func (*DefaultAccessControl) AllowCall ¶
func (ac *DefaultAccessControl) AllowCall(from, to ServiceIdentity, method string) bool
AllowCall 实现AccessControl接口
func (*DefaultAccessControl) GetAllowed ¶
func (ac *DefaultAccessControl) GetAllowed(from ServiceIdentity) []ServiceIdentity
GetAllowed 实现AccessControl接口
func (*DefaultAccessControl) GetRecords ¶
func (ac *DefaultAccessControl) GetRecords() []CallRecord
GetRecords 获取所有调用记录
func (*DefaultAccessControl) RecordCall ¶
func (ac *DefaultAccessControl) RecordCall(from, to ServiceIdentity, method string, timestamp time.Time, duration time.Duration, err error)
RecordCall 实现AccessControl接口
func (*DefaultAccessControl) RemoveRule ¶
func (ac *DefaultAccessControl) RemoveRule(from, to ServiceIdentity)
RemoveRule 移除访问规则
func (*DefaultAccessControl) SetMaxRecords ¶
func (ac *DefaultAccessControl) SetMaxRecords(max int)
SetMaxRecords 设置最大记录数
type Detector ¶
type Detector interface {
// Name 返回检测器名称
Name() string
// Description 返回检测器描述
Description() string
// Detect 执行检测,返回发现的漏洞
Detect(ctx context.Context, target interface{}) ([]Vulnerability, error)
}
检测器接口
type FieldEncryptor ¶
type FieldEncryptor interface {
// Encrypt 加密消息中的敏感字段
Encrypt(msg interface{}) error
// Decrypt 解密消息中的敏感字段
Decrypt(msg interface{}) error
// RegisterType 注册一个需要处理的消息类型及其敏感字段
RegisterType(msgType interface{}, fieldPaths []string)
// SetKey 设置加密密钥
SetKey(key []byte) error
}
FieldEncryptor 敏感字段加密器接口
func NewFieldEncryptor ¶
func NewFieldEncryptor(key []byte) (FieldEncryptor, error)
NewFieldEncryptor 创建新的字段加密器
type RateLimitDecorator ¶
type RateLimitDecorator struct {
// contains filtered or unexported fields
}
RateLimitDecorator 实现了速率限制装饰器
func NewRateLimitDecorator ¶
func NewRateLimitDecorator(limiter RateLimiter) *RateLimitDecorator
NewRateLimitDecorator 创建速率限制装饰器
func (*RateLimitDecorator) Decorate ¶
func (d *RateLimitDecorator) Decorate(ctx context.Context, target ServiceIdentity, method string) (context.Context, error)
Decorate 实现ServiceDecorator接口
func (*RateLimitDecorator) Name ¶
func (d *RateLimitDecorator) Name() string
Name 实现ServiceDecorator接口
type RateLimiter ¶
type RateLimiter interface {
// Allow 判断是否允许请求
Allow(key string) bool
// Record 记录一次请求
Record(key string)
}
RateLimiter 表示速率限制器
type ScanConfig ¶
type ScanConfig struct {
Timeout time.Duration // 扫描超时时间
Concurrency int // 并发扫描数量
TargetHosts []string // 目标主机列表
TargetPorts []int // 目标端口列表
TargetPaths []string // 目标路径列表
TargetFiles []string // 目标文件列表
ExcludeDetectors []string // 排除的检测器
IncludeDetectors []string // 包含的检测器
MinSeverity Severity // 最小严重程度
Headers http.Header // HTTP请求头
HTTPClient *http.Client // HTTP客户端
CustomParams map[string]any // 自定义参数
}
扫描配置
type ScanResult ¶
type ScanResult struct {
Target string // 扫描目标
Vulnerabilities []Vulnerability // 发现的漏洞
StartTime time.Time // 开始时间
EndTime time.Time // 结束时间
Duration time.Duration // 扫描持续时间
Error error // 扫描错误
}
扫描结果
type SegregationDecorator ¶
type SegregationDecorator struct {
// contains filtered or unexported fields
}
SegregationDecorator 实现了服务隔离组装饰器
func NewSegregationDecorator ¶
func NewSegregationDecorator(isolator *ServiceIsolator) *SegregationDecorator
NewSegregationDecorator 创建服务隔离组装饰器
func (*SegregationDecorator) Decorate ¶
func (d *SegregationDecorator) Decorate(ctx context.Context, target ServiceIdentity, method string) (context.Context, error)
Decorate 实现ServiceDecorator接口
func (*SegregationDecorator) Name ¶
func (d *SegregationDecorator) Name() string
Name 实现ServiceDecorator接口
type ServiceDecorator ¶
type ServiceDecorator interface {
// Decorate 对服务间调用进行装饰
Decorate(ctx context.Context, target ServiceIdentity, method string) (context.Context, error)
// Name 返回装饰器的名称
Name() string
}
ServiceDecorator 定义了服务之间的通信装饰器
type ServiceIdentity ¶
type ServiceIdentity struct {
Name string // 服务名称
Namespace string // 命名空间
Version string // 版本
Roles []string // 服务角色
Metadata map[string]string // 元数据
}
ServiceIdentity 表示服务身份
type ServiceIsolator ¶
type ServiceIsolator struct {
// contains filtered or unexported fields
}
ServiceIsolator 实现了服务隔离
func NewServiceIsolator ¶
func NewServiceIsolator(opts ...ServiceIsolatorOption) *ServiceIsolator
NewServiceIsolator 创建新的服务隔离器
func (*ServiceIsolator) AddDecorator ¶
func (si *ServiceIsolator) AddDecorator(decorator ServiceDecorator)
AddDecorator 添加服务装饰器
func (*ServiceIsolator) DeregisterService ¶
func (si *ServiceIsolator) DeregisterService(service ServiceIdentity)
DeregisterService 注销服务
func (*ServiceIsolator) GetAllowedServices ¶
func (si *ServiceIsolator) GetAllowedServices(from ServiceIdentity) []ServiceIdentity
GetAllowedServices 获取允许调用的服务列表
func (*ServiceIsolator) GetSegregationGroup ¶
func (si *ServiceIsolator) GetSegregationGroup(key string) (string, error)
GetSegregationGroup 获取隔离组
func (*ServiceIsolator) GetService ¶
func (si *ServiceIsolator) GetService(serviceName string) (ServiceIdentity, bool)
GetService 获取服务身份
func (*ServiceIsolator) PrepareCall ¶
func (si *ServiceIsolator) PrepareCall(ctx context.Context, from, to ServiceIdentity, method string) (context.Context, error)
PrepareCall 准备服务调用
func (*ServiceIsolator) RecordCall ¶
func (si *ServiceIsolator) RecordCall(from, to ServiceIdentity, method string, timestamp time.Time, duration time.Duration, err error)
RecordCall 记录服务调用
func (*ServiceIsolator) RegisterSegregationKey ¶
func (si *ServiceIsolator) RegisterSegregationKey(key, group string)
RegisterSegregationKey 注册隔离键,用于服务分组
func (*ServiceIsolator) RegisterService ¶
func (si *ServiceIsolator) RegisterService(service ServiceIdentity)
RegisterService 注册服务
func (*ServiceIsolator) RemoveSegregationKey ¶
func (si *ServiceIsolator) RemoveSegregationKey(key string)
RemoveSegregationKey 移除隔离键
type ServiceIsolatorOption ¶
type ServiceIsolatorOption func(*ServiceIsolator)
ServiceIsolatorOption 是ServiceIsolator的选项函数
func WithAccessControl ¶
func WithAccessControl(ac AccessControl) ServiceIsolatorOption
WithAccessControl 设置访问控制组件
func WithDecorators ¶
func WithDecorators(decorators ...ServiceDecorator) ServiceIsolatorOption
WithDecorators 设置服务装饰器
type TLSConfigDetector ¶
type TLSConfigDetector struct{}
TLS配置检测器
func NewTLSConfigDetector ¶
func NewTLSConfigDetector() *TLSConfigDetector
func (*TLSConfigDetector) Description ¶
func (d *TLSConfigDetector) Description() string
func (*TLSConfigDetector) Detect ¶
func (d *TLSConfigDetector) Detect(ctx context.Context, target interface{}) ([]Vulnerability, error)
func (*TLSConfigDetector) Name ¶
func (d *TLSConfigDetector) Name() string
type Vulnerability ¶
type Vulnerability struct {
ID string // 漏洞ID
Type VulnerabilityType // 漏洞类型
Title string // 标题
Description string // 描述
Severity Severity // 严重程度
Target string // 目标(URL, 端点, 文件等)
Evidence string // 证据
Remediation string // 修复建议
References []string // 参考资料
Metadata map[string]string // 元数据
}
漏洞
type VulnerabilityType ¶
type VulnerabilityType string
漏洞类型
const ( VulnTypeTLS VulnerabilityType = "TLS_CONFIGURATION" VulnTypeAuthentication VulnerabilityType = "AUTHENTICATION" VulnTypeAuthorization VulnerabilityType = "AUTHORIZATION" VulnTypeInjection VulnerabilityType = "INJECTION" VulnTypeConfiguration VulnerabilityType = "CONFIGURATION" VulnTypeExposure VulnerabilityType = "INFORMATION_EXPOSURE" )
Source Files
Click to show internal directories.
Click to hide internal directories.