Documentation
¶
Index ¶
- Variables
- func FormatBytes(bytes int64) string
- func InitCPU(lim Limits)
- func InitMemory(lim Limits)
- func IsSymlink(path string) (bool, error)
- func ReloadMemoryLimits()
- func SafeAppendFile(path string, data []byte, perm os.FileMode) error
- func SafeAppendFlags() int
- func SafeCreate(path string, perm os.FileMode) (*os.File, error)
- func SafeFileFlags() int
- func SafeMkdirAll(path string, perm os.FileMode) error
- func SafeOpenFile(path string, flag int, perm os.FileMode) (*os.File, error)
- func SafeWriteFile(path string, data []byte, perm os.FileMode) error
- func ValidateDirectory(dir string) error
- func ValidatePath(path string) error
- type Limits
- type MemAvail
- type MemoryLimits
- type SystemIPs
Constants ¶
This section is empty.
Variables ¶
var ErrInsecureDirectory = errors.New("target directory has insecure permissions (world-writable)")
ErrInsecureDirectory is returned when target directory has insecure permissions
var ErrPathTraversal = errors.New("path traversal detected")
ErrPathTraversal is returned when path traversal is detected
var ErrSymlinkDetected = errors.New("symlink detected in path (TOCTOU protection)")
ErrSymlinkDetected is returned when a symlink is detected in the path
Functions ¶
func FormatBytes ¶
FormatBytes converts bytes to human-readable format
func InitCPU ¶
func InitCPU(lim Limits)
InitCPU sets GOMAXPROCS based on config This prevents the Go server from consuming all CPU cores
func InitMemory ¶
func InitMemory(lim Limits)
InitMemory sets memory limit based on config Uses runtime/debug SetMemoryLimit (Go 1.19+)
func ReloadMemoryLimits ¶ added in v1.0.28
func ReloadMemoryLimits()
ReloadMemoryLimits reloads limits from environment (for testing/config changes)
func SafeAppendFile ¶ added in v1.0.28
SafeAppendFile appends data to a file with TOCTOU protection
func SafeAppendFlags ¶ added in v1.0.28
func SafeAppendFlags() int
SafeAppendFlags returns secure flags for appending to files
func SafeCreate ¶ added in v1.0.28
SafeCreate creates a file with TOCTOU protection - Validates path for symlinks and traversal - Uses O_NOFOLLOW to prevent symlink following - Validates parent directory permissions
func SafeFileFlags ¶ added in v1.0.28
func SafeFileFlags() int
SafeFileFlags returns secure flags for file creation O_NOFOLLOW prevents following symlinks (TOCTOU protection) O_EXCL ensures file is created (not opened if exists)
func SafeMkdirAll ¶ added in v1.0.28
SafeMkdirAll creates directories with TOCTOU protection Validates each path component is not a symlink
func SafeOpenFile ¶ added in v1.0.28
SafeOpenFile opens a file with TOCTOU protection
func SafeWriteFile ¶ added in v1.0.28
SafeWriteFile writes data to a file with TOCTOU protection Uses atomic write pattern: write to temp, then rename
func ValidateDirectory ¶ added in v1.0.28
ValidateDirectory checks if a directory is safe for file creation Returns error if directory is world-writable (o+w)
func ValidatePath ¶ added in v1.0.28
ValidatePath performs security checks on a file path - Rejects symlinks anywhere in the path - Rejects path traversal attempts (../) - Rejects world-writable directories
Types ¶
type Limits ¶
type Limits struct {
// GOMAXPROCS limit (CPU cores)
GoMaxProcs int // default: 2
// Connection limits
MaxConcurrentConns int // default: 100
MaxConnsPerIP int // default: 10
// Request limits
RequestTimeoutSec int // default: 30
MaxRequestBodyMB int // default: 10
MaxRequestBodyBytes int64 // computed from MB
// Rate limiting
RateLimitPerMin int // default: 60 requests per minute per IP
// Memory limits
MaxMemoryPercent int // default: 20% of available
MaxMemoryBytes int64 // default: 512 MiB
// Logging
EnableMetrics bool // default: true
}
Limits holds all safety thresholds for the GUI server
type MemAvail ¶
MemAvail holds available memory info (cgroup-aware) This matches the pattern from go-feeds/internal/safety/mem.go
func AvailableMem ¶
func AvailableMem() MemAvail
AvailableMem returns available memory (cgroup-aware for containers) This is critical for running in Docker/Kubernetes where cgroup limits apply
type MemoryLimits ¶ added in v1.0.28
type MemoryLimits struct {
// Scorer limits (pkg/suricata/scorer.go)
ScorerMaxIPs int // Max unique IPs tracked in scorer (default: 50000)
ScorerMaxEventsPerIP int // Max event timestamps per IP (default: 100)
// Analytics limits (pkg/analytics/state.go)
AnalyticsMaxIPOrigins int // Max IPs in ipOrigins map (default: 100000)
AnalyticsMaxIPsPerCountry int // Max IPs per country (default: 10000)
// Stats cache limits (pkg/suricata/stats/cache.go)
StatsMaxSIDs int // Max SIDs tracked (default: 10000)
StatsMaxSourcesPerSID int // Max unique sources per SID (default: 1000)
// Queue limits (cli/lib/nftban/helpers/nftban_task_queue.sh)
QueueMaxPending int // Max pending tasks (default: 10000)
QueueDLQAutoRetention int // Auto-purge DLQ entries older than N days (default: 7)
}
MemoryLimits holds caps and TTLs to prevent unbounded memory growth (CWE-400) All limits are configurable via environment variables with sane defaults.
func DefaultMemoryLimits ¶ added in v1.0.28
func DefaultMemoryLimits() MemoryLimits
DefaultMemoryLimits returns production-safe defaults
func GetMemoryLimits ¶ added in v1.0.28
func GetMemoryLimits() MemoryLimits
GetMemoryLimits returns the global memory limits
type SystemIPs ¶
type SystemIPs struct {
ServerIPs []net.IP // All server interface IPs
CurrentUserIP net.IP // IP of current SSH connection
GatewayIPs []net.IP // Default gateway
DNSServers []net.IP // DNS servers from /etc/resolv.conf
LoopbackCIDRs []net.IPNet // 127.0.0.0/8, ::1/128
}
SystemIPs holds all critical IPs that must NEVER be blocked
func DetectSystemIPs ¶
DetectSystemIPs auto-detects all critical IPs that must be whitelisted
func (*SystemIPs) GetAllIPsWithCIDRs ¶
GetAllIPsWithCIDRs returns all IPs including loopback CIDRs
func (*SystemIPs) PrintSystemIPs ¶
func (s *SystemIPs) PrintSystemIPs()
PrintSystemIPs displays all detected IPs
Source Files