hostfuncs

package
v0.3.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2026 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package hostfuncs provides host functions for WASM plugins

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DNSLookup 

func DNSLookup(ctx context.Context, mod api.Module, stack []uint64, checker *CapabilityChecker)

DNSLookup performs DNS resolution on behalf of the plugin. It receives a packed uint64 (ptr+len) pointing to a JSON-encoded DNSRequestWire. It returns a packed uint64 (ptr+len) pointing to a JSON-encoded DNSResponseWire.

func ExecCommand 

func ExecCommand(ctx context.Context, mod api.Module, stack []uint64, checker *CapabilityChecker)

ExecCommand executes a command on the host signature: exec_command(reqPtr, reqLen) -> resPtr

func HTTPRequest 

func HTTPRequest(ctx context.Context, mod api.Module, stack []uint64, checker *CapabilityChecker, version build.Info)

HTTPRequest performs an HTTP request on behalf of the plugin.

func IsPrivateOrReservedIP 

func IsPrivateOrReservedIP(ip net.IP) bool

IsPrivateOrReservedIP checks if an IP is in private/reserved ranges This prevents SSRF attacks by blocking access to: - Loopback addresses (127.0.0.0/8, ::1) - Private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) - Link-local addresses (169.254.0.0/16, fe80::/10) - Multicast addresses (224.0.0.0/4, ff00::/8)

func LogMessage 

func LogMessage(ctx context.Context, mod api.Module, stack []uint64)

LogMessage implements the `log_message` host function. It receives a packed uint64 (ptr+len) pointing to a JSON-encoded LogMessageWire. It does not return any value.

func PluginNameFromContext 

func PluginNameFromContext(ctx context.Context) (string, bool)

PluginNameFromContext retrieves the plugin name from the context

func RegisterHostFunctions 

func RegisterHostFunctions(ctx context.Context, runtime wazero.Runtime, version build.Info, caps map[string][]capabilities.Capability) error

RegisterHostFunctions registers all host functions with the wazero runtime

func SMTPConnect 

func SMTPConnect(ctx context.Context, mod api.Module, stack []uint64, checker *CapabilityChecker)

SMTPConnect performs SMTP connection tests on behalf of the plugin. It receives a packed uint64 (ptr+len) pointing to a JSON-encoded SMTPRequestWire. It returns a packed uint64 (ptr+len) pointing to a JSON-encoded SMTPResponseWire.

func TCPConnect 

func TCPConnect(ctx context.Context, mod api.Module, stack []uint64, checker *CapabilityChecker)

TCPConnect performs TCP connection tests on behalf of the plugin. It receives a packed uint64 (ptr+len) pointing to a JSON-encoded TCPRequestWire. It returns a packed uint64 (ptr+len) pointing to a JSON-encoded TCPResponseWire.

func ValidateDestination 

func ValidateDestination(ctx context.Context, host string, pluginName string, checker *CapabilityChecker) error

ValidateDestination validates that a hostname is allowed based on capabilities - Blocks private/reserved IPs by default (SSRF protection) - Allows private IPs if network:outbound:private capability is granted

func WithPluginName 

func WithPluginName(ctx context.Context, name string) context.Context

WithPluginName adds the plugin name to the context

Types

type BoundedBuffer 

type BoundedBuffer struct {
	Truncated bool
	// contains filtered or unexported fields
}

BoundedBuffer is a bytes.Buffer wrapper that limits the size of written data.

func NewBoundedBuffer 

func NewBoundedBuffer(limit int) *BoundedBuffer

NewBoundedBuffer creates a new BoundedBuffer with the specified limit.

func (*BoundedBuffer) String 

func (b *BoundedBuffer) String() string

String returns the buffer contents as a string.

func (*BoundedBuffer) Write 

func (b *BoundedBuffer) Write(p []byte) (n int, err error)

Write implements io.Writer.

type CapabilityChecker 

type CapabilityChecker struct {
	// contains filtered or unexported fields
}

CapabilityChecker checks if operations are allowed based on granted capabilities

func NewCapabilityChecker 

func NewCapabilityChecker(caps map[string][]capabilities.Capability) *CapabilityChecker

NewCapabilityChecker creates a new capability checker with the given capabilities. The cwd is obtained at construction time to avoid side-effects during capability checks.

func (*CapabilityChecker) Check 

func (c *CapabilityChecker) Check(pluginName, kind, pattern string) error

Check verifies if a requested capability is granted for a specific plugin.

type ContextWireFormat 

type ContextWireFormat = wireformat.ContextWireFormat

ContextWireFormat is a re-export of wireformat.ContextWireFormat

type DNSLookupResult 

type DNSLookupResult struct {
	Records   []string
	MXRecords []MXRecordWire
}

DNSLookupResult is an intermediate struct to hold the DNS lookup results before converting to wire format.

type DNSRequestWire 

type DNSRequestWire = wireformat.DNSRequestWire

DNSRequestWire is a re-export of wireformat.DNSRequestWire

type DNSResponseWire 

type DNSResponseWire = wireformat.DNSResponseWire

DNSResponseWire is a re-export of wireformat.DNSResponseWire

type ErrorDetail 

type ErrorDetail = wireformat.ErrorDetail

ErrorDetail is a re-export of wireformat.ErrorDetail

type ExecRequestWire 

type ExecRequestWire = wireformat.ExecRequestWire

ExecRequestWire is a re-export of wireformat.ExecRequestWire

type ExecResponseWire 

type ExecResponseWire = wireformat.ExecResponseWire

ExecResponseWire is a re-export of wireformat.ExecResponseWire

type HTTPRequestWire 

type HTTPRequestWire = wireformat.HTTPRequestWire

HTTPRequestWire is a re-export of wireformat.HTTPRequestWire

type HTTPResponseWire 

type HTTPResponseWire = wireformat.HTTPResponseWire

HTTPResponseWire is a re-export of wireformat.HTTPResponseWire

type LogAttrWire 

type LogAttrWire struct {
	Key   string `json:"key"`
	Type  string `json:"type"`  // "string", "int64", "bool", "float64", "time", "error", "any"
	Value string `json:"value"` // String representation of the value
}

LogAttrWire represents a single slog attribute.

type LogMessageWire 

type LogMessageWire struct {
	Context   ContextWireFormat `json:"context"` // Context for correlation etc.
	Level     string            `json:"level"`
	Message   string            `json:"message"`
	Timestamp time.Time         `json:"timestamp"`
	Attrs     []LogAttrWire     `json:"attrs,omitempty"`
}

LogMessageWire is the JSON wire format for a log message from Guest to Host.

type MXRecordWire 

type MXRecordWire = wireformat.MXRecordWire

MXRecordWire is a re-export of wireformat.MXRecordWire

type SMTPRequestWire 

type SMTPRequestWire = wireformat.SMTPRequestWire

SMTPRequestWire is a re-export of wireformat.SMTPRequestWire

type SMTPResponseWire 

type SMTPResponseWire = wireformat.SMTPResponseWire

SMTPResponseWire is a re-export of wireformat.SMTPResponseWire

type TCPRequestWire 

type TCPRequestWire = wireformat.TCPRequestWire

TCPRequestWire is a re-export of wireformat.TCPRequestWire

type TCPResponseWire 

type TCPResponseWire = wireformat.TCPResponseWire

TCPResponseWire is a re-export of wireformat.TCPResponseWire

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.