README
¶
WACElib
The general objective of this project is to build machine learning-assisted web application firewall mechanisms for the identification, analysis and prevention of computer attacks on web applications. The main idea is to combine the flexibility provided by the classification procedures obtained from machine learning models with the codified knowledge integrated in the specification of the OWASP Core Rule Set used by the ModSecurity WAF to detect attacks, while reducing false positives. The next figure shows a high-level overview of the architecture:
This repository contains a library that provides the main functionalities of WACE. Currently, WACE can be integrated as a library using this repository. For example, with Coraza WAF (ref). Also, it can be deployed as a server and consume its API via gRPC, see (ref). For example, it can be integrated with ModSecurity (ref).
Usage
WACElib exports five functions, which one of them initializes WACElib and the remaining four allow the analysis of a transaction taking as input results from a WAF and from machine learning models.
The invocation of these operations must follow an order. The first of them is:
- Init - Initializes the internal structures of WACElib. This operation must be invoked only once, and is required for transaction analysis.
As for the operations for transaction analysis, it must be followed:
-
InitTransaction - Allows the initiation of a transaction in WACE, a transaction identifier must be provided. This operation must be invoked only once.
-
Analyze - Indicates to WACE the analysis of a transaction, the models and their type must be indicated, as well as the content of the transaction to be analyzed.
-
CheckTransaction - Returns the result of the analysis of a transaction, the decision algorithm must be indicated and the results of the WAF must be provided. This operation can be invoked multiple times, waiting for the result of the synchronous models that have been invoked so far in the Analyze function.
-
CloseTransaction - Ends the transaction associated with the provided identifier. This operation should be invoked only once when the transaction analysis is completed.
Remark: In the scenario that you want to invoke the CheckTransaction function multiple times, naturally the order will be affected, alternating with the Analyze function.
Configuration
In order to use WACElib, the SetConfig(ConfigFileData) operation of the configstore package must be invoked. ConfigFileData is defined in this package (ref).
Example
Documentation
¶
Overview ¶
The main package of WACE.
Index ¶
- func Analyze(modelsTypeAsString, transactionId, payload string, models []string) error
- func CheckTransaction(transactionID, decisionPlugin string, wafParams map[string]string) (bool, error)
- func CloseTransaction(transactionID string)
- func Init(met metric.Meter)
- func InitTransaction(transactionId string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckTransaction ¶
func CheckTransaction(transactionID, decisionPlugin string, wafParams map[string]string) (bool, error)
CheckTransaction checks the result of the analysis of the transaction with the given id and decision plugin
func CloseTransaction ¶
func CloseTransaction(transactionID string)
CloseTransaction closes the transaction with the given id removing the transaction sync model results
func InitTransaction ¶
func InitTransaction(transactionId string)
InitTransaction initializes a transaction with the given id
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package configstore handles the configuration of WACE.
|
Package configstore handles the configuration of WACE. |
|
Package pluginmanager handles the communication with the model and decision plugins
|
Package pluginmanager handles the communication with the model and decision plugins |