report

package
v0.0.0-...-da9ff2d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultQueueSize is the default size for the analysis queue
	DefaultQueueSize = 1000

	// DefaultWorkerCount is the default number of worker goroutines
	DefaultWorkerCount = 4
)
View Source 
const (
	ThreatTypeIP        = "malicious_ip"
	ThreatTypePath      = "malicious_path"
	ThreatTypeUserAgent = "malicious_user_agent"
	ThreatTypeNormal    = "normal_request"
)

ThreatType constants for different types of threats

View Source 
const (
	// DefaultHTTPTimeout is the default timeout for HTTP requests
	DefaultHTTPTimeout = 30 * time.Second
)

Variables

This section is empty.

Functions

func ExtractHeaders 

func ExtractHeaders(r *http.Request) map[string]string

ExtractHeaders extracts relevant headers from the HTTP request

func GetClientIP 

func GetClientIP(r *http.Request) net.IP

GetClientIP extracts the real client IP from the HTTP request

func ParseCaddyfile 

func ParseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error)

ParseCaddyfile unmarshals tokens from h into a new Middleware.

Types

type EventReporter 

type EventReporter struct {
	// contains filtered or unexported fields
}

EventReporter handles reporting of threat events

func NewEventReporter 

func NewEventReporter(config *HookConfig, logger *zap.Logger) *EventReporter

NewEventReporter creates a new EventReporter instance

func (*EventReporter) ReportThreat 

func (er *EventReporter) ReportThreat(event *ThreatEvent)

ReportThreat reports a detected threat event

type HookConfig 

type HookConfig struct {
	// HTTP webhook URL for remote reporting
	Remote string `json:"remote,omitempty"`

	// Shell command to execute for IP banning (only for malicious IPs)
	Exec string `json:"exec,omitempty"`
}

HookConfig defines the configuration for event reporting hooks

type PatternConfig 

type PatternConfig struct {
	IPCIDRs    []string `yaml:"ip_cidrs"`
	Paths      []string `yaml:"paths"`
	UserAgents []string `yaml:"user_agents"`
}

PatternConfig represents the configuration structure for malicious patterns

type PatternManager 

type PatternManager struct {
	// contains filtered or unexported fields
}

PatternManager manages malicious patterns for threat detection

func NewPatternManager 

func NewPatternManager(logger *zap.Logger) *PatternManager

NewPatternManager creates a new PatternManager instance

func (*PatternManager) AddIPPattern 

func (pm *PatternManager) AddIPPattern(cidr string) error

AddIPPattern adds an IP CIDR pattern to the manager

func (*PatternManager) AddPathPattern 

func (pm *PatternManager) AddPathPattern(pattern string) error

AddPathPattern adds a path regex pattern to the manager

func (*PatternManager) AddUserAgentPattern 

func (pm *PatternManager) AddUserAgentPattern(pattern string)

AddUserAgentPattern adds a User-Agent pattern to the manager

func (*PatternManager) GetPatternCounts 

func (pm *PatternManager) GetPatternCounts() (int, int, int)

GetPatternCounts returns the number of patterns loaded

func (*PatternManager) LoadFromFile 

func (pm *PatternManager) LoadFromFile(filePath string) error

LoadFromFile loads malicious patterns from a configuration file

func (*PatternManager) MatchIP 

func (pm *PatternManager) MatchIP(ip net.IP) bool

MatchIP checks if an IP address matches any malicious IP patterns

func (*PatternManager) MatchPath 

func (pm *PatternManager) MatchPath(path string) bool

MatchPath checks if a path matches any malicious path patterns

func (*PatternManager) MatchUserAgent 

func (pm *PatternManager) MatchUserAgent(ua string) bool

MatchUserAgent checks if a User-Agent matches any malicious UA patterns

type ReportHandler 

type ReportHandler struct {
	// Configuration file path for malicious patterns
	ConfigFile string `json:"file,omitempty"`

	// Hook configuration for event reporting
	Hook *HookConfig `json:"hook,omitempty"`

	// Send all request logs, not just threats
	SendLog bool `json:"sendlog,omitempty"`
	// contains filtered or unexported fields
}

ReportHandler implements the main Caddy handler for the report plugin

func (*ReportHandler) CaddyModule 

func (*ReportHandler) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information

func (*ReportHandler) Cleanup 

func (h *ReportHandler) Cleanup() error

Cleanup performs cleanup when the handler is being shut down

func (*ReportHandler) Provision 

func (h *ReportHandler) Provision(ctx caddy.Context) error

Provision sets up the handler with the given context

func (*ReportHandler) ServeHTTP 

func (h *ReportHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error

ServeHTTP implements the HTTP handler interface

func (*ReportHandler) UnmarshalCaddyfile 

func (h *ReportHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile implements caddyfile.Unmarshaler

type RequestAnalyzer 

type RequestAnalyzer struct {
	// contains filtered or unexported fields
}

RequestAnalyzer handles asynchronous analysis of HTTP requests

func NewRequestAnalyzer 

func NewRequestAnalyzer(patternMgr *PatternManager, reporter *EventReporter, logger *zap.Logger) *RequestAnalyzer

NewRequestAnalyzer creates a new RequestAnalyzer instance

func (*RequestAnalyzer) AnalyzeRequest 

func (ra *RequestAnalyzer) AnalyzeRequest(info *RequestInfo)

AnalyzeRequest submits a request for asynchronous analysis

func (*RequestAnalyzer) SetSendAllLogs 

func (ra *RequestAnalyzer) SetSendAllLogs(sendAll bool)

SetSendAllLogs configures whether to send all request logs or only threats

func (*RequestAnalyzer) Start 

func (ra *RequestAnalyzer) Start(ctx context.Context) error

Start begins the asynchronous request analysis process

func (*RequestAnalyzer) Stop 

func (ra *RequestAnalyzer) Stop() error

Stop gracefully shuts down the request analyzer

type RequestInfo 

type RequestInfo struct {
	IP        net.IP            `json:"ip"`
	Path      string            `json:"path"`
	UserAgent string            `json:"user_agent"`
	Method    string            `json:"method"`
	Timestamp time.Time         `json:"timestamp"`
	Headers   map[string]string `json:"headers"`
}

RequestInfo contains information about an HTTP request for analysis

func ExtractRequestInfo 

func ExtractRequestInfo(r *http.Request) *RequestInfo

ExtractRequestInfo extracts complete request information from HTTP request

func NewRequestInfo 

func NewRequestInfo(ip net.IP, path, userAgent, method string, headers map[string]string) *RequestInfo

NewRequestInfo creates a new RequestInfo with current timestamp

type ThreatEvent 

type ThreatEvent struct {
	IP         string            `json:"ip"`
	Path       string            `json:"path"`
	UserAgent  string            `json:"user_agent"`
	Method     string            `json:"method"`
	Timestamp  time.Time         `json:"timestamp"`
	ThreatType string            `json:"threat_type"`
	Headers    map[string]string `json:"headers"`
}

ThreatEvent represents a detected security threat

func NewThreatEvent 

func NewThreatEvent(info *RequestInfo, threatType string) *ThreatEvent

NewThreatEvent creates a new ThreatEvent from RequestInfo

func (*ThreatEvent) FromJSON 

func (te *ThreatEvent) FromJSON(data []byte) error

FromJSON deserializes JSON data into a ThreatEvent

func (*ThreatEvent) ToJSON 

func (te *ThreatEvent) ToJSON() ([]byte, error)

ToJSON serializes the ThreatEvent to JSON

func (*ThreatEvent) Validate 

func (te *ThreatEvent) Validate() error

Validate validates the ThreatEvent structure

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.