rules

package
v0.0.0-...-9c9dde5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2024 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AWS_URL    string = "https://ip-ranges.amazonaws.com/ip-ranges.json"
	GOOGLE_URL string = "https://www.gstatic.com/ipranges/goog.json"
	GCP_URL    string = "https://www.gstatic.com/ipranges/cloud.json"
	VULTR_URL  string = "https://geofeed.constant.com/?json"
)

These providers offer dumps of their prefixes

View Source 
const (
	PASS int = 0
	FAIL int = 1
	SKIP int = 2
)

Returned from the execution of a rule to indicate the result

View Source 
const (
	EXIT_LIST_URL string = "https://check.torproject.org/torbulkexitlist"
)
View Source 
const (
	LRU_SIZE = 1024
)

Variables

View Source 
var (
	ErrNoSuchRule = errors.New("No such rule")
)

Functions

func Context 

func Context(ctx context.Context, rules *Ruleset) context.Context

Creates a context.Context which includes the specified ruleset.

func Middleware 

func Middleware(rules *Ruleset) func(http.Handler) http.Handler

Creates a Middleware that makes the provided Ruleset available on the context of all incoming HTTP requests.

Types

type AWSPayload 

type AWSPayload struct {
	Prefixes []struct {
		IPPrefix string `json:"ip_prefix"`
	} `json:"prefixes"`

	IPv6Prefixes []struct {
		IPPrefix string `json:"ipv6_prefix"`
	} `json:"ipv6_prefixes"`
}

type CommercialISPRule 

type CommercialISPRule struct {
	// contains filtered or unexported fields
}

Rule that blocks IP addresses associated with commercial ISPs

func NewCommercialISPRule 

func NewCommercialISPRule(conf *config.Config) *CommercialISPRule

Creates a commercial ISP rule.

func (*CommercialISPRule) Name 

func (rule *CommercialISPRule) Name() string

func (*CommercialISPRule) Report 

func (rule *CommercialISPRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*CommercialISPRule) Test 

func (rule *CommercialISPRule) Test(ctx context.Context, sample *model.Sample) int

func (*CommercialISPRule) UpdateAWS 

func (rule *CommercialISPRule) UpdateAWS(ctx context.Context) error

func (*CommercialISPRule) UpdateGCP 

func (rule *CommercialISPRule) UpdateGCP(ctx context.Context) error

func (*CommercialISPRule) UpdateOther 

func (rule *CommercialISPRule) UpdateOther(ctx context.Context) error

func (*CommercialISPRule) UpdateVultr 

func (rule *CommercialISPRule) UpdateVultr(ctx context.Context) error

type DEPRule 

type DEPRule struct {
	// contains filtered or unexported fields
}

Rule that blocks domain names from a blacklist

func NewDEPRule 

func NewDEPRule(db *sql.DB) *DEPRule

Creates a domain block rule.

func (*DEPRule) Name 

func (rule *DEPRule) Name() string

func (*DEPRule) Report 

func (rule *DEPRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*DEPRule) ReportDEP 

func (rule *DEPRule) ReportDEP(ctx context.Context, domain, source, reason string) error

func (*DEPRule) Test 

func (rule *DEPRule) Test(ctx context.Context, sample *model.Sample) int

func (*DEPRule) UnreportDEP 

func (rule *DEPRule) UnreportDEP(ctx context.Context, domain string) error

type DomainsRule 

type DomainsRule struct {
	// contains filtered or unexported fields
}

Rule that blocks domain names from a blacklist

func NewDomainsRule 

func NewDomainsRule(db *sql.DB) *DomainsRule

Creates a domain block rule.

func (*DomainsRule) Name 

func (rule *DomainsRule) Name() string

func (*DomainsRule) Report 

func (rule *DomainsRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*DomainsRule) Test 

func (rule *DomainsRule) Test(ctx context.Context, sample *model.Sample) int

type GCPPayload 

type GCPPayload struct {
	Prefixes []struct {
		IPv4Prefix *string `json:"ipv4_prefix"`
		IPv6Prefix *string `json:"ipv6_prefix"`
	}
}

type NetworksRule 

type NetworksRule struct {
	// contains filtered or unexported fields
}

Rule that blocks IP addresses from a network blacklist

func NewNetworksRule 

func NewNetworksRule(db *sql.DB) *NetworksRule

Creates a network block rule.

func (*NetworksRule) Name 

func (rule *NetworksRule) Name() string

func (*NetworksRule) Report 

func (rule *NetworksRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*NetworksRule) ReportSubnet 

func (rule *NetworksRule) ReportSubnet(ctx context.Context, cidr, source, reason string) error

func (*NetworksRule) Test 

func (rule *NetworksRule) Test(ctx context.Context, sample *model.Sample) int

func (*NetworksRule) UnreportSubnet 

func (rule *NetworksRule) UnreportSubnet(ctx context.Context, cidr string) error

type RateBucket 

type RateBucket struct {
	LimitBy string
	Rate    float64
	Limits  *lru.Cache[string, *rate.Limiter]
}

type RateLimitRule 

type RateLimitRule struct {
	// contains filtered or unexported fields
}

func NewRateLimitRule 

func NewRateLimitRule(conf *config.Config) *RateLimitRule

Creates a Tor exit rule.

func (*RateLimitRule) Name 

func (rule *RateLimitRule) Name() string

func (*RateLimitRule) Report 

func (rule *RateLimitRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*RateLimitRule) Test 

func (rule *RateLimitRule) Test(ctx context.Context, sample *model.Sample) int

type Rule 

type Rule interface {
	// Returns the name of this rule.
	Name() string

	// Tests a given sample against this rule. Returns PASS, FAIL, or SKIP.
	Test(ctx context.Context, sample *model.Sample) int

	// Reports a given sample as abuse.
	Report(ctx context.Context, sample *model.Sample, user, reason string)
}

The "rule" interface implements an abuse-testing rule.

type Ruleset 

type Ruleset struct {
	// contains filtered or unexported fields
}

func ForContext 

func ForContext(ctx context.Context) *Ruleset

Returns the Ruleset associated with this context.

func NewRuleset 

func NewRuleset() *Ruleset

Creates a new ruleset.

func (*Ruleset) AddRule 

func (set *Ruleset) AddRule(rule Rule)

Adds rules to the given ruleset.

func (*Ruleset) Analyze 

func (set *Ruleset) Analyze(ctx context.Context, sample *model.Sample) *model.Analysis

Performs an analysis of this sample using this ruleset.

func (*Ruleset) GetRule 

func (set *Ruleset) GetRule(name string) (Rule, error)

Looks up a rule from this set by name and returns it, or ErrNoSuchRule if not present in this set.

func (*Ruleset) Report 

func (set *Ruleset) Report(ctx context.Context, sample *model.Sample, user, reason string)

Reports an abuse sample to each rule in the ruleset.

type TorExitRule 

type TorExitRule struct {
	// contains filtered or unexported fields
}

Rule that blocks IP addresses associated with Tor exit nodes

func NewTorExitRule 

func NewTorExitRule() *TorExitRule

Creates a Tor exit rule.

func (*TorExitRule) Name 

func (rule *TorExitRule) Name() string

func (*TorExitRule) Report 

func (rule *TorExitRule) Report(ctx context.Context, sample *model.Sample, user, reason string)

func (*TorExitRule) Test 

func (rule *TorExitRule) Test(ctx context.Context, sample *model.Sample) int

func (*TorExitRule) Update 

func (rule *TorExitRule) Update(ctx context.Context) error

type VultrPayload 

type VultrPayload struct {
	Subnets []struct {
		Prefix string `json:"ip_prefix"`
	}
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.