rules

package
v0.0.0-...-1dd94e2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package rules holds rules related files

Package rules holds rules related files

Index

Constants

View Source 
const (
	// ProbeEvaluationRuleSetTagValue defines the probe evaluation rule-set tag value
	ProbeEvaluationRuleSetTagValue = "probe_evaluation"
	// ThreatScoreRuleSetTagValue defines the threat-score rule-set tag value
	ThreatScoreRuleSetTagValue = "threat_score"
	// TagMaxResolutionDelay maximum tag resolution delay
	TagMaxResolutionDelay = 5 * time.Second
)

Variables

This section is empty.

Functions

This section is empty.

Types

type APIServer 

type APIServer interface {
	ApplyRuleIDs([]rules.RuleID)
	ApplyPolicyStates([]*monitor.PolicyState)
}

APIServer defines the API server

type BundledPolicyProvider 

type BundledPolicyProvider struct {
	// contains filtered or unexported fields
}

BundledPolicyProvider specify the policy provider for bundled policies

func NewBundledPolicyProvider 

func NewBundledPolicyProvider(cfg *config.RuntimeSecurityConfig) *BundledPolicyProvider

NewBundledPolicyProvider returns a new bundled policy provider

func (*BundledPolicyProvider) Close 

func (p *BundledPolicyProvider) Close() error

Close implements the PolicyProvider interface

func (*BundledPolicyProvider) LoadPolicies 

func (p *BundledPolicyProvider) LoadPolicies([]rules.MacroFilter, []rules.RuleFilter) ([]*rules.Policy, *multierror.Error)

LoadPolicies implements the PolicyProvider interface

func (*BundledPolicyProvider) SetOnNewPoliciesReadyCb 

func (p *BundledPolicyProvider) SetOnNewPoliciesReadyCb(func())

SetOnNewPoliciesReadyCb implements the PolicyProvider interface

func (*BundledPolicyProvider) Start 

func (p *BundledPolicyProvider) Start()

Start implements the PolicyProvider interface

func (*BundledPolicyProvider) Type 

func (p *BundledPolicyProvider) Type() string

Type implements the PolicyProvider interface

type RuleEngine 

type RuleEngine struct {
	sync.RWMutex

	AutoSuppression autosuppression.AutoSuppression
	// contains filtered or unexported fields
}

RuleEngine defines a rule engine

func NewRuleEngine 

func NewRuleEngine(evm *eventmonitor.EventMonitor, config *config.RuntimeSecurityConfig, probe *probe.Probe, rateLimiter *events.RateLimiter, apiServer APIServer, sender events.EventSender, statsdClient statsd.ClientInterface, rulesetListeners ...rules.RuleSetListener) (*RuleEngine, error)

NewRuleEngine returns a new rule engine

func (*RuleEngine) AddPolicyProvider 

func (e *RuleEngine) AddPolicyProvider(provider rules.PolicyProvider)

AddPolicyProvider add a provider

func (*RuleEngine) EventDiscarderFound 

func (e *RuleEngine) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

EventDiscarderFound is called by the ruleset when a new discarder discovered

func (*RuleEngine) GetRuleSet 

func (e *RuleEngine) GetRuleSet() (rs *rules.RuleSet)

GetRuleSet returns the set of loaded rules

func (*RuleEngine) GetThreatScoreRuleSet 

func (e *RuleEngine) GetThreatScoreRuleSet() (rs *rules.RuleSet)

GetThreatScoreRuleSet returns the set of loaded rules

func (*RuleEngine) HandleEvent 

func (e *RuleEngine) HandleEvent(event *model.Event)

HandleEvent is called by the probe when an event arrives from the kernel

func (*RuleEngine) LoadPolicies 

func (e *RuleEngine) LoadPolicies(providers []rules.PolicyProvider, sendLoadedReport bool) error

LoadPolicies loads the policies

func (*RuleEngine) ReloadPolicies 

func (e *RuleEngine) ReloadPolicies() error

ReloadPolicies reloads the policies

func (*RuleEngine) RuleMatch 

func (e *RuleEngine) RuleMatch(rule *rules.Rule, event eval.Event) bool

RuleMatch is called by the ruleset when a rule matches

func (*RuleEngine) SetRulesetLoadedCallback 

func (e *RuleEngine) SetRulesetLoadedCallback(cb func(es *rules.EvaluationSet, err *multierror.Error))

SetRulesetLoadedCallback allows setting a callback called when a rule set is loaded

func (*RuleEngine) Start 

func (e *RuleEngine) Start(ctx context.Context, reloadChan <-chan struct{}, wg *sync.WaitGroup) error

Start the rule engine

func (*RuleEngine) Stop 

func (e *RuleEngine) Stop()

Stop stops the rule engine

func (*RuleEngine) StopEventCollector 

func (e *RuleEngine) StopEventCollector() []rules.CollectedEvent

StopEventCollector stops the event collector

type RuleFilterEvent 

type RuleFilterEvent struct {
	*kernel.Version
	// contains filtered or unexported fields
}

RuleFilterEvent defines a rule filter event

func (*RuleFilterEvent) GetFieldEventType 

func (e *RuleFilterEvent) GetFieldEventType(_ eval.Field) (string, error)

GetFieldEventType returns the event type for the given field

func (*RuleFilterEvent) GetFieldType 

func (e *RuleFilterEvent) GetFieldType(field eval.Field) (reflect.Kind, error)

GetFieldType get the type of the field

func (*RuleFilterEvent) GetFieldValue 

func (e *RuleFilterEvent) GetFieldValue(field eval.Field) (interface{}, error)

GetFieldValue gets a field value

func (*RuleFilterEvent) GetTags 

func (e *RuleFilterEvent) GetTags() []string

GetTags returns the tags for this event

func (*RuleFilterEvent) GetType 

func (e *RuleFilterEvent) GetType() string

GetType returns the type for this event

func (*RuleFilterEvent) Init 

func (e *RuleFilterEvent) Init()

Init inits the rule filter event

func (*RuleFilterEvent) SetFieldValue 

func (e *RuleFilterEvent) SetFieldValue(field eval.Field, _ interface{}) error

SetFieldValue sets the value for the given field

type RuleFilterModel 

type RuleFilterModel struct {
	*kernel.Version
	// contains filtered or unexported fields
}

RuleFilterModel defines a filter model

func NewRuleFilterModel 

func NewRuleFilterModel(origin string) (*RuleFilterModel, error)

NewRuleFilterModel returns a new rule filter model

func (*RuleFilterModel) GetEvaluator 

func (m *RuleFilterModel) GetEvaluator(field eval.Field, _ eval.RegisterID) (eval.Evaluator, error)

GetEvaluator gets the evaluator

func (*RuleFilterModel) GetIterator 

func (m *RuleFilterModel) GetIterator(field eval.Field) (eval.Iterator, error)

GetIterator returns an iterator for the given field

func (*RuleFilterModel) NewEvent 

func (m *RuleFilterModel) NewEvent() eval.Event

NewEvent returns a new event

func (*RuleFilterModel) ValidateField 

func (m *RuleFilterModel) ValidateField(_ string, _ eval.FieldValue) error

ValidateField returns whether the value use against the field is valid

Source Files

View all Source files

Directories

Path Synopsis
Package autosuppression holds auto suppression related files
 Package autosuppression holds auto suppression related files
Package monitor holds rules related files
 Package monitor holds rules related files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.