acracensor

Documentation

Overview

Package acracensor represents separate firewall module for Acra. AcraCensor handles each query that gets through AcraServer. You can setup the whitelist and the blacklist separately or simultaneously. The order of priority for the lists is defined by their order in the configuration file. Priority of work for one of the lists is the following: queries, followed by tables, followed by rules.

https://github.com/cossacklabs/acra/wiki/AcraCensor

Index

• Constants
• Variables
• type AcraCensor
  • func NewAcraCensor() *AcraCensor
  • func (acraCensor *AcraCensor) AddHandler(handler QueryHandlerInterface)
  • func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error
  • func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error
  • func (acraCensor *AcraCensor) ReleaseAll()
  • func (acraCensor *AcraCensor) RemoveHandler(handler QueryHandlerInterface)
• type AcraCensorInterface
• type Config
• type QueryHandlerInterface

Constants

const (
	DenyConfigStr         = "deny"
	AllowConfigStr        = "allow"
	DenyAllConfigStr      = "denyall"
	AllowAllConfigStr     = "allowall"
	QueryCaptureConfigStr = "query_capture"
	QueryIgnoreConfigStr  = "query_ignore"
)

Query handlers' names.

const ServiceName = "acra-censor"

ServiceName to use in logs

Variables

var ErrUnsupportedConfigVersion = errors.New("acra-censor's config is outdated")

ErrUnsupportedConfigVersion acra-censor's config has version less than MinimalCensorConfigVersion

var MinimalCensorConfigVersion = "0.85.0"

MinimalCensorConfigVersion min version of config that support acra-censor

Types

type AcraCensor

type AcraCensor struct {
	// contains filtered or unexported fields
}

AcraCensor describes censor data: query handler, logger and reaction on parsing errors.

func NewAcraCensor

func NewAcraCensor() *AcraCensor

NewAcraCensor creates new censor object.

func (*AcraCensor) AddHandler

func (acraCensor *AcraCensor) AddHandler(handler QueryHandlerInterface)

AddHandler adds handler to the list of Censor handlers.

func (*AcraCensor) HandleQuery

func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error

HandleQuery processes every query through each handler.

func (*AcraCensor) LoadConfiguration

func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error

LoadConfiguration loads configuration of AcraCensor

func (*AcraCensor) ReleaseAll

func (acraCensor *AcraCensor) ReleaseAll()

ReleaseAll stops all handlers.

func (*AcraCensor) RemoveHandler

func (acraCensor *AcraCensor) RemoveHandler(handler QueryHandlerInterface)

RemoveHandler removes handler from the list of Censor handlers.

type AcraCensorInterface

type AcraCensorInterface interface {
	HandleQuery(sqlQuery string) error
	AddHandler(handler QueryHandlerInterface)
	RemoveHandler(handler QueryHandlerInterface)
	ReleaseAll()
}

AcraCensorInterface describes main AcraCensor methods: adding and removing query handlers and processing query

type Config

type Config struct {
	Version          string `yaml:"version"`
	IgnoreParseError bool   `yaml:"ignore_parse_error"`
	ParseErrorsLog   string `yaml:"parse_errors_log"`
	Handlers         []struct {
		Handler  string
		Queries  []string
		Tables   []string
		Patterns []string
		FilePath string
	}
}

Config shows handlers configuration: queries, tables, patterns

type QueryHandlerInterface

type QueryHandlerInterface interface {
	CheckQuery(sqlQuery string, parsedQuery sqlparser.Statement) (bool, error) //1st return arg specifies whether continue verification or not, 2nd specifies whether query is forbidden
	Release()
}

QueryHandlerInterface describes what actions are available for queries.