Documentation ¶
Overview ¶
Package acracensor represents separate firewall module for Acra. AcraCensor handles each query that gets through AcraServer. You can setup the whitelist and the blacklist separately or simultaneously. The order of priority for the lists is defined by their order in the configuration file. Priority of work for one of the lists is the following: queries, followed by tables, followed by rules.
Index ¶
- Constants
- Variables
- type AcraCensor
- func (acraCensor *AcraCensor) AddHandler(handler QueryHandlerInterface)
- func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error
- func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error
- func (acraCensor *AcraCensor) ReleaseAll()
- func (acraCensor *AcraCensor) RemoveHandler(handler QueryHandlerInterface)
- type AcraCensorInterface
- type Config
- type QueryHandlerInterface
Constants ¶
const ( DenyConfigStr = "deny" AllowConfigStr = "allow" DenyAllConfigStr = "denyall" AllowAllConfigStr = "allowall" QueryCaptureConfigStr = "query_capture" QueryIgnoreConfigStr = "query_ignore" )
Query handlers' names.
const ServiceName = "acra-censor"
ServiceName to use in logs
Variables ¶
var ErrUnsupportedConfigVersion = errors.New("acra-censor's config is outdated")
ErrUnsupportedConfigVersion acra-censor's config has version less than MinimalCensorConfigVersion
var MinimalCensorConfigVersion = "0.85.0"
MinimalCensorConfigVersion min version of config that support acra-censor
Functions ¶
This section is empty.
Types ¶
type AcraCensor ¶
type AcraCensor struct {
// contains filtered or unexported fields
}
AcraCensor describes censor data: query handler, logger and reaction on parsing errors.
func (*AcraCensor) AddHandler ¶
func (acraCensor *AcraCensor) AddHandler(handler QueryHandlerInterface)
AddHandler adds handler to the list of Censor handlers.
func (*AcraCensor) HandleQuery ¶
func (acraCensor *AcraCensor) HandleQuery(rawQuery string) error
HandleQuery processes every query through each handler.
func (*AcraCensor) LoadConfiguration ¶
func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error
LoadConfiguration loads configuration of AcraCensor
func (*AcraCensor) ReleaseAll ¶
func (acraCensor *AcraCensor) ReleaseAll()
ReleaseAll stops all handlers.
func (*AcraCensor) RemoveHandler ¶
func (acraCensor *AcraCensor) RemoveHandler(handler QueryHandlerInterface)
RemoveHandler removes handler from the list of Censor handlers.
type AcraCensorInterface ¶
type AcraCensorInterface interface { HandleQuery(sqlQuery string) error AddHandler(handler QueryHandlerInterface) RemoveHandler(handler QueryHandlerInterface) ReleaseAll() }
AcraCensorInterface describes main AcraCensor methods: adding and removing query handlers and processing query
type Config ¶
type Config struct { Version string `yaml:"version"` IgnoreParseError bool `yaml:"ignore_parse_error"` ParseErrorsLog string `yaml:"parse_errors_log"` Handlers []struct { Handler string Queries []string Tables []string Patterns []string FilePath string } }
Config shows handlers configuration: queries, tables, patterns
type QueryHandlerInterface ¶
type QueryHandlerInterface interface { CheckQuery(sqlQuery string, parsedQuery sqlparser.Statement) (bool, error) //1st return arg specifies whether continue verification or not, 2nd specifies whether query is forbidden Release() }
QueryHandlerInterface describes what actions are available for queries.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package common contains all query handlers for AcraCensor: blacklist handler, which allows everything and forbids specific query/pattern/table; whitelist handler, which allows query/pattern/table and restricts/forbids everything else; ignore handler, which allows to ignore any query; and querycapture module that logs every unique query to the QueryCapture log.
|
Package common contains all query handlers for AcraCensor: blacklist handler, which allows everything and forbids specific query/pattern/table; whitelist handler, which allows query/pattern/table and restricts/forbids everything else; ignore handler, which allows to ignore any query; and querycapture module that logs every unique query to the QueryCapture log. |