appsecacquisition

package

v1.6.1 Latest Latest Go to latest Published: Apr 11, 2024 License: MIT Imports: 33 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crowdsecurity/crowdsec

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
Variables
func AppsecEventGeneration(inEvt types.Event) (*types.Event, error)
func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error)
func LogAppsecEvent(evt *types.Event, logger *log.Entry)
func RegisterRX()
type AppsecRunner
type AppsecSource
type AppsecSourceConfig
type AuthCache
- func NewAuthCache() AuthCache
- func (ac *AuthCache) Get(apiKey string) (time.Time, bool)
- func (ac *AuthCache) Set(apiKey string, expiration time.Time)
type BodyResponse

Constants ¶

View Source

const (
	InBand    = "inband"
	OutOfBand = "outofband"
)

Variables ¶

View Source

var AppsecBlockCounter = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_block_total",
		Help: "Total events blocked by the Application Security Engine.",
	},
	[]string{"source", "appsec_engine"},
)

View Source

var AppsecGlobalParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the Application Security Engine.",
		Name:    "cs_appsec_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)

View Source

var AppsecInbandParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the inband Application Security Engine.",
		Name:    "cs_appsec_inband_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)

View Source

var AppsecOutbandParsingHistogram = prometheus.NewHistogramVec(
	prometheus.HistogramOpts{
		Help:    "Time spent processing a request by the Application Security Engine.",
		Name:    "cs_appsec_outband_parsing_time_seconds",
		Buckets: []float64{0.0001, 0.00025, 0.0005, 0.001, 0.0025, 0.0050, 0.01, 0.025, 0.05, 0.1, 0.25},
	},
	[]string{"source", "appsec_engine"},
)

View Source

var AppsecReqCounter = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_reqs_total",
		Help: "Total events processed by the Application Security Engine.",
	},
	[]string{"source", "appsec_engine"},
)

View Source

var AppsecRuleHits = prometheus.NewCounterVec(
	prometheus.CounterOpts{
		Name: "cs_appsec_rule_hits",
		Help: "Count of triggered rule, by rule_name, type (inband/outofband), appsec_engine and source",
	},
	[]string{"rule_name", "type", "appsec_engine", "source"},
)

View Source

var (
	DefaultAuthCacheDuration = (1 * time.Minute)
)

Functions ¶

func AppsecEventGeneration ¶

func AppsecEventGeneration(inEvt types.Event) (*types.Event, error)

func EventFromRequest ¶

func EventFromRequest(r *appsec.ParsedRequest, labels map[string]string) (types.Event, error)

func LogAppsecEvent ¶

func LogAppsecEvent(evt *types.Event, logger *log.Entry)

func RegisterRX ¶

func RegisterRX()

RegisterRX registers the rx operator using a WASI implementation instead of Go.

Types ¶

type AppsecRunner ¶

type AppsecRunner struct {
	UUID                string
	AppsecRuntime       *appsec.AppsecRuntimeConfig //this holds the actual appsec runtime config, rules, remediations, hooks etc.
	AppsecInbandEngine  coraza.WAF
	AppsecOutbandEngine coraza.WAF
	Labels              map[string]string
	// contains filtered or unexported fields
}

that's the runtime structure of the Application security engine as seen from the acquis

func (*AppsecRunner) AccumulateTxToEvent ¶

func (r *AppsecRunner) AccumulateTxToEvent(evt *types.Event, req *appsec.ParsedRequest) error

func (*AppsecRunner) Init ¶

func (r *AppsecRunner) Init(datadir string) error

func (*AppsecRunner) ProcessInBandRules ¶

func (r *AppsecRunner) ProcessInBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) ProcessOutOfBandRules ¶

func (r *AppsecRunner) ProcessOutOfBandRules(request *appsec.ParsedRequest) error

func (*AppsecRunner) Run ¶

func (r *AppsecRunner) Run(t *tomb.Tomb) error

type AppsecSource ¶

type AppsecSource struct {
	InChan        chan appsec.ParsedRequest
	AppsecRuntime *appsec.AppsecRuntimeConfig
	AppsecConfigs map[string]appsec.AppsecConfig

	AuthCache     AuthCache
	AppsecRunners []AppsecRunner //one for each go-routine
	// contains filtered or unexported fields
}

runtime structure of AppsecSourceConfig

func (*AppsecSource) CanRun ¶

func (w *AppsecSource) CanRun() error

func (*AppsecSource) Configure ¶

func (w *AppsecSource) Configure(yamlConfig []byte, logger *log.Entry, MetricsLevel int) error

func (*AppsecSource) ConfigureByDSN ¶

func (w *AppsecSource) ConfigureByDSN(dsn string, labels map[string]string, logger *log.Entry, uuid string) error

func (*AppsecSource) Dump ¶

func (w *AppsecSource) Dump() interface{}

func (*AppsecSource) GetAggregMetrics ¶

func (w *AppsecSource) GetAggregMetrics() []prometheus.Collector

func (*AppsecSource) GetMetrics ¶

func (w *AppsecSource) GetMetrics() []prometheus.Collector

func (*AppsecSource) GetMode ¶

func (w *AppsecSource) GetMode() string

func (*AppsecSource) GetName ¶

func (w *AppsecSource) GetName() string

func (*AppsecSource) GetUuid ¶

func (w *AppsecSource) GetUuid() string

func (*AppsecSource) IsAuth ¶

func (w *AppsecSource) IsAuth(apiKey string) bool

func (*AppsecSource) OneShotAcquisition ¶

func (w *AppsecSource) OneShotAcquisition(out chan types.Event, t *tomb.Tomb) error

func (*AppsecSource) StreamingAcquisition ¶

func (w *AppsecSource) StreamingAcquisition(out chan types.Event, t *tomb.Tomb) error

func (*AppsecSource) UnmarshalConfig ¶

func (w *AppsecSource) UnmarshalConfig(yamlConfig []byte) error

type AppsecSourceConfig ¶

type AppsecSourceConfig struct {
	ListenAddr                        string         `yaml:"listen_addr"`
	ListenSocket                      string         `yaml:"listen_socket"`
	CertFilePath                      string         `yaml:"cert_file"`
	KeyFilePath                       string         `yaml:"key_file"`
	Path                              string         `yaml:"path"`
	Routines                          int            `yaml:"routines"`
	AppsecConfig                      string         `yaml:"appsec_config"`
	AppsecConfigPath                  string         `yaml:"appsec_config_path"`
	AuthCacheDuration                 *time.Duration `yaml:"auth_cache_duration"`
	configuration.DataSourceCommonCfg `yaml:",inline"`
}

configuration structure of the acquis for the application security engine

type AuthCache ¶

type AuthCache struct {
	APIKeys map[string]time.Time
	// contains filtered or unexported fields
}

Struct to handle cache of authentication

func NewAuthCache ¶

func NewAuthCache() AuthCache

func (*AuthCache) Get ¶

func (ac *AuthCache) Get(apiKey string) (time.Time, bool)

func (*AuthCache) Set ¶

func (ac *AuthCache) Set(apiKey string, expiration time.Time)

type BodyResponse ¶

type BodyResponse struct {
	Action string `json:"action"`
}

@tko + @sbl : we might want to get rid of that or improve it

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bodyprocessors

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL