Documentation
¶
Index ¶
- func EnforceFilePermissions(path string, mode os.FileMode) error
- func LogWAFBlock(ctx context.Context, clientIP, path, rule string)
- func LogWAFDetect(ctx context.Context, clientIP, path, rule string)
- func LogWAFEnable(ctx context.Context, projectDir string)
- func LogWAFModeChange(ctx context.Context, oldMode, newMode WAFMode)
- type PermissionFinding
- type WAFEvent
- type WAFMode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnforceFilePermissions ¶
EnforceFilePermissions sets path to the given mode via os.Chmod. Returns an error if the file does not exist or chmod fails.
func LogWAFBlock ¶ added in v1.0.13
LogWAFBlock emits a structured slog event for a WAF block decision. This is the canonical log site for WAF block actions; all callers that need to record a blocked request should route through this function.
func LogWAFDetect ¶ added in v1.0.13
LogWAFDetect emits a structured slog event for a WAF detection (log-only) hit.
func LogWAFEnable ¶ added in v1.0.13
LogWAFEnable emits a structured slog event when the WAF is first enabled.
func LogWAFModeChange ¶ added in v1.0.13
LogWAFModeChange emits a structured slog event when the WAF mode is changed.
Types ¶
type PermissionFinding ¶
type PermissionFinding struct {
Path string
CurrentMode os.FileMode
RequiredMode os.FileMode
Reason string
}
PermissionFinding describes a file whose current permissions differ from what the security policy requires.
func AuditProjectPermissions ¶
func AuditProjectPermissions(projectDir string) ([]PermissionFinding, error)
AuditProjectPermissions walks projectDir and checks each file against the sensitivePatterns map. Files whose current mode is more permissive than required are reported as PermissionFinding values.
Directories are skipped; only regular files are evaluated.
type WAFEvent ¶ added in v1.0.13
type WAFEvent struct {
Timestamp time.Time
ClientIP string
Path string
Rule string
Severity string
Action string
}
WAFEvent holds a single parsed WAF audit log entry.
func ParseWAFEvent ¶ added in v1.0.13
ParseWAFEvent parses a single line from the Coraza WAF audit log. Lines that do not match the expected format are returned with ok=false.
Expected format (space-separated, subset of Coraza Serial audit log):
[timestamp] client=<ip> path=<path> rule=<id> severity=<sev> action=<act>
func ReadWAFAuditLogFromContainer ¶ added in v1.0.13
ReadWAFAuditLogFromContainer reads the WAF audit log from the nginx container and returns parsed events. workdir is the nself project directory.
func ScanWAFAuditLog ¶ added in v1.0.13
ScanWAFAuditLog reads WAF audit log lines from r and returns parsed events. Lines that cannot be parsed are counted and logged at debug level. Returns all successfully parsed events and the count of unparseable lines.
Source Files