Documentation
¶
Index ¶
- func RunSimple(ctx context.Context, addrs libddwaf.RunAddressData, errorLog string) error
- type ContextArgs
- type ContextMetrics
- type ContextOperation
- func (op *ContextOperation) AbsorbDerivatives(derivatives map[string]any)
- func (op *ContextOperation) AddEvents(events ...any) bool
- func (op *ContextOperation) AddStackTraces(stacks ...*stacktrace.Event)
- func (op *ContextOperation) Derivatives() map[string]any
- func (op *ContextOperation) Events() []any
- func (op *ContextOperation) Finish()
- func (op *ContextOperation) GetMetricsInstance() *ContextMetrics
- func (op *ContextOperation) OnEvent(event RunEvent)
- func (op *ContextOperation) Run(eventReceiver dyngo.Operation, addrs libddwaf.RunAddressData)
- func (op *ContextOperation) SetLimiter(limiter limiter.Limiter)
- func (op *ContextOperation) SetMetricsInstance(metrics *ContextMetrics)
- func (op *ContextOperation) SetRequestBlocked()
- func (op *ContextOperation) SetSupportedAddresses(addrs config.AddressSet)
- func (op *ContextOperation) StackTraces() []*stacktrace.Event
- func (op *ContextOperation) SwapContext(ctx *libddwaf.Context) *libddwaf.Context
- type ContextRes
- type HandleMetrics
- type RequestMilestones
- type RunEvent
- type SecurityEvent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ContextArgs ¶
type ContextArgs struct{}
func (ContextArgs) IsArgOf ¶
func (ContextArgs) IsArgOf(*ContextOperation)
type ContextMetrics ¶
type ContextMetrics struct {
*HandleMetrics
// SumRASPCalls is the sum of all the RASP calls made by the WAF whatever the rasp rule type it is.
SumRASPCalls atomic.Uint32
// SumWAFErrors is the sum of all the WAF errors that happened not in the RASP scope.
SumWAFErrors atomic.Uint32
// SumRASPErrors is the sum of all the RASP errors that happened in the RASP scope.
SumRASPErrors atomic.Uint32
// SumWAFTimeouts is the sum of all the WAF timeouts that happened not in the RASP scope.
SumWAFTimeouts atomic.Uint32
// SumRASPTimeouts is the sum of all the RASP timeouts that happened in the RASP scope by rule type.
SumRASPTimeouts [len(addresses.RASPRuleTypes)]atomic.Uint32
// SumDurations is the sum of all the run durations calls to ddwaf_run behind go-libddwaf
// This map is built statically when ContextMetrics is created and readonly after that.
SumDurations map[addresses.Scope]map[timer.Key]*atomic.Int64
// Milestones are the tags of the metric `waf.requests` that will be submitted at the end of the waf context
Milestones RequestMilestones
}
func (*ContextMetrics) IncWafError ¶
func (m *ContextMetrics) IncWafError(addrs libddwaf.RunAddressData, in error)
IncWafError should be called if go-libddwaf.(*Context).Run() returns an error to increments metrics linked to WAF errors It registers the metrics: - `waf.error` - `rasp.error`
func (*ContextMetrics) RegisterWafRun ¶
func (m *ContextMetrics) RegisterWafRun(addrs libddwaf.RunAddressData, timerStats map[timer.Key]time.Duration, tags RequestMilestones)
RegisterWafRun register the different outputs of the WAF for the `waf.requests` and also directly increment the `rasp.rule.match` and `rasp.rule.eval` metrics. It registers the metrics: - `rasp.rule.match` - `rasp.rule.eval` It accumulate data for: - `waf.requests` - `rasp.duration` - `waf.duration`
func (*ContextMetrics) Submit ¶ added in v2.1.0
func (m *ContextMetrics) Submit(truncations map[libddwaf.TruncationReason][]int, timerStats map[timer.Key]time.Duration)
Submit increment the metrics for the WAF run stats at the end of each waf context lifecycle It registers the metrics: - `waf.duration_ext` and `rasp.duration_ext` using libddwaf.Context.Timer - `waf.duration` and `rasp.duration` using libddwaf.Result.TimerStats accumulated in the ContextMetrics - `rasp.timeout` for the RASP scope using libddwaf.Stats.TimeoutRASPCount - `waf.input_truncated` and `waf.truncated_value_size` for the truncations using libddwaf.Stats.Truncations - `waf.requests` for the milestones using [ContextMetrics.Milestones]
type ContextOperation ¶
type ContextOperation struct {
dyngo.Operation
*trace.ServiceEntrySpanOperation
// contains filtered or unexported fields
}
func StartContextOperation ¶
func (*ContextOperation) AbsorbDerivatives ¶
func (op *ContextOperation) AbsorbDerivatives(derivatives map[string]any)
func (*ContextOperation) AddEvents ¶
func (op *ContextOperation) AddEvents(events ...any) bool
AddEvents adds WAF events to the operation and returns true if the operation has reached the maximum number of events, by the limiter or the max value.
func (*ContextOperation) AddStackTraces ¶
func (op *ContextOperation) AddStackTraces(stacks ...*stacktrace.Event)
func (*ContextOperation) Derivatives ¶
func (op *ContextOperation) Derivatives() map[string]any
func (*ContextOperation) Events ¶
func (op *ContextOperation) Events() []any
func (*ContextOperation) Finish ¶
func (op *ContextOperation) Finish()
func (*ContextOperation) GetMetricsInstance ¶
func (op *ContextOperation) GetMetricsInstance() *ContextMetrics
func (*ContextOperation) OnEvent ¶
func (op *ContextOperation) OnEvent(event RunEvent)
func (*ContextOperation) Run ¶
func (op *ContextOperation) Run(eventReceiver dyngo.Operation, addrs libddwaf.RunAddressData)
Run runs the WAF with the given address data and sends the results to the event receiver the event receiver can be the same os the method receiver but not always the event receiver is the one that will receive the actions events generated by the WAF
func (*ContextOperation) SetLimiter ¶
func (op *ContextOperation) SetLimiter(limiter limiter.Limiter)
func (*ContextOperation) SetMetricsInstance ¶
func (op *ContextOperation) SetMetricsInstance(metrics *ContextMetrics)
func (*ContextOperation) SetRequestBlocked ¶ added in v2.2.0
func (op *ContextOperation) SetRequestBlocked()
func (*ContextOperation) SetSupportedAddresses ¶
func (op *ContextOperation) SetSupportedAddresses(addrs config.AddressSet)
func (*ContextOperation) StackTraces ¶
func (op *ContextOperation) StackTraces() []*stacktrace.Event
func (*ContextOperation) SwapContext ¶
func (op *ContextOperation) SwapContext(ctx *libddwaf.Context) *libddwaf.Context
type ContextRes ¶
type ContextRes struct{}
func (ContextRes) IsResultOf ¶
func (ContextRes) IsResultOf(*ContextOperation)
type HandleMetrics ¶
type HandleMetrics struct {
// contains filtered or unexported fields
}
HandleMetrics is a struct that holds all the telemetry metrics for the WAF that lives and die alongside with the WAF handle It basically serves as a big cache to not go through the telemetry package each time we want to submit a metric and have to recompute all tags that are static (from a WAF handle lifetime perspective)
func NewMetricsInstance ¶
func NewMetricsInstance(newHandle *libddwaf.Handle, eventRulesVersion string) HandleMetrics
NewMetricsInstance creates a new HandleMetrics struct and submit the `waf.init` or `waf.updates` metric. To be called with the raw results of the WAF handle initialization
func (*HandleMetrics) NewContextMetrics ¶
func (m *HandleMetrics) NewContextMetrics() *ContextMetrics
type RequestMilestones ¶
type RequestMilestones struct {
// contains filtered or unexported fields
}
RequestMilestones is a list of things that can happen as a result of a waf call. They are stacked for each requests and used as tags to the telemetry metric `waf.requests`. this struct can be modified concurrently. TODO: add request_excluded and block_failure to the mix once we have the capability to track them
type RunEvent ¶
RunEvent is the type of event that should be emitted to child operations to run the WAF
type SecurityEvent ¶
type SecurityEvent struct{}
SecurityEvent is a dyngo data event sent when a security event is detected by the WAF
Source Files