httpsec

package

v0.0.0-...-1dd94e2 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package httpsec defines is the HTTP instrumentation API and contract for AppSec. It defines an abstract representation of HTTP handlers, along with helper functions to wrap (aka. instrument) standard net/http handlers. HTTP integrations must use this package to enable AppSec features for HTTP, which listens to this package's operation events.

Index ¶

type ExecutionContext
type Monitorer
type ProxyLifecycleProcessor
- func NewProxyLifecycleProcessor(appsec Monitorer, demux aggregator.Demultiplexer) *ProxyLifecycleProcessor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ExecutionContext ¶

type ExecutionContext interface {
	LastRequestID() string
}

type Monitorer ¶

type Monitorer interface {
	Monitor(addresses map[string]any) *waf.Result
}

Monitorer is the interface type expected by the httpsec invocation subprocessor monitoring the given security rules addresses and returning the security events that matched.

type ProxyLifecycleProcessor ¶

type ProxyLifecycleProcessor struct {
	// contains filtered or unexported fields
}

ProxyLifecycleProcessor is an implementation of the invocationlifecycle.InvocationProcessor interface called by the Runtime API proxy on every function invocation calls and responses. This allows AppSec to run by monitoring the function invocations, and run the security rules upon reception of the HTTP request span in the SpanModifier function created by the WrapSpanModifier() method. A value of this type can be used by a single function invocation at a time.

func NewProxyLifecycleProcessor ¶

func NewProxyLifecycleProcessor(appsec Monitorer, demux aggregator.Demultiplexer) *ProxyLifecycleProcessor

NewProxyLifecycleProcessor returns a new httpsec proxy processor monitored with the given Monitorer.

func (*ProxyLifecycleProcessor) GetExecutionInfo ¶

func (lp *ProxyLifecycleProcessor) GetExecutionInfo() *invocationlifecycle.ExecutionStartInfo

func (*ProxyLifecycleProcessor) OnInvokeEnd ¶

func (lp *ProxyLifecycleProcessor) OnInvokeEnd(_ *invocationlifecycle.InvocationEndDetails)

OnInvokeEnd is the hook triggered when an invocation has ended

func (*ProxyLifecycleProcessor) OnInvokeStart ¶

func (lp *ProxyLifecycleProcessor) OnInvokeStart(startDetails *invocationlifecycle.InvocationStartDetails)

OnInvokeStart is the hook triggered when an invocation has started

func (*ProxyLifecycleProcessor) WrapSpanModifier ¶

func (lp *ProxyLifecycleProcessor) WrapSpanModifier(ctx ExecutionContext, modifySpan func(*pb.TraceChunk, *pb.Span)) func(*pb.TraceChunk, *pb.Span)

WrapSpanModifier wraps the given SpanModifier function with AppSec monitoring and returns it. When non nil, the given modifySpan function is called first, before the AppSec monitoring. The resulting function will run AppSec when the span's request_id span tag matches the one observed at function invocation with OnInvokeStat() through the Runtime API proxy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL