threat

package

v1.3.0 Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 11 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kitabisa/teler-waf

Links

Open Source Insights

Documentation ¶

Overview ¶

Package threat implements functionality for handling threat data and analyzing requests for threats.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DbURL = repoURL + "/raw/master/db/" + dbFile
)

Functions ¶

func Get ¶

func Get() error

Get retrieves all the teler threat datasets.

It returns an error if there was an issue when retrieving the datasets.

func IsUpdated ¶

func IsUpdated() (bool, error)

IsUpdated checks if the threat datasets are up-to-date. It returns a boolean value indicating whether the datasets are updated or not, and an error if there was an issue when checking the datasets' last modified date.

func Location ¶ added in v1.2.0

func Location() (string, error)

Location returns the location of the teler cache directory. It returns an error if there was an issue when getting the user cache directory.

func TmpLocation ¶ added in v1.2.5

func TmpLocation() (string, error)

tmpLocation generates a temporary directory path based on the current date and creates the directory if it doesn't already exist. It returns the path of the temporary directory or an error if the creation fails.

func Verify ¶ added in v1.2.5

func Verify() (bool, error)

Verify checks the integrity of files by comparing their checksums with the MD5 sums obtained from a teler-resources repository.

It fetches the MD5 sums, verifies that the fetched data is correct, and then checks the checksums of the local files against the obtained MD5 sums. It returns true if all checksums match, otherwise returns false along with an error if any issues occur during the verification process.

Types ¶

type Threat ¶

type Threat int8

Threat represents the different types of threats that can be excluded from analysis.

The Threat type is used to specify which types of threats should be excluded when analyzing a request for threats. It can be one of the following values:

CommonWebAttack: covers common web-based attacks such as cross-site scripting (XSS) and SQL injection.
CVE: covers known vulnerabilities and exploits, as specified by the Common Vulnerabilities and Exposures (CVE) database.
BadIPAddress: covers requests from known bad IP addresses, such as those associated with known malicious actors or botnets.
BadReferrer: covers requests with a bad HTTP referrer, such as those that are not expected based on the application's URL structure or are known to be associated with malicious actors.
BadCrawler: covers requests from known bad crawlers or scrapers, such as those that are known to cause performance issues or attempt to extract sensitive information from the application.
DirectoryBruteforce: covers requests that attempt to brute-force access to directories on the server, such as by trying common directory names or using dictionary attacks.

const (
	// Undefined threat type didn't covers anything
	Undefined Threat = iota - 1

	// Custom threat type is a custom threat that doesn't fit into any of the other defined categories.
	Custom

	// CommonWebAttack threat type covers common web-based attacks such as cross-site scripting (XSS) and SQL injection.
	CommonWebAttack

	// CVE threat type covers known vulnerabilities and exploits, as specified by the Common Vulnerabilities and Exposures (CVE) database.
	CVE

	// BadIPAddress threat type covers requests from known bad IP addresses, such as those associated with known malicious actors or botnets.
	BadIPAddress

	// BadReferrer threat type covers requests with a bad HTTP referrer, such as those that are not expected based on the application's URL structure or are known to be associated with malicious actors.
	BadReferrer

	// BadCrawler threat type covers requests from known bad crawlers or scrapers, such as those that are known to cause performance issues or attempt to extract sensitive information from the application.
	BadCrawler

	// DirectoryBruteforce threat type covers requests that attempt to brute-force access to directories on the server, such as by trying common directory names or using dictionary attacks.
	DirectoryBruteforce
)

func List ¶

func List() []Threat

List returns a slice of all Threat type categories

func (Threat) Count ¶ added in v1.2.0

func (t Threat) Count() (int, error)

Count returns the number of datasets from a Threat

func (Threat) Filename ¶ added in v0.4.0

func (t Threat) Filename(full bool) (string, error)

Filename returns the file name representation of a Threat value

If `full` is true, it returns the `full` file path by calling the location function and joining it with the corresponding file name. If `full` is false, it returns only the file name without the path. It returns an error if `full` is true but the location function returns an error or if the corresponding file name cannot be found for the Threat value.

func (Threat) String ¶

func (t Threat) String() string

String returns the string representation of a Threat value

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL