Documentation ¶
Overview ¶
Package bfladetector is a generated GoMock package.
Index ¶
- Constants
- Variables
- func APIFindingBFLAScopesMismatch(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func APIFindingBFLASuspiciousCallHigh(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func APIFindingBFLASuspiciousCallMedium(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func Contains(items []string, val string) bool
- func ContainsAll(items []string, vals []string) bool
- func GetOpenAPI(invInfo *database.APIInfo, apiID uint) (spec *spec.Swagger, err error)
- func GetServiceOpenapiSpec(specBytes []byte) (*spec.Swagger, error)
- func GetSpecOperation(spc *spec.Swagger, method models.HTTPMethod, resolvedPath string) *spec.Operation
- func ParseSpecInfo(apiInfo *database.APIInfo) ([]*models.SpecTag, error)
- func ResolveBFLAStatus(statusCode string) restapi.BFLAStatus
- func ResolveBFLAStatusInt(code int) restapi.BFLAStatus
- func ResolvePath(tags []*models.SpecTag, event *database.APIEvent) (path string, tagNames []string, err error)
- func ToGlobalOperations(authzModelOps Operations) (ops []global.AuthorizationModelOperation)
- func ToRestapiSpecType(specType SpecType) restapi.SpecType
- type Audience
- type AuthorizationModel
- type AuthzModelNotification
- type BFLADetector
- type BFLANotifier
- type BFLAState
- type BFLAStateEnum
- type BflaConfig
- type Command
- type CommandWithError
- type CommandsChan
- type CompositeTrace
- type DetectedUser
- type DetectedUserSource
- type EndUsers
- type ErrorChan
- type EventAlerter
- type EventOperation
- type FindingsRegistry
- type JWTClaimsWithScopes
- type MarkIllegitimateCommand
- type MarkLegitimateCommand
- type MockEventAlerter
- type MockEventAlerterMockRecorder
- type Notifier
- type Operation
- type Operations
- type ProvideAuthzModelCommand
- type ResetModelCommand
- type SourceObject
- type SpecType
- type StartDetectionCommand
- type StartLearningCommand
- type StopDetectionCommand
- type StopLearningCommand
Constants ¶
View Source
const ( ModuleName = "bfla" ModuleDescription = "Reconstructs an authorization model for an API and detects violations of such authorization model" K8sSrcAnnotationName = "bfla_k8s_src" K8sDstAnnotationName = "bfla_k8s_dst" DetectedIDAnnotationName = "bfla_detected_id" AuthzModelAnnotationName = "authz_model" BFLAStateAnnotationName = "bfla_state" BFLAFindingsAnnotationName = "bfla_findings" )
Variables ¶
View Source
var ErrUnsupportedAuthScheme = errors.New("unsupported auth scheme")
Functions ¶
func APIFindingBFLAScopesMismatch ¶
func APIFindingBFLAScopesMismatch(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func APIFindingBFLASuspiciousCallHigh ¶
func APIFindingBFLASuspiciousCallHigh(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func APIFindingBFLASuspiciousCallMedium ¶
func APIFindingBFLASuspiciousCallMedium(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func ContainsAll ¶
func GetOpenAPI ¶
func GetSpecOperation ¶
func ResolveBFLAStatus ¶
func ResolveBFLAStatus(statusCode string) restapi.BFLAStatus
func ResolveBFLAStatusInt ¶
func ResolveBFLAStatusInt(code int) restapi.BFLAStatus
func ResolvePath ¶
func ToGlobalOperations ¶
func ToGlobalOperations(authzModelOps Operations) (ops []global.AuthorizationModelOperation)
func ToRestapiSpecType ¶
Types ¶
type Audience ¶
type Audience []*SourceObject
func (Audience) Find ¶
func (aud Audience) Find(fn func(sa *SourceObject) bool) (int, *SourceObject)
type AuthorizationModel ¶
type AuthorizationModel struct {
Operations Operations `json:"operations"`
}
type AuthzModelNotification ¶
type AuthzModelNotification struct { Learning bool AuthzModel AuthorizationModel SpecType SpecType }
type BFLADetector ¶
type BFLADetector interface { SendTrace(trace *CompositeTrace) IsLearning(apiID uint) bool GetState(apiID uint) (BFLAStateEnum, error) FindSourceObj(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint) (*SourceObject, error) ApproveTrace(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint, user *DetectedUser) DenyTrace(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint, user *DetectedUser) ResetModel(apiID uint) error StartLearning(apiID uint, numberOfTraces int) error StopLearning(apiID uint) error StartDetection(apiID uint) error StopDetection(apiID uint) error ProvideAuthzModel(apiID uint, am AuthorizationModel) }
func NewBFLADetector ¶
func NewBFLADetector(ctx context.Context, modName string, bflaBackendAccessor bflaBackendAccessor, eventAlerter EventAlerter, bflaNotifier BFLANotifier, sp recovery.StatePersister, notifierResyncInterval time.Duration) BFLADetector
type BFLANotifier ¶
type BFLANotifier interface { NotifyAuthzModel(ctx context.Context, apiID uint, notification AuthzModelNotification) error NotifyFindings(ctx context.Context, apiID uint, notification notifications.ApiFindingsNotification) error }
type BFLAState ¶
type BFLAState struct { State BFLAStateEnum `json:"state"` TraceCounter int `json:"trace_counter"` }
type BFLAStateEnum ¶
type BFLAStateEnum uint
const ( BFLAStart BFLAStateEnum = iota BFLALearning BFLALearnt BFLADetecting )
func (BFLAStateEnum) String ¶
func (s BFLAStateEnum) String() string
type BflaConfig ¶
type CommandWithError ¶
type CommandsChan ¶
type CommandsChan chan Command
func (CommandsChan) Send ¶
func (c CommandsChan) Send(cmd Command)
func (CommandsChan) SendAndReplyErr ¶
func (c CommandsChan) SendAndReplyErr(cmd CommandWithError) error
type CompositeTrace ¶
type CompositeTrace struct { *core.Event K8SSource, K8SDestination *k8straceannotator.K8sObjectRef DetectedUser *DetectedUser }
type DetectedUser ¶
type DetectedUser struct { Source DetectedUserSource `json:"source"` ID string `json:"id"` IPAddress string `json:"ip_address"` // Present if the source is JWT. JWTClaims *JWTClaimsWithScopes `json:"jwt_claims"` }
func (*DetectedUser) IsMismatchedScopes ¶
func (u *DetectedUser) IsMismatchedScopes(op *spec.Operation) bool
type DetectedUserSource ¶
type DetectedUserSource int32
const ( DetectedUserSourceUnknown DetectedUserSource = iota DetectedUserSourceJWT DetectedUserSourceBasic DetectedUserSourceXConsumerIDHeader )
func DetectedUserSourceFromString ¶
func DetectedUserSourceFromString(s string) DetectedUserSource
func (DetectedUserSource) MarshalJSON ¶
func (d DetectedUserSource) MarshalJSON() ([]byte, error)
func (DetectedUserSource) String ¶
func (d DetectedUserSource) String() string
func (*DetectedUserSource) UnmarshalJSON ¶
func (d *DetectedUserSource) UnmarshalJSON(b []byte) error
type EndUsers ¶
type EndUsers []*DetectedUser
func (EndUsers) Find ¶
func (ops EndUsers) Find(fn func(op *DetectedUser) bool) (int, *DetectedUser)
type EventAlerter ¶
type EventOperation ¶
type FindingsRegistry ¶
type FindingsRegistry interface { Add(apiID uint, finding common.APIFinding) (bool, error) GetAll(apiID uint) ([]common.APIFinding, error) Clear(apiID uint) error }
func NewFindingsRegistry ¶
func NewFindingsRegistry(sp recovery.StatePersister) FindingsRegistry
type JWTClaimsWithScopes ¶
type JWTClaimsWithScopes struct { *jwt.RegisteredClaims Scope *string `json:"scope"` }
type MarkIllegitimateCommand ¶
type MarkIllegitimateCommand struct {
// contains filtered or unexported fields
}
type MarkLegitimateCommand ¶
type MarkLegitimateCommand struct {
// contains filtered or unexported fields
}
type MockEventAlerter ¶
type MockEventAlerter struct {
// contains filtered or unexported fields
}
MockEventAlerter is a mock of EventAlerter interface.
func NewMockEventAlerter ¶
func NewMockEventAlerter(ctrl *gomock.Controller) *MockEventAlerter
NewMockEventAlerter creates a new mock instance.
func (*MockEventAlerter) EXPECT ¶
func (m *MockEventAlerter) EXPECT() *MockEventAlerterMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockEventAlerter) SetEventAlert ¶
func (m *MockEventAlerter) SetEventAlert(arg0 context.Context, arg1 string, arg2 uint, arg3 core.AlertSeverity) error
SetEventAlert mocks base method.
type MockEventAlerterMockRecorder ¶
type MockEventAlerterMockRecorder struct {
// contains filtered or unexported fields
}
MockEventAlerterMockRecorder is the mock recorder for MockEventAlerter.
func (*MockEventAlerterMockRecorder) SetEventAlert ¶
func (mr *MockEventAlerterMockRecorder) SetEventAlert(arg0, arg1, arg2, arg3 interface{}) *gomock.Call
SetEventAlert indicates an expected call of SetEventAlert.
type Notifier ¶
type Notifier struct {
// contains filtered or unexported fields
}
func NewBFLANotifier ¶
func NewBFLANotifier(moduleName string, accessor core.BackendAccessor) *Notifier
func (*Notifier) NotifyAuthzModel ¶
func (*Notifier) NotifyFindings ¶
func (n *Notifier) NotifyFindings(ctx context.Context, apiID uint, notification notifications.ApiFindingsNotification) error
type Operations ¶
type Operations []*Operation
type ProvideAuthzModelCommand ¶
type ProvideAuthzModelCommand struct {
// contains filtered or unexported fields
}
type ResetModelCommand ¶
type ResetModelCommand struct { ErrorChan // contains filtered or unexported fields }
type SourceObject ¶
type SourceObject struct { K8sObject *k8straceannotator.K8sObjectRef `json:"k8s_object"` External bool `json:"external"` EndUsers EndUsers `json:"end_users,omitempty"` LastTime time.Time `json:"last_time"` StatusCode int64 `json:"status_code"` WarningStatus restapi.BFLAStatus `json:"warning_status"` Authorized bool `json:"authorized"` }
type StartDetectionCommand ¶
type StartDetectionCommand struct { ErrorChan // contains filtered or unexported fields }
type StartLearningCommand ¶
type StartLearningCommand struct { ErrorChan // contains filtered or unexported fields }
type StopDetectionCommand ¶
type StopDetectionCommand struct { ErrorChan // contains filtered or unexported fields }
type StopLearningCommand ¶
type StopLearningCommand struct { ErrorChan // contains filtered or unexported fields }
Click to show internal directories.
Click to hide internal directories.