Documentation
¶
Overview ¶
Package bfladetector is a generated GoMock package.
Index ¶
- Constants
- Variables
- func APIFindingBFLAScopesMismatch(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func APIFindingBFLASuspiciousCallHigh(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func APIFindingBFLASuspiciousCallMedium(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
- func Contains(items []string, val string) bool
- func ContainsAll(items []string, vals []string) bool
- func GetOpenAPI(invInfo *database.APIInfo, apiID uint) (spec *spec.Swagger, err error)
- func GetServiceOpenapiSpec(specBytes []byte) (*spec.Swagger, error)
- func GetSpecOperation(spc *spec.Swagger, method models.HTTPMethod, resolvedPath string) *spec.Operation
- func ParseSpecInfo(apiInfo *database.APIInfo) ([]*models.SpecTag, error)
- func ResolveBFLAStatus(statusCode string) restapi.BFLAStatus
- func ResolveBFLAStatusInt(code int) restapi.BFLAStatus
- func ResolvePath(tags []*models.SpecTag, event *database.APIEvent) (path string, tagNames []string, err error)
- func ToGlobalOperations(authzModelOps Operations) (ops []global.AuthorizationModelOperation)
- func ToRestapiSpecType(specType SpecType) restapi.SpecType
- type Audience
- type AuthorizationModel
- type AuthzModelNotification
- type BFLADetector
- type BFLANotifier
- type BFLAState
- type BFLAStateEnum
- type BflaConfig
- type Command
- type CommandWithError
- type CommandsChan
- type CompositeTrace
- type DetectedUser
- type DetectedUserSource
- type EndUsers
- type ErrorChan
- type EventAlerter
- type EventOperation
- type FindingsRegistry
- type JWTClaimsWithScopes
- type MarkIllegitimateCommand
- type MarkLegitimateCommand
- type MockEventAlerter
- type MockEventAlerterMockRecorder
- type Notifier
- type Operation
- type Operations
- type ProvideAuthzModelCommand
- type ResetModelCommand
- type SourceObject
- type SpecType
- type StartDetectionCommand
- type StartLearningCommand
- type StopDetectionCommand
- type StopLearningCommand
Constants ¶
View Source
const ( ModuleName = "bfla" ModuleDescription = "Reconstructs an authorization model for an API and detects violations of such authorization model" K8sSrcAnnotationName = "bfla_k8s_src" K8sDstAnnotationName = "bfla_k8s_dst" DetectedIDAnnotationName = "bfla_detected_id" AuthzModelAnnotationName = "authz_model" BFLAStateAnnotationName = "bfla_state" BFLAFindingsAnnotationName = "bfla_findings" )
Variables ¶
View Source
var ErrUnsupportedAuthScheme = errors.New("unsupported auth scheme")
Functions ¶
func APIFindingBFLAScopesMismatch ¶
func APIFindingBFLAScopesMismatch(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func APIFindingBFLASuspiciousCallHigh ¶
func APIFindingBFLASuspiciousCallHigh(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func APIFindingBFLASuspiciousCallMedium ¶
func APIFindingBFLASuspiciousCallMedium(specType SpecType, path string, method models.HTTPMethod) common.APIFinding
func ContainsAll ¶
func GetOpenAPI ¶
func GetSpecOperation ¶
func ResolveBFLAStatus ¶
func ResolveBFLAStatus(statusCode string) restapi.BFLAStatus
func ResolveBFLAStatusInt ¶
func ResolveBFLAStatusInt(code int) restapi.BFLAStatus
func ResolvePath ¶
func ToGlobalOperations ¶
func ToGlobalOperations(authzModelOps Operations) (ops []global.AuthorizationModelOperation)
func ToRestapiSpecType ¶
Types ¶
type Audience ¶
type Audience []*SourceObject
func (Audience) Find ¶
func (aud Audience) Find(fn func(sa *SourceObject) bool) (int, *SourceObject)
type AuthorizationModel ¶
type AuthorizationModel struct {
Operations Operations `json:"operations"`
}
type AuthzModelNotification ¶
type AuthzModelNotification struct {
Learning bool
AuthzModel AuthorizationModel
SpecType SpecType
}
type BFLADetector ¶
type BFLADetector interface {
SendTrace(trace *CompositeTrace)
IsLearning(apiID uint) bool
GetState(apiID uint) (BFLAStateEnum, error)
FindSourceObj(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint) (*SourceObject, error)
ApproveTrace(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint, user *DetectedUser)
DenyTrace(path, method string, clientRef *k8straceannotator.K8sObjectRef, apiID uint, user *DetectedUser)
ResetModel(apiID uint) error
StartLearning(apiID uint, numberOfTraces int) error
StopLearning(apiID uint) error
StartDetection(apiID uint) error
StopDetection(apiID uint) error
ProvideAuthzModel(apiID uint, am AuthorizationModel)
}
func NewBFLADetector ¶
func NewBFLADetector(ctx context.Context, modName string, bflaBackendAccessor bflaBackendAccessor, eventAlerter EventAlerter, bflaNotifier BFLANotifier, sp recovery.StatePersister, notifierResyncInterval time.Duration) BFLADetector
type BFLANotifier ¶
type BFLANotifier interface {
NotifyAuthzModel(ctx context.Context, apiID uint, notification AuthzModelNotification) error
NotifyFindings(ctx context.Context, apiID uint, notification notifications.ApiFindingsNotification) error
}
type BFLAState ¶
type BFLAState struct {
State BFLAStateEnum `json:"state"`
TraceCounter int `json:"trace_counter"`
}
type BFLAStateEnum ¶
type BFLAStateEnum uint
const ( BFLAStart BFLAStateEnum = iota BFLALearning BFLALearnt BFLADetecting )
func (BFLAStateEnum) String ¶
func (s BFLAStateEnum) String() string
type BflaConfig ¶
type CommandWithError ¶
type CommandsChan ¶
type CommandsChan chan Command
func (CommandsChan) Send ¶
func (c CommandsChan) Send(cmd Command)
func (CommandsChan) SendAndReplyErr ¶
func (c CommandsChan) SendAndReplyErr(cmd CommandWithError) error
type CompositeTrace ¶
type CompositeTrace struct {
*core.Event
K8SSource, K8SDestination *k8straceannotator.K8sObjectRef
DetectedUser *DetectedUser
}
type DetectedUser ¶
type DetectedUser struct {
Source DetectedUserSource `json:"source"`
ID string `json:"id"`
IPAddress string `json:"ip_address"`
// Present if the source is JWT.
JWTClaims *JWTClaimsWithScopes `json:"jwt_claims"`
}
func (*DetectedUser) IsMismatchedScopes ¶
func (u *DetectedUser) IsMismatchedScopes(op *spec.Operation) bool
type DetectedUserSource ¶
type DetectedUserSource int32
const ( DetectedUserSourceUnknown DetectedUserSource = iota DetectedUserSourceJWT DetectedUserSourceBasic DetectedUserSourceXConsumerIDHeader )
func DetectedUserSourceFromString ¶
func DetectedUserSourceFromString(s string) DetectedUserSource
func (DetectedUserSource) MarshalJSON ¶
func (d DetectedUserSource) MarshalJSON() ([]byte, error)
func (DetectedUserSource) String ¶
func (d DetectedUserSource) String() string
func (*DetectedUserSource) UnmarshalJSON ¶
func (d *DetectedUserSource) UnmarshalJSON(b []byte) error
type EndUsers ¶
type EndUsers []*DetectedUser
func (EndUsers) Find ¶
func (ops EndUsers) Find(fn func(op *DetectedUser) bool) (int, *DetectedUser)
type EventAlerter ¶
type EventOperation ¶
type FindingsRegistry ¶
type FindingsRegistry interface {
Add(apiID uint, finding common.APIFinding) (bool, error)
GetAll(apiID uint) ([]common.APIFinding, error)
Clear(apiID uint) error
}
func NewFindingsRegistry ¶
func NewFindingsRegistry(sp recovery.StatePersister) FindingsRegistry
type JWTClaimsWithScopes ¶
type JWTClaimsWithScopes struct {
*jwt.RegisteredClaims
Scope *string `json:"scope"`
}
type MarkIllegitimateCommand ¶
type MarkIllegitimateCommand struct {
// contains filtered or unexported fields
}
type MarkLegitimateCommand ¶
type MarkLegitimateCommand struct {
// contains filtered or unexported fields
}
type MockEventAlerter ¶
type MockEventAlerter struct {
// contains filtered or unexported fields
}
MockEventAlerter is a mock of EventAlerter interface.
func NewMockEventAlerter ¶
func NewMockEventAlerter(ctrl *gomock.Controller) *MockEventAlerter
NewMockEventAlerter creates a new mock instance.
func (*MockEventAlerter) EXPECT ¶
func (m *MockEventAlerter) EXPECT() *MockEventAlerterMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockEventAlerter) SetEventAlert ¶
func (m *MockEventAlerter) SetEventAlert(arg0 context.Context, arg1 string, arg2 uint, arg3 core.AlertSeverity) error
SetEventAlert mocks base method.
type MockEventAlerterMockRecorder ¶
type MockEventAlerterMockRecorder struct {
// contains filtered or unexported fields
}
MockEventAlerterMockRecorder is the mock recorder for MockEventAlerter.
func (*MockEventAlerterMockRecorder) SetEventAlert ¶
func (mr *MockEventAlerterMockRecorder) SetEventAlert(arg0, arg1, arg2, arg3 interface{}) *gomock.Call
SetEventAlert indicates an expected call of SetEventAlert.
type Notifier ¶
type Notifier struct {
// contains filtered or unexported fields
}
func NewBFLANotifier ¶
func NewBFLANotifier(moduleName string, accessor core.BackendAccessor) *Notifier
func (*Notifier) NotifyAuthzModel ¶
func (*Notifier) NotifyFindings ¶
func (n *Notifier) NotifyFindings(ctx context.Context, apiID uint, notification notifications.ApiFindingsNotification) error
type Operations ¶
type Operations []*Operation
type ProvideAuthzModelCommand ¶
type ProvideAuthzModelCommand struct {
// contains filtered or unexported fields
}
type ResetModelCommand ¶
type ResetModelCommand struct {
ErrorChan
// contains filtered or unexported fields
}
type SourceObject ¶
type SourceObject struct {
K8sObject *k8straceannotator.K8sObjectRef `json:"k8s_object"`
External bool `json:"external"`
EndUsers EndUsers `json:"end_users,omitempty"`
LastTime time.Time `json:"last_time"`
StatusCode int64 `json:"status_code"`
WarningStatus restapi.BFLAStatus `json:"warning_status"`
Authorized bool `json:"authorized"`
}
type StartDetectionCommand ¶
type StartDetectionCommand struct {
ErrorChan
// contains filtered or unexported fields
}
type StartLearningCommand ¶
type StartLearningCommand struct {
ErrorChan
// contains filtered or unexported fields
}
type StopDetectionCommand ¶
type StopDetectionCommand struct {
ErrorChan
// contains filtered or unexported fields
}
type StopLearningCommand ¶
type StopLearningCommand struct {
ErrorChan
// contains filtered or unexported fields
}
Source Files
Click to show internal directories.
Click to hide internal directories.