Documentation ¶
Index ¶
- Variables
- func Contains(target interface{}, obj interface{}) (bool, error)
- func RandString(n int) string
- func SContains(target []string, obj string) (bool, error)
- type BASE
- type BoltDB
- func (m *BoltDB) Abnormals() (count int)
- func (m *BoltDB) AddPattern(pattern []byte, context sql.QueryContext) error
- func (m *BoltDB) CheckPattern(pattern []byte) error
- func (m *BoltDB) CheckPermission(sql.QueryContext, bool, bool) bool
- func (m *BoltDB) CheckQuery(context sql.QueryContext, checkUser bool, checkSource bool) bool
- func (m *BoltDB) DeletePattern(pattern []byte) error
- func (m *BoltDB) InitialDB(str string, syncInterval time.Duration, timeout time.Duration) error
- func (m *BoltDB) Patterns() (count int)
- func (m *BoltDB) Purge() error
- func (m *BoltDB) PutPattern(pattern []byte, query []byte) error
- func (m *BoltDB) RecordAbnormal(context sql.QueryContext, abType string) error
- func (m *BoltDB) RecordQueryAction(context sql.QueryAction) error
- func (m *BoltDB) SyncAndClose() error
- func (m *BoltDB) UpdateState() error
- type MySQL
- func (m *MySQL) Abnormals() (count int)
- func (m *MySQL) AddPattern(pattern []byte, context sql.QueryContext) error
- func (m *MySQL) CheckPattern(pattern []byte) error
- func (m *MySQL) CheckPermission(context sql.QueryContext, q bool, v bool) bool
- func (m *MySQL) CheckQuery(context sql.QueryContext, checkUser bool, checkSource bool) bool
- func (m *MySQL) DeletePattern(pattern []byte) error
- func (m *MySQL) InitialDB(str string, syncInterval time.Duration, timeout time.Duration) error
- func (m *MySQL) Patterns() (count int)
- func (m *MySQL) Purge() error
- func (m *MySQL) PutPattern(pattern []byte, query []byte) error
- func (m *MySQL) RecordAbnormal(context sql.QueryContext, abType string) error
- func (m *MySQL) RecordQueryAction(context sql.QueryAction) error
- func (m *MySQL) SyncAndClose() error
- func (m *MySQL) UpdateState() error
- type Pattern
- type Permission
- type QueryAction
- type State
Constants ¶
This section is empty.
Variables ¶
var ( //QueryCounter state QueryCounter = uint64(0) //AbnormalCounter state AbnormalCounter = uint64(0) )
var ( // DBCon boltdb DBCon *bolt.DB )
Functions ¶
func RandString ¶
RandString generate a random string of a fixed length https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang
Types ¶
type BASE ¶
type BASE interface { InitialDB(string, time.Duration, time.Duration) error RecordQueryAction(sql.QueryAction) error Abnormals() int RecordAbnormal(sql.QueryContext, string) error Patterns() int CheckPattern([]byte) error AddPattern([]byte, sql.QueryContext) error PutPattern([]byte, []byte) error DeletePattern([]byte) error Purge() error CheckQuery(sql.QueryContext, bool, bool) bool CheckPermission(sql.QueryContext, bool, bool) bool UpdateState() error SyncAndClose() error }
BASE interface should get implemented with every added store database(Boltdb, MySQL, Postgre & etc.) structure
func GenerateLocalDB ¶
GenerateLocalDB generate local db
type BoltDB ¶
type BoltDB struct {
// contains filtered or unexported fields
}
BoltDB local db
func (*BoltDB) AddPattern ¶
func (m *BoltDB) AddPattern(pattern []byte, context sql.QueryContext) error
AddPattern add
func (*BoltDB) CheckPattern ¶
CheckPattern check if pattern exist
func (*BoltDB) CheckPermission ¶
CheckPermission check if has permission
func (*BoltDB) CheckQuery ¶
CheckQuery check if Query exist
func (*BoltDB) DeletePattern ¶
DeletePattern delete pattern
func (*BoltDB) PutPattern ¶
PutPattern put pattern
func (*BoltDB) RecordAbnormal ¶
func (m *BoltDB) RecordAbnormal(context sql.QueryContext, abType string) error
RecordAbnormal record abnormal query
func (*BoltDB) RecordQueryAction ¶
func (m *BoltDB) RecordQueryAction(context sql.QueryAction) error
RecordQueryAction record query and action
type MySQL ¶
type MySQL struct { UUID string // contains filtered or unexported fields }
MySQL local db
func (*MySQL) AddPattern ¶
func (m *MySQL) AddPattern(pattern []byte, context sql.QueryContext) error
AddPattern add
func (*MySQL) CheckPattern ¶
CheckPattern check if pattern exists
func (*MySQL) CheckPermission ¶
CheckPermission check if has permission
func (*MySQL) CheckQuery ¶
CheckQuery check query
func (*MySQL) DeletePattern ¶
DeletePattern delete pattern
func (*MySQL) PutPattern ¶
PutPattern put pattern
func (*MySQL) RecordAbnormal ¶
func (m *MySQL) RecordAbnormal(context sql.QueryContext, abType string) error
RecordAbnormal record abnormal query
func (*MySQL) RecordQueryAction ¶
func (m *MySQL) RecordQueryAction(context sql.QueryAction) error
RecordQueryAction record query and action
type Pattern ¶
type Pattern struct { ID int `orm:"column(id)"` // pattent_key Key string `orm:"column(key);null;type(text)"` //value Value string `orm:"column(value);null;type(text)"` // Example Value ExampleValue string `orm:"column(example_value);null;type(text)"` // 启用状态, true, false Enable bool `orm:"column(enable);default(true)"` UUID string `orm:"column(uuid);size(36)"` }
Pattern record trainging set
type Permission ¶
type Permission struct { ID int `orm:"column(id)"` // 数据库 Db string `orm:"column(db);null;size(128)"` // 用户 User string `orm:"column(user);null;size(128)"` // 客户端 Client string `orm:"column(client);null;size(128)"` // 表, "*" 表示全部 Table string `orm:"column(table);null;size(128)"` // 权限, SELECT,UPDATE,DELETE,INSERT,GRANT.... Permission string `orm:"column(permission);type(text)"` // 启用状态, true, false Enable bool `orm:"column(enable);default(true)"` UUID string `orm:"column(uuid);size(36)"` }
Permission 权限规则
type QueryAction ¶
type QueryAction struct { ID int `orm:"column(id)"` SessionID string `orm:"column(flow_id);null;size(32)"` FlowInfo string `orm:"column(flow_info);null;type(text)"` // 实际查询语句 Query string `orm:"column(query);null;type(text)"` // 查询用户 User string `orm:"column(user);null;size(128)"` // 查询客户端信息 ClientIP string `orm:"column(client_ip);null;size(39)"` ClientProgram string `orm:"column(client_program);null;size(128)"` // server info ServerIP string `orm:"column(server_ip);null;size(39)"` ServerPort int `orm:"column(server_port);null"` // 执行的数据库和表 Database string `orm:"column(db);null;size(128)"` Tables string `orm:"column(tables);null;type(text)"` // 执行时间和执行耗时(ms) Time time.Time `orm:"column(time);auto_now_add;type(datetime);size(6)"` Duration int64 `orm:"column(duration);default(0)"` // 执行结果 QueryResult bool `orm:"column(query_result);default(true)"` // 是否违规操作 IsAbnormal bool `orm:"column(is_abnormal);default(false)"` // 违规操作类型:none, pattern, permission AbnormalType string `orm:"column(abnormal_type);size(32);default(none)"` // 处理结果:none, learning, pass, drop Action string `orm:"column(action);size(36);defult(pass)"` // 告警 IsAlarm bool `orm:"column(is_alarm);default(false)"` // 是否分析 Analysed bool `orm:"column(analysed);default(false)"` // sql type SQLType string `orm:"column(sql_type);null;size(32)"` // dbshield or others Tool string `orm:"column(tool);null;size(32)"` // 模式 Pattern string `orm:"column(pattern);null;type(text)"` // 区分不同 UUID string `orm:"column(uuid);size(36)"` }
QueryAction 记录所有操作
type State ¶
type State struct { ID int `orm:"column(id)"` Key string `orm:"column(key);size(5)"` QueryCounter uint64 `orm:"column(QueryCounter);type(bigint unsigned)"` AbnormalCounter uint64 `orm:"column(AbnormalCounter);type(bigint unsigned)"` UUID string `orm:"column(uuid);size(36)"` }
State record abnormal set