Documentation
¶
Index ¶
- Variables
- func Contains(target interface{}, obj interface{}) (bool, error)
- func RandString(n int) string
- func SContains(target []string, obj string) (bool, error)
- type BASE
- type BoltDB
- func (m *BoltDB) Abnormals() (count int)
- func (m *BoltDB) AddPattern(pattern []byte, context sql.QueryContext) error
- func (m *BoltDB) CheckPattern(pattern []byte) error
- func (m *BoltDB) CheckPermission(sql.QueryContext, bool, bool) bool
- func (m *BoltDB) CheckQuery(context sql.QueryContext, checkUser bool, checkSource bool) bool
- func (m *BoltDB) DeletePattern(pattern []byte) error
- func (m *BoltDB) InitialDB(str string, syncInterval time.Duration, timeout time.Duration) error
- func (m *BoltDB) Patterns() (count int)
- func (m *BoltDB) Purge() error
- func (m *BoltDB) PutPattern(pattern []byte, query []byte) error
- func (m *BoltDB) RecordAbnormal(context sql.QueryContext, abType string) error
- func (m *BoltDB) RecordQueryAction(context sql.QueryAction) error
- func (m *BoltDB) SyncAndClose() error
- func (m *BoltDB) UpdateState() error
- type MySQL
- func (m *MySQL) Abnormals() (count int)
- func (m *MySQL) AddPattern(pattern []byte, context sql.QueryContext) error
- func (m *MySQL) CheckPattern(pattern []byte) error
- func (m *MySQL) CheckPermission(context sql.QueryContext, q bool, v bool) bool
- func (m *MySQL) CheckQuery(context sql.QueryContext, checkUser bool, checkSource bool) bool
- func (m *MySQL) DeletePattern(pattern []byte) error
- func (m *MySQL) InitialDB(str string, syncInterval time.Duration, timeout time.Duration) error
- func (m *MySQL) Patterns() (count int)
- func (m *MySQL) Purge() error
- func (m *MySQL) PutPattern(pattern []byte, query []byte) error
- func (m *MySQL) RecordAbnormal(context sql.QueryContext, abType string) error
- func (m *MySQL) RecordQueryAction(context sql.QueryAction) error
- func (m *MySQL) SyncAndClose() error
- func (m *MySQL) UpdateState() error
- type Pattern
- type Permission
- type QueryAction
- type State
Constants ¶
This section is empty.
Variables ¶
View Source
var ( //QueryCounter state QueryCounter = uint64(0) //AbnormalCounter state AbnormalCounter = uint64(0) )
View Source
var ( // DBCon boltdb DBCon *bolt.DB )
Functions ¶
func RandString ¶
RandString generate a random string of a fixed length https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang
Types ¶
type BASE ¶
type BASE interface {
InitialDB(string, time.Duration, time.Duration) error
RecordQueryAction(sql.QueryAction) error
Abnormals() int
RecordAbnormal(sql.QueryContext, string) error
Patterns() int
CheckPattern([]byte) error
AddPattern([]byte, sql.QueryContext) error
PutPattern([]byte, []byte) error
DeletePattern([]byte) error
Purge() error
CheckQuery(sql.QueryContext, bool, bool) bool
CheckPermission(sql.QueryContext, bool, bool) bool
UpdateState() error
SyncAndClose() error
}
BASE interface should get implemented with every added store database(Boltdb, MySQL, Postgre & etc.) structure
func GenerateLocalDB ¶
GenerateLocalDB generate local db
type BoltDB ¶
type BoltDB struct {
// contains filtered or unexported fields
}
BoltDB local db
func (*BoltDB) AddPattern ¶
func (m *BoltDB) AddPattern(pattern []byte, context sql.QueryContext) error
AddPattern add
func (*BoltDB) CheckPattern ¶
CheckPattern check if pattern exist
func (*BoltDB) CheckPermission ¶
CheckPermission check if has permission
func (*BoltDB) CheckQuery ¶
CheckQuery check if Query exist
func (*BoltDB) DeletePattern ¶
DeletePattern delete pattern
func (*BoltDB) PutPattern ¶
PutPattern put pattern
func (*BoltDB) RecordAbnormal ¶
func (m *BoltDB) RecordAbnormal(context sql.QueryContext, abType string) error
RecordAbnormal record abnormal query
func (*BoltDB) RecordQueryAction ¶
func (m *BoltDB) RecordQueryAction(context sql.QueryAction) error
RecordQueryAction record query and action
type MySQL ¶
type MySQL struct {
UUID string
// contains filtered or unexported fields
}
MySQL local db
func (*MySQL) AddPattern ¶
func (m *MySQL) AddPattern(pattern []byte, context sql.QueryContext) error
AddPattern add
func (*MySQL) CheckPattern ¶
CheckPattern check if pattern exists
func (*MySQL) CheckPermission ¶
CheckPermission check if has permission
func (*MySQL) CheckQuery ¶
CheckQuery check query
func (*MySQL) DeletePattern ¶
DeletePattern delete pattern
func (*MySQL) PutPattern ¶
PutPattern put pattern
func (*MySQL) RecordAbnormal ¶
func (m *MySQL) RecordAbnormal(context sql.QueryContext, abType string) error
RecordAbnormal record abnormal query
func (*MySQL) RecordQueryAction ¶
func (m *MySQL) RecordQueryAction(context sql.QueryAction) error
RecordQueryAction record query and action
type Pattern ¶
type Pattern struct {
ID int `orm:"column(id)"`
// pattent_key
Key string `orm:"column(key);null;type(text)"`
//value
Value string `orm:"column(value);null;type(text)"`
// Example Value
ExampleValue string `orm:"column(example_value);null;type(text)"`
// 启用状态, true, false
Enable bool `orm:"column(enable);default(true)"`
UUID string `orm:"column(uuid);size(36)"`
}
Pattern record trainging set
type Permission ¶
type Permission struct {
ID int `orm:"column(id)"`
// 数据库
Db string `orm:"column(db);null;size(128)"`
// 用户
User string `orm:"column(user);null;size(128)"`
// 客户端
Client string `orm:"column(client);null;size(128)"`
// 表, "*" 表示全部
Table string `orm:"column(table);null;size(128)"`
// 权限, SELECT,UPDATE,DELETE,INSERT,GRANT....
Permission string `orm:"column(permission);type(text)"`
// 启用状态, true, false
Enable bool `orm:"column(enable);default(true)"`
UUID string `orm:"column(uuid);size(36)"`
}
Permission 权限规则
type QueryAction ¶
type QueryAction struct {
ID int `orm:"column(id)"`
SessionID string `orm:"column(flow_id);null;size(32)"`
FlowInfo string `orm:"column(flow_info);null;type(text)"`
// 实际查询语句
Query string `orm:"column(query);null;type(text)"`
// 查询用户
User string `orm:"column(user);null;size(128)"`
// 查询客户端信息
ClientIP string `orm:"column(client_ip);null;size(39)"`
ClientProgram string `orm:"column(client_program);null;size(128)"`
// server info
ServerIP string `orm:"column(server_ip);null;size(39)"`
ServerPort int `orm:"column(server_port);null"`
// 执行的数据库和表
Database string `orm:"column(db);null;size(128)"`
Tables string `orm:"column(tables);null;type(text)"`
// 执行时间和执行耗时(ms)
Time time.Time `orm:"column(time);auto_now_add;type(datetime);size(6)"`
Duration int64 `orm:"column(duration);default(0)"`
// 执行结果
QueryResult bool `orm:"column(query_result);default(true)"`
// 是否违规操作
IsAbnormal bool `orm:"column(is_abnormal);default(false)"`
// 违规操作类型:none, pattern, permission
AbnormalType string `orm:"column(abnormal_type);size(32);default(none)"`
// 处理结果:none, learning, pass, drop
Action string `orm:"column(action);size(36);defult(pass)"`
// 告警
IsAlarm bool `orm:"column(is_alarm);default(false)"`
// 是否分析
Analysed bool `orm:"column(analysed);default(false)"`
// sql type
SQLType string `orm:"column(sql_type);null;size(32)"`
// dbshield or others
Tool string `orm:"column(tool);null;size(32)"`
// 模式
Pattern string `orm:"column(pattern);null;type(text)"`
// 区分不同
UUID string `orm:"column(uuid);size(36)"`
}
QueryAction 记录所有操作
type State ¶
type State struct {
ID int `orm:"column(id)"`
Key string `orm:"column(key);size(5)"`
QueryCounter uint64 `orm:"column(QueryCounter);type(bigint unsigned)"`
AbnormalCounter uint64 `orm:"column(AbnormalCounter);type(bigint unsigned)"`
UUID string `orm:"column(uuid);size(36)"`
}
State record abnormal set
Source Files
Click to show internal directories.
Click to hide internal directories.