forked from senghoo/modsecurity-go
-
Notifications
You must be signed in to change notification settings - Fork 1
/
engine.go
70 lines (62 loc) · 1.26 KB
/
engine.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package modsecurity
type Engine struct {
Enabled bool
DetectionOnly bool
RuleSet *SecRuleSet
*Limits
*Config
}
type Limits struct {
RequestBodyAccess bool
ResponseBodyAccess bool
RequestBody int64
RequestBodyInMem int64
ResponseBody int64
}
type Config struct {
TmpPath string
}
func NewDefaultConfig() *Config {
return &Config{
TmpPath: "/tmp",
}
}
func NewDefaultLimits() *Limits {
return &Limits{
RequestBodyInMem: 131072, // 128kb
RequestBody: 134217728, // 1gb
ResponseBody: 524228, // 512kb
}
}
func NewEngine() *Engine {
return &Engine{
RuleSet: NewSecRuleSet(),
Limits: NewDefaultLimits(),
Config: NewDefaultConfig(),
}
}
const (
StatusOn = iota
StatusOff
StatusDect
)
// Enable acts like SecRuleEngine. status argument should be `StatusOn`, `StatusOff` or `StatusDect`.
func (e *Engine) Enable(status int) {
switch status {
case StatusOn:
e.Enabled = true
e.DetectionOnly = false
case StatusOff:
e.Enabled = false
e.DetectionOnly = false
case StatusDect:
e.Enabled = false
e.DetectionOnly = true
}
}
func (e *Engine) AddSecRule(rules ...*SecRule) {
e.RuleSet.AddRules(rules...)
}
func (e *Engine) NewTransaction() (*Transaction, error) {
return NewTransaction(e, e.RuleSet)
}