-
Notifications
You must be signed in to change notification settings - Fork 264
/
Copy pathfirewall.go
250 lines (217 loc) · 7.7 KB
/
firewall.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
/*
* @Copyright Reserved By Janusec (https://www.janusec.com/).
* @Author: U2
* @Date: 2018-07-14 16:38:56
* @Last Modified: U2, 2018-07-14 16:38:56
*/
package models
import (
"database/sql"
"sync"
)
type PolicyKey string
type PolicyAction int64
const (
Action_Block_100 PolicyAction = 100
Action_BypassAndLog_200 PolicyAction = 200
Action_CAPTCHA_300 PolicyAction = 300
Action_Pass_400 PolicyAction = 400
)
type CCPolicy struct {
AppID int64 `json:"app_id,string"` // Global Policy set app_id=0
IntervalMilliSeconds float64 `json:"interval_milliseconds"`
MaxCount int64 `json:"max_count"`
BlockSeconds float64 `json:"block_seconds"`
Action PolicyAction `json:"action"`
StatByURL bool `json:"stat_by_url"`
StatByUserAgent bool `json:"stat_by_ua"`
StatByCookie bool `json:"stat_by_cookie"`
IsEnabled bool `json:"is_enabled"`
}
type ChkPoint int64
const (
ChkPointHost ChkPoint = 1
ChkPointIPAddress ChkPoint = 1 << 1
ChkPointMethod ChkPoint = 1 << 2
ChkPointURLPath ChkPoint = 1 << 3
ChkPointURLQuery ChkPoint = 1 << 4
ChkPointFileExt ChkPoint = 1 << 5 // added v1.1.0
// ChkPointValueLength ChkPoint = 1 << 6 // deprecated from v1.1.0
ChkPointGetPostKey ChkPoint = 1 << 7
ChkPointGetPostValue ChkPoint = 1 << 8
ChkPointUploadFileExt ChkPoint = 1 << 9
ChkPointReferer ChkPoint = 1 << 10 // added v1.1.0
ChkPointCookieKey ChkPoint = 1 << 11
ChkPointCookieValue ChkPoint = 1 << 12
ChkPointUserAgent ChkPoint = 1 << 13
ChkPointContentType ChkPoint = 1 << 14
ChkPointHeaderKey ChkPoint = 1 << 15
ChkPointHeaderValue ChkPoint = 1 << 16
ChkPointProto ChkPoint = 1 << 17
ChkPointResponseStatusCode ChkPoint = 1 << 25
ChkPointResponseHeaderKey ChkPoint = 1 << 26
ChkPointResponseHeaderValue ChkPoint = 1 << 27
//ChkPointResponseBodyLength ChkPoint = 1 << 28 // deprecated from v1.1.0
ChkPointResponseBody ChkPoint = 1 << 29
)
type GroupPolicy struct {
ID int64 `json:"id,string"`
Description string `json:"description"`
AppID int64 `json:"app_id,string"`
VulnID int64 `json:"vuln_id"`
CheckItems []*CheckItem `json:"check_items"`
HitValue int64 `json:"hit_value"`
Action PolicyAction `json:"action"`
IsEnabled bool `json:"is_enabled"`
UserID int64 `json:"user_id,string"`
User *AppUser `json:"-"`
UpdateTime int64 `json:"update_time"`
}
/*
type DBGroupPolicy struct {
ID int64 `json:"id,string"`
Description string `json:"description"`
AppID int64 `json:"app_id,string"`
VulnID int64 `json:"vuln_id"`
HitValue int64 `json:"hit_value"`
Action PolicyAction `json:"action"`
IsEnabled bool `json:"is_enabled"`
UserID int64 `json:"user_id,string"`
UpdateTime int64 `json:"update_time"`
}
*/
type Operation int64
const (
OperationRegexMatch Operation = 1
OperationEqualsStringCaseInsensitive Operation = 1 << 1
OperationGreaterThanInteger Operation = 1 << 2
OperationEqualsInteger Operation = 1 << 3
OperationLengthGreaterThanInteger Operation = 1 << 4
OperationRegexNotMatch Operation = 1 << 5 // added from v1.1.0
)
type CheckItem struct {
ID int64 `json:"id,string"`
CheckPoint ChkPoint `json:"check_point"`
Operation Operation `json:"operation"`
KeyName string `json:"key_name"`
RegexPolicy string `json:"regex_policy"`
GroupPolicyID int64 `json:"group_policy_id,string"`
GroupPolicy *GroupPolicy `json:"-"`
}
type DBCheckItem struct {
ID int64
CheckPoint ChkPoint
Operation Operation
KeyName sql.NullString
RegexPolicy string
GroupPolicyID int64
}
// ClientStat used for CC statistics
type ClientStat struct {
// QuickCount used for high frequency CC
QuickCount int64
// SlowCount used for low frequency CC
SlowCount int64
// TimeFrameCount used for low frequency CC
// and how many high frequency time frames in stat
// Usually, a slow time frame is about 15~30 quick time frames
TimeFrameCount int64
// IsBadIP means CC detected
IsBadIP bool
// RemainSeconds used for block time frame
RemainSeconds float64 //time.Duration
// added v1.3.1
Mutex sync.Mutex
}
type VulnType struct {
ID int64 `json:"id"`
Name string `json:"name"`
}
type RegexMatch struct {
Pattern string `json:"pattern"`
Payload string `json:"payload"`
Matched bool `json:"matched"`
PreProcess bool `json:"preprocess"`
}
type CCLog struct {
ID int64 `json:"id,string"`
RequestTime int64 `json:"request_time"`
ClientIP string `json:"client_ip"`
Host string `json:"host"`
Method string `json:"method"`
UrlPath string `json:"url_path"`
UrlQuery string `json:"url_query"`
ContentType string `json:"content_type"`
UserAgent string `json:"user_agent"`
Cookies string `json:"cookies"`
RawRequest string `json:"raw_request"`
Action PolicyAction `json:"action"`
AppID int64 `json:"app_id,string"`
}
type SimpleCCLog struct {
ID int64 `json:"id,string"`
RequestTime int64 `json:"request_time"`
ClientIP string `json:"client_ip"`
Host string `json:"host"`
Method string `json:"method"`
UrlPath string `json:"url_path"`
Action PolicyAction `json:"action"`
AppID int64 `json:"app_id,string"`
}
type GroupHitLog struct {
ID int64 `json:"id,string"`
RequestTime int64 `json:"request_time"`
ClientIP string `json:"client_ip"`
Host string `json:"host"`
Method string `json:"method"`
UrlPath string `json:"url_path"`
UrlQuery string `json:"url_query"`
ContentType string `json:"content_type"`
UserAgent string `json:"user_agent"`
Cookies string `json:"cookies"`
RawRequest string `json:"raw_request"`
Action PolicyAction `json:"action"`
PolicyID int64 `json:"policy_id,string"`
VulnID int64 `json:"vuln_id"`
AppID int64 `json:"app_id,string"`
}
type SimpleGroupHitLog struct {
ID int64 `json:"id,string"`
RequestTime int64 `json:"request_time"`
ClientIP string `json:"client_ip"`
Host string `json:"host"`
Method string `json:"method"`
UrlPath string `json:"url_path"`
Action PolicyAction `json:"action"`
PolicyID int64 `json:"policy_id,string"`
AppID int64 `json:"app_id,string"`
}
// StatCount for GroupPolicy or CCPolicy hit logs etc.
type StatCount struct {
AppID int64 `json:"app_id,string"`
StartTime int64 `json:"start_time"`
EndTime int64 `json:"end_time"`
Count int64 `json:"count"`
}
type VulnStat struct {
VulnID int64 `json:"vuln_id"`
Count int64 `json:"count"`
}
// IPPolicy is element in table "allow_list"
type IPPolicy struct {
ID int64 `json:"id,string"`
IPAddr string `json:"ip_addr"`
// IsAllow true for AllowList, and false for BlockList
IsAllow bool `json:"is_allow"`
// ApplyToWAF allow WAF not block
ApplyToWAF bool `json:"apply_to_waf"`
// ApplyToCC allow CC not block
ApplyToCC bool `json:"apply_to_cc"`
CreateTime int64 `json:"create_time"`
Description string `json:"description"`
}
// RPCIPPolicies for replica nodes
type RPCIPPolicies struct {
Error *string `json:"err"`
Object []*IPPolicy `json:"object"`
}