github.com/crowdsecurity/crowdsec@v1.6.1/pkg/appsec/appsec_rule/appsec_rule.go (about) 1 package appsec_rule 2 3 import ( 4 "fmt" 5 ) 6 7 /* 8 rules: 9 - name: "test" 10 and: 11 - zones: 12 - BODY_ARGS 13 variables: 14 - foo 15 - bar 16 transform: 17 - lowercase|uppercase|b64decode|... 18 match: 19 type: regex 20 value: "[^a-zA-Z]" 21 - zones: 22 - ARGS 23 variables: 24 - bla 25 26 */ 27 28 type Match struct { 29 Type string `yaml:"type"` 30 Value string `yaml:"value"` 31 Not bool `yaml:"not,omitempty"` 32 } 33 34 type CustomRule struct { 35 Name string `yaml:"name"` 36 37 Zones []string `yaml:"zones"` 38 Variables []string `yaml:"variables"` 39 40 Match Match `yaml:"match"` 41 Transform []string `yaml:"transform"` //t:lowercase, t:uppercase, etc 42 And []CustomRule `yaml:"and,omitempty"` 43 Or []CustomRule `yaml:"or,omitempty"` 44 45 BodyType string `yaml:"body_type,omitempty"` 46 } 47 48 func (v *CustomRule) Convert(ruleType string, appsecRuleName string) (string, []uint32, error) { 49 50 if v.Zones == nil && v.And == nil && v.Or == nil { 51 return "", nil, fmt.Errorf("no zones defined") 52 } 53 54 if v.Match.Type == "" && v.And == nil && v.Or == nil { 55 return "", nil, fmt.Errorf("no match type defined") 56 } 57 58 if v.Match.Value == "" && v.And == nil && v.Or == nil { 59 return "", nil, fmt.Errorf("no match value defined") 60 } 61 62 switch ruleType { 63 case ModsecurityRuleType: 64 r := ModsecurityRule{} 65 return r.Build(v, appsecRuleName) 66 default: 67 return "", nil, fmt.Errorf("unknown rule format '%s'", ruleType) 68 } 69 }