yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/cloudprovider/waf.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package cloudprovider 16 17 import ( 18 "fmt" 19 "reflect" 20 21 "yunion.io/x/jsonutils" 22 "yunion.io/x/pkg/gotypes" 23 ) 24 25 type TWafStatementType string 26 type TWafStatementCondition string 27 type TWafAction string 28 type TWafMatchField string 29 type TWafType string 30 type TWafOperator string 31 32 type TWafTextTransformation string 33 34 var ( 35 WafTypeCloudFront = TWafType("CloudFront") 36 WafTypeRegional = TWafType("Regional") 37 WafTypeDefault = TWafType("Default") 38 WafTypeAppGateway = TWafType("AppGateway") 39 40 WafStatementTypeByteMatch = TWafStatementType("ByteMatch") 41 WafStatementTypeGeoMatch = TWafStatementType("GeoMatch") 42 WafStatementTypeIPSet = TWafStatementType("IPSet") 43 WafStatementTypeLabelMatch = TWafStatementType("LabelMatch") 44 WafStatementTypeManagedRuleGroup = TWafStatementType("ManagedRuleGroup") 45 WafStatementTypeRate = TWafStatementType("Rate") 46 WafStatementTypeRegexSet = TWafStatementType("RegexSet") 47 WafStatementTypeRuleGroup = TWafStatementType("RuleGroup") 48 WafStatementTypeSize = TWafStatementType("Size") 49 WafStatementTypeSqliMatch = TWafStatementType("SqliMatch") 50 WafStatementTypeXssMatch = TWafStatementType("XssMatch") 51 52 WafStatementConditionAnd = TWafStatementCondition("And") 53 WafStatementConditionOr = TWafStatementCondition("Or") 54 WafStatementConditionNot = TWafStatementCondition("Not") 55 WafStatementConditionNone = TWafStatementCondition("") 56 57 WafActionAllow = TWafAction("Allow") 58 WafActionBlock = TWafAction("Block") 59 WafActionLog = TWafAction("Log") 60 WafActionCount = TWafAction("Count") 61 WafActionAlert = TWafAction("Alert") 62 WafActionDetection = TWafAction("Detection") 63 WafActionPrevention = TWafAction("Prevention") 64 WafActionNone = TWafAction("") 65 66 WafMatchFieldBody = TWafMatchField("Body") 67 WafMatchFieldJsonBody = TWafMatchField("JsonBody") 68 WafMatchFieldQuery = TWafMatchField("Query") 69 WafMatchFieldMethod = TWafMatchField("Method") 70 WafMatchFiledHeader = TWafMatchField("Header") 71 WafMatchFiledUriPath = TWafMatchField("UriPath") 72 WafMatchFiledPostArgs = TWafMatchField("PostArgs") 73 WafMatchFiledCookie = TWafMatchField("Cookie") 74 75 // size 76 WafOperatorEQ = TWafOperator("EQ") 77 WafOperatorNE = TWafOperator("NE") 78 WafOperatorLE = TWafOperator("LE") 79 WafOperatorLT = TWafOperator("LT") 80 WafOperatorGE = TWafOperator("GE") 81 WafOperatorGT = TWafOperator("GT") 82 83 // string 84 WafOperatorExactly = TWafOperator("Exactly") 85 WafOperatorStartsWith = TWafOperator("StartsWith") 86 WafOperatorEndsWith = TWafOperator("EndsWith") 87 WafOperatorContains = TWafOperator("Contains") 88 WafOperatorContainsWord = TWafOperator("ContainsWord") 89 WafOperatorRegex = TWafOperator("Regex") 90 91 WafTextTransformationNone = TWafTextTransformation("") 92 WafTextTransformationCompressWithSpace = TWafTextTransformation("CompressWithSpace") 93 WafTextTransformationHtmlEntityDecode = TWafTextTransformation("HtmlEntityDecode") 94 WafTextTransformationLowercase = TWafTextTransformation("Lowercase") 95 WafTextTransformationCmdLine = TWafTextTransformation("CmdLine") 96 WafTextTransformationUrlDecode = TWafTextTransformation("UrlDecode") 97 98 // azure 99 WafTextTransformationTrim = TWafTextTransformation("Trim") 100 WafTextTransformationUrlEncode = TWafTextTransformation("UrlEncode") 101 WafTextTransformationRemoveNulls = TWafTextTransformation("RemoveNulls") 102 ) 103 104 type TWafMatchFieldValues []string 105 106 func (self TWafMatchFieldValues) IsZero() bool { 107 return len(self) == 0 108 } 109 110 func (self TWafMatchFieldValues) String() string { 111 return jsonutils.Marshal(self).String() 112 } 113 114 type TextTransformations []TWafTextTransformation 115 116 func (self TextTransformations) IsZero() bool { 117 return len(self) == 0 118 } 119 120 func (self TextTransformations) String() string { 121 return jsonutils.Marshal(self).String() 122 } 123 124 type SExcludeRule struct { 125 Name string 126 } 127 128 type SExcludeRules []SExcludeRule 129 130 func (self SExcludeRules) IsZero() bool { 131 return len(self) == 0 132 } 133 134 func (self SExcludeRules) String() string { 135 return jsonutils.Marshal(self).String() 136 } 137 138 type SWafRule struct { 139 Name string 140 Desc string 141 Action *DefaultAction 142 StatementCondition TWafStatementCondition 143 Priority int 144 Statements []SWafStatement 145 } 146 147 // +onecloud:model-api-gen 148 type SWafStatement struct { 149 // 管理规则组名称 150 ManagedRuleGroupName string `width:"64" charset:"utf8" nullable:"false" list:"user"` 151 // 不包含的规则列表 152 ExcludeRules *SExcludeRules `width:"200" charset:"utf8" nullable:"false" list:"user"` 153 // 表达式类别 154 // enmu: ByteMatch, GeoMatch, IPSet, LabelMatch, ManagedRuleGroup, Rate, RegexSet, RuleGroup, Size, SqliMatch, XssMatch 155 Type TWafStatementType `width:"20" charset:"ascii" nullable:"false" list:"user"` 156 // 是否取反操作, 仅对Azure生效 157 Negation bool `nullable:"false" list:"user"` 158 // 操作类型 159 // enum: EQ, NE, LE, LT, GE, GT 160 Operator TWafOperator `width:"20" charset:"ascii" nullable:"false" list:"user"` 161 // 匹配字段 162 // enmu: Body, JsonBody, Query, Method, Header, UriPath, PostArgs, Cookie 163 MatchField TWafMatchField `width:"20" charset:"utf8" nullable:"false" list:"user"` 164 // 匹配字段的key 165 MatchFieldKey string `width:"20" charset:"utf8" nullable:"false" list:"user"` 166 // 匹配字段的值列表 167 MatchFieldValues *TWafMatchFieldValues `width:"250" charset:"utf8" nullable:"false" list:"user"` 168 // 进行转换操作 169 // enmu: CompressWithSpace, HtmlEntityDecode, Lowercase, CmdLine, UrlDecode, Trim, UrlEncode, RemoveNulls 170 Transformations *TextTransformations `width:"250" charset:"ascii" nullable:"false" list:"user"` 171 ForwardedIPHeader string `width:"20" charset:"ascii" nullable:"false" list:"user"` 172 // 搜索字段, 仅Aws有用 173 SearchString string `width:"64" charset:"utf8" nullable:"false" list:"user"` 174 IPSetId string `width:"36" charset:"ascii" nullable:"false" list:"user"` 175 // 正则表达式Id, 目前只读 176 RegexSetId string `width:"36" charset:"ascii" nullable:"false" list:"user"` 177 // 自定义规则组Id, 目前只读 178 RuleGroupId string `width:"36" charset:"ascii" nullable:"false" list:"user"` 179 } 180 181 func (self SWafStatement) GetGlobalId() string { 182 id := fmt.Sprintf("%s-%s-%s-%s-%s", 183 self.Type, 184 self.MatchField, 185 self.MatchFieldKey, 186 self.ManagedRuleGroupName, 187 self.SearchString, 188 ) 189 if self.Type == WafStatementTypeGeoMatch || self.Type == WafStatementTypeRate || self.Type == WafStatementTypeLabelMatch { 190 id = fmt.Sprintf("%s-%s", id, self.MatchFieldValues) 191 } 192 return id 193 } 194 195 func (self SWafStatement) GetExternalId() string { 196 return self.GetGlobalId() 197 } 198 199 // +onecloud:model-api-gen 200 type DefaultAction struct { 201 // Allow, Block, Log, Count, Alert, Detection, Prevention 202 Action TWafAction 203 204 // 仅Action为Allow时生效 205 InsertHeaders map[string]string 206 // 仅Action为Block时生效 207 Response string 208 // 仅Action为Block时生效 209 ResponseCode *int 210 // 仅Action为Block时生效 211 ResponseHeaders map[string]string 212 } 213 214 type WafSourceIps []string 215 216 // +onecloud:model-api-gen 217 type WafRegexPatterns []string 218 219 func (self WafRegexPatterns) IsZero() bool { 220 return len(self) == 0 221 } 222 223 func (self WafRegexPatterns) String() string { 224 return jsonutils.Marshal(self).String() 225 } 226 227 // +onecloud:model-api-gen 228 type WafAddresses []string 229 230 func (self WafAddresses) IsZero() bool { 231 return len(self) == 0 232 } 233 234 func (self WafAddresses) String() string { 235 return jsonutils.Marshal(self).String() 236 } 237 238 func (self DefaultAction) IsZero() bool { 239 return false 240 } 241 242 func (self DefaultAction) String() string { 243 return jsonutils.Marshal(self).String() 244 } 245 246 type SCloudResource struct { 247 // 资源Id 248 Id string 249 // 资源名称 250 Name string 251 // 资源类型 252 Type string 253 // 资源映射端口 254 Port int 255 // 是否可以解除关联 256 CanDissociate bool 257 } 258 259 type SCloudResources struct { 260 Data []SCloudResource `json:",allowempty"` 261 Total int 262 } 263 264 type WafCreateOptions struct { 265 Name string 266 Desc string 267 CloudResources []SCloudResource 268 SourceIps WafSourceIps 269 Type TWafType 270 DefaultAction *DefaultAction 271 } 272 273 func init() { 274 gotypes.RegisterSerializable(reflect.TypeOf(&DefaultAction{}), func() gotypes.ISerializable { 275 return &DefaultAction{} 276 }) 277 278 gotypes.RegisterSerializable(reflect.TypeOf(&WafAddresses{}), func() gotypes.ISerializable { 279 return &WafAddresses{} 280 }) 281 282 gotypes.RegisterSerializable(reflect.TypeOf(&TextTransformations{}), func() gotypes.ISerializable { 283 return &TextTransformations{} 284 }) 285 286 gotypes.RegisterSerializable(reflect.TypeOf(&TWafMatchFieldValues{}), func() gotypes.ISerializable { 287 return &TWafMatchFieldValues{} 288 }) 289 290 gotypes.RegisterSerializable(reflect.TypeOf(&SExcludeRules{}), func() gotypes.ISerializable { 291 return &SExcludeRules{} 292 }) 293 294 gotypes.RegisterSerializable(reflect.TypeOf(&WafRegexPatterns{}), func() gotypes.ISerializable { 295 return &WafRegexPatterns{} 296 }) 297 298 }