cnaize/cure
GitHub: cnaize/cure
Cure 是一个纯 Go 实现的轻量级 WAF,通过 YARA 规则以中间件方式为 Go Web 应用提供实时的恶意 HTTP 请求检测与拦截能力。
Stars: 0 | Forks: 0
# 治愈
`cure` — 基于 YARA 规则的纯 Go Web Application Firewall (WAF)(由 [Yargo](https://github.com/sansecio/yargo) 提供支持)
## 安装
```
go get github.com/cnaize/cure
```
## Web Frameworks 集成与手动扫描
```
package main
import (
"context"
"errors"
"net/http"
"time"
curec "github.com/cnaize/cure/core"
curem "github.com/cnaize/cure/middleware"
)
func main() {
cure := curec.NewCure()
// for native net/http, Chi, Echo, Fiber, etc.
// or use r.Use(curem.NewCure(cure).GinHandler()) for Gin framework
cwaf := curem.NewCure(cure).HTTPHandler
// auto update rules
_ = cure.Run(context.Background())
yourHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// you can also scan any raw data independently
some := []byte("some data")
err := cure.Scan(some, 0, time.Second, curec.DefaultCallback)
if errors.Is(err, curec.ErrMatchFound) {
w.WriteHeader(http.StatusBadRequest)
return
}
// your business logic
w.WriteHeader(http.StatusOK)
})
mux := http.NewServeMux()
// cure automatically scans incoming requests before passing control to your handler
mux.Handle("/api/some", cwaf(yourHandler))
_ = http.ListenAndServe(":8080", mux)
}
```
## 自定义规则加载
```
package main
import (
"context"
curec "github.com/cnaize/cure/core"
cures "github.com/cnaize/cure/source"
)
func main() {
// supports both local/remote files and all kinds of archives via github.com/mholt/archives
cure := curec.NewCure().WithSources(
cures.NewLocal("./my-yara-rules.zip"),
cures.NewRemote("https://my-company/rules.yar"),
)
// manual rules update
_ = cure.Update(context.Background())
}
```
## 基准测试
```
Rules: 1079
BenchmarkHTTPHandler/without_cure-8 77524804 39.08 ns/op 64 B/op 2 allocs/op
BenchmarkHTTPHandler/with_cure-8 46275 77259 ns/op 10964 B/op 28 allocs/op
```
标签:AppImage, EVTX分析, Go语言, WAF, Web应用防火墙, YARA, 云资产可视化, 日志审计, 程序破解, 网络中间件