cnaize/cure

GitHub: cnaize/cure

Cure 是一个纯 Go 实现的轻量级 WAF,通过 YARA 规则以中间件方式为 Go Web 应用提供实时的恶意 HTTP 请求检测与拦截能力。

Stars: 0 | Forks: 0

# 治愈 `cure` — 基于 YARA 规则的纯 Go Web Application Firewall (WAF)(由 [Yargo](https://github.com/sansecio/yargo) 提供支持) ## 安装 ``` go get github.com/cnaize/cure ``` ## Web Frameworks 集成与手动扫描 ``` package main import ( "context" "errors" "net/http" "time" curec "github.com/cnaize/cure/core" curem "github.com/cnaize/cure/middleware" ) func main() { cure := curec.NewCure() // for native net/http, Chi, Echo, Fiber, etc. // or use r.Use(curem.NewCure(cure).GinHandler()) for Gin framework cwaf := curem.NewCure(cure).HTTPHandler // auto update rules _ = cure.Run(context.Background()) yourHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // you can also scan any raw data independently some := []byte("some data") err := cure.Scan(some, 0, time.Second, curec.DefaultCallback) if errors.Is(err, curec.ErrMatchFound) { w.WriteHeader(http.StatusBadRequest) return } // your business logic w.WriteHeader(http.StatusOK) }) mux := http.NewServeMux() // cure automatically scans incoming requests before passing control to your handler mux.Handle("/api/some", cwaf(yourHandler)) _ = http.ListenAndServe(":8080", mux) } ``` ## 自定义规则加载 ``` package main import ( "context" curec "github.com/cnaize/cure/core" cures "github.com/cnaize/cure/source" ) func main() { // supports both local/remote files and all kinds of archives via github.com/mholt/archives cure := curec.NewCure().WithSources( cures.NewLocal("./my-yara-rules.zip"), cures.NewRemote("https://my-company/rules.yar"), ) // manual rules update _ = cure.Update(context.Background()) } ``` ## 基准测试 ``` Rules: 1079 BenchmarkHTTPHandler/without_cure-8 77524804 39.08 ns/op 64 B/op 2 allocs/op BenchmarkHTTPHandler/with_cure-8 46275 77259 ns/op 10964 B/op 28 allocs/op ```
标签:AppImage, EVTX分析, Go语言, WAF, Web应用防火墙, YARA, 云资产可视化, 日志审计, 程序破解, 网络中间件