A Scala-based engine implementation of a subset of the OWASP/ModSecurity SecLang language that can run on the JVM. Built to efficiently execute the OWASP Core Rule Set (CRS) with user based customizations in highly concurrent and multi-tenant environments.
Add the following dependency to your build.sbt:
libraryDependencies += "com.cloud-apim" %% "seclang-engine" % "1.0.0"The library is cross-compiled for Scala 2.12 and 2.13.
To use snapshot versions, add the Sonatype snapshots repository:
resolvers += "Sonatype OSS Snapshots" at "https://s01.oss.sonatype.org/content/repositories/snapshots"
libraryDependencies += "com.cloud-apim" %% "seclang-engine" % "1.0.0-SNAPSHOT"For Maven projects, add to your pom.xml:
<dependency>
<groupId>com.cloud-apim</groupId>
<artifactId>seclang-engine_2.12</artifactId>
<version>1.0.0</version>
</dependency>For Gradle projects:
implementation 'com.cloud-apim:seclang-engine_2.12:1.0.0'- [-] Implement missing variables
- [-] Implement missing operators
- [-] Implement missing statements
- [-] Implement all actions besides blocking/passing ones
- [-] Implement transformation functions
- Implement phase processing logic
- Implement rule chaining and skip logic
- Implement fake file system access (for
xFromFileoperators likeipMatchFromFile,pmFromFile, etc.) - [-] Implement macro expansion
- [-] Implement transaction storage
- Integration mechanism (logger, http fetch, fs read/write, env, etc)
- Implement configuration options
- Support json
- Support local fs
- Support remote fs (HTTP/HTTPS)
- Support lists of locations
- Support splitted definitions with cache (cached CRS + cached Global + cached user specific config)
- parsing of ! in variables
- variable count
- variable key as regex
- implicit rx operator ? (not in crs, starting with ^)
- negating operators
- run actions
unimplemented statement DefaultAction
unimplemented statement DefaultAction
unimplemented operator: detectXSS
unimplemented operator: detectSQLi