Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tilsor/ModSecIntl_wace_lib/llms.txt

Use this file to discover all available pages before exploring further.

The pluginmanager package defines the data types that flow between the WACElib core and the loaded .so plugins. These structs are used both as function arguments when calling plugin entry points and as message payloads when routing traffic through NATS for async or remote-sync execution. You will use these types when constructing payloads to pass to wace.Analyze and when implementing plugin interfaces.

HTTPHeader

A single HTTP header key-value pair. 
type HTTPHeader struct {
    Key   string
    Value string
}
Key
string
required
Header name, e.g. "Content-Type" or "User-Agent".
Value
string
required
Header value, e.g. "application/json".

HTTPPayload

Represents the full HTTP transaction data available at a given processing phase. Populate only the fields that are available for the current phase; unused fields remain at their zero values. 
type HTTPPayload struct {
    URI              string
    Method           string
    HTTPVersion      string
    RequestHeaders   []HTTPHeader
    RequestBody      string
    ResponseProtocol string
    ResponseCode     int
    ResponseHeaders  []HTTPHeader
    ResponseBody     string
}
URI
string
Request URI, e.g. "/cgi-bin/process.cgi".
Method
string
HTTP request method, e.g. "GET" or "POST".
HTTPVersion
string
HTTP version string, e.g. "HTTP/1.1".
RequestHeaders
[]HTTPHeader
Slice of request header key-value pairs.
RequestBody
string
Raw request body as a string.
ResponseProtocol
string
HTTP response protocol string, e.g. "HTTP/1.1".
ResponseCode
int
HTTP response status code, e.g. 200 or 404.
ResponseHeaders
[]HTTPHeader
Slice of response header key-value pairs.
ResponseBody
string
Raw response body as a string.

Example construction

payload := pluginmanager.HTTPPayload{
    URI:         "/api/v1/users",
    Method:      "POST",
    HTTPVersion: "HTTP/1.1",
    RequestHeaders: []pluginmanager.HTTPHeader{
        {Key: "User-Agent",   Value: "Mozilla/4.0 (compatible; MSIE5.01; Windows NT)"},
        {Key: "Host",         Value: "www.example.com"},
        {Key: "Content-Type", Value: "application/x-www-form-urlencoded"},
        {Key: "Connection",   Value: "Keep-Alive"},
    },
    RequestBody: "licenseID=string&content=string",
}

// Response-phase payload
responsePayload := pluginmanager.HTTPPayload{
    ResponseProtocol: "HTTP/1.1",
    ResponseCode:     200,
    ResponseHeaders: []pluginmanager.HTTPHeader{
        {Key: "Content-Type",   Value: "text/html"},
        {Key: "Content-Length", Value: "88"},
    },
    ResponseBody: "<html><body><h1>Hello</h1></body></html>",
}

ModelInput

The struct passed to a model plugin’s Process function and serialised as a NATS message payload for async and remote-sync plugins. 
type ModelInput struct {
    TransactionId string      `json:"transactionId"`
    Payload       HTTPPayload `json:"payload"`
}
TransactionId
string
required
The identifier of the transaction being scored.
Payload
HTTPPayload
required
The HTTP data to be analysed.

ModelResults

The struct returned by a model plugin’s Process function and stored per-model in the transaction results map. 
type ModelResults struct {
    ProbAttack float64                `json:"probattack"`
    Data       map[string]interface{} `json:"data"`
}
ProbAttack
float64
required
Probability that the transaction represents an attack. Expected range is [0.0, 1.0], where 1.0 indicates the highest certainty of malicious intent.
Data
map[string]interface{}
Optional additional metadata produced by the model, such as feature importance scores or raw logits. The decision plugin receives this map as part of DecisionInput.Results.

DecisionInput

The struct passed to a decision plugin’s CheckResults function. Assembled by the PluginManager from all model results collected for the transaction. 
type DecisionInput struct {
    TransactionId string
    Results       map[string]ModelResults
    ModelWeight   map[string]float64
    WAFdata       map[string]string
}
TransactionId
string
required
The identifier of the transaction being evaluated.
Results
map[string]ModelResults
required
Map from model plugin ID to that plugin’s ModelResults for this transaction. Contains one entry per model that completed successfully.
ModelWeight
map[string]float64
required
Map from model plugin ID to the weight declared in the configuration. Mirrors the keys of Results; used by the decision plugin when combining scores.
WAFdata
map[string]string
required
Key-value pairs from the WAF engine, forwarded unchanged from the wafParams argument of wace.CheckTransaction. Typically contains ModSecurity anomaly score keys such as COMBINED_SCORE, inbound_blocking, and inbound_threshold.

ModelStatus

An internal status struct used by the PluginManager to communicate the outcome of a single plugin execution back to the coordinating goroutine via a channel. 
type ModelStatus struct {
    ModelID    string
    ProbAttack float64
    Err        error
}
ModelID
string
ID of the model plugin that produced this status.
ProbAttack
float64
The ProbAttack value from the model’s ModelResults. Zero when Err is non-nil.
Err
error
Non-nil if the plugin failed to process the input. A non-nil error does not abort the transaction; WACElib logs the error and continues waiting for other plugins.
ModelStatus is used internally by the PluginManager and is not part of the plugin interface contract. Plugin authors receive and return ModelInput and ModelResults only.

Build docs developers (and LLMs) love

Get started for freeTalk to us