Skip to content

SusPatternsManager

The SusPatternsManager class manages suspicious patterns for security threat detection.

Class Definition

class SusPatternsManager:
    """
    A singleton class that manages suspicious patterns
    for security checks.
    """

Class Methods

add_pattern

@classmethod
async def add_pattern(
    cls,
    pattern: str,
    custom: bool = False
) -> None:
    """
    Add a new pattern to the detection system.
    """

remove_pattern

@classmethod
async def remove_pattern(
    cls,
    pattern: str,
    custom: bool = False
) -> bool:
    """
    Remove a pattern from the detection system.

    Returns:
        bool: True if pattern was successfully removed, False otherwise
    """

get_default_patterns

@classmethod
async def get_default_patterns(cls) -> list[str]:
    """
    Retrieve only the default patterns.

    Returns:
        list[str]: A list containing only default patterns.
    """

get_custom_patterns

@classmethod
async def get_custom_patterns(cls) -> list[str]:
    """
    Retrieve only the custom patterns.

    Returns:
        list[str]: A list containing only custom patterns.
    """

get_all_patterns

@classmethod
async def get_all_patterns(cls) -> list[str]:
    """
    Get all registered patterns (both default and custom).
    """

get_default_compiled_patterns

@classmethod
async def get_default_compiled_patterns(cls) -> list[re.Pattern]:
    """
    Retrieve only the default compiled patterns.

    Returns:
        list[re.Pattern]: A list containing only default compiled patterns.
    """

get_custom_compiled_patterns

@classmethod
async def get_custom_compiled_patterns(cls) -> list[re.Pattern]:
    """
    Retrieve only the custom compiled patterns.

    Returns:
        list[re.Pattern]: A list containing only custom compiled patterns.
    """

get_all_compiled_patterns

@classmethod
async def get_all_compiled_patterns(cls) -> list[re.Pattern]:
    """
    Get all compiled patterns (both default and custom).
    """

Pattern Synchronization

Custom patterns are stored in Redis when enabled:

# Add pattern to Redis
await SusPatternsManager.add_pattern(r"malicious.*", custom=True)

# Get patterns from Redis
patterns = await redis.get_key("patterns", "custom")

Usage Example

from guard.handlers.suspatterns_handler import SusPatternsManager

# Add custom pattern
await SusPatternsManager.add_pattern(
    r"malicious_pattern.*",
    custom=True
)

# Get default patterns only
default_patterns = await SusPatternsManager.get_default_patterns()

# Get custom patterns only
custom_patterns = await SusPatternsManager.get_custom_patterns()

# Get all patterns
all_patterns = await SusPatternsManager.get_all_patterns()

# Remove pattern (returns True if successfully removed)
success = await SusPatternsManager.remove_pattern(
    r"malicious_pattern.*",
    custom=True
)