no need for any in helpers as we are not using expr.Function

pkg/acquisition/modules/waap/waap.go

@@ -364,8 +364,6 @@ func (w *WaapSource) waapHandler(rw http.ResponseWriter, r *http.Request) {
 		WafBlockCounter.With(prometheus.Labels{"source": parsedRequest.RemoteAddrNormalized, "waap_engine": parsedRequest.WaapEngine}).Inc()
 	}
 
-	w.logger.Infof("Response: %+v", response)
-
 	waapResponse := w.WaapRuntime.GenerateResponse(response)
 
 	rw.WriteHeader(waapResponse.HTTPStatus)

pkg/waf/waap.go

@@ -44,7 +44,7 @@ func (h *Hook) Build(hookStage int) error {
 	case hookOnMatch:
 		ctx = GetOnMatchEnv(&WaapRuntimeConfig{}, &ParsedRequest{}, types.Event{})
 	}
-	opts := GetExprWAFOptions(ctx)
+	opts := exprhelpers.GetExprOptions(ctx)
 	if h.Filter != "" {
 		program, err := expr.Compile(h.Filter, opts...) //FIXME: opts
 		if err != nil {
@@ -401,170 +401,130 @@ func (w *WaapRuntimeConfig) ProcessPostEvalRules(request *ParsedRequest) error {
 	return nil
 }
 
-/* @sbl / @tko
+func (w *WaapRuntimeConfig) RemoveInbandRuleByID(id int) error {
-add the helpers to:
- - remove by id-range
- - remove by tag
- - set remediation by tag/id-range
-
-*/
-
-// func (w *WaapRuntimeConfig) RemoveInbandRuleByID(id int) error {
-func (w *WaapRuntimeConfig) RemoveInbandRuleByID(params ...any) (any, error) {
-	id := params[0].(int)
 	w.Logger.Debugf("removing inband rule %d", id)
-	_ = w.InBandTx.RemoveRuleByIDWithError(id)
+	return w.InBandTx.RemoveRuleByIDWithError(id)
-	return nil, nil
 }
 
-// func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(id int) error {
+func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(id int) error {
-func (w *WaapRuntimeConfig) RemoveOutbandRuleByID(params ...any) (any, error) {
-	id := params[0].(int)
 	w.Logger.Debugf("removing outband rule %d", id)
-	_ = w.OutOfBandTx.RemoveRuleByIDWithError(id)
+	return w.OutOfBandTx.RemoveRuleByIDWithError(id)
-	return nil, nil
 }
 
-// func (w *WaapRuntimeConfig) RemoveInbandRuleByTag(tag string) error {
+func (w *WaapRuntimeConfig) RemoveInbandRuleByTag(tag string) error {
-func (w *WaapRuntimeConfig) RemoveInbandRuleByTag(params ...any) (any, error) {
-	tag := params[0].(string)
 	w.Logger.Debugf("removing inband rule with tag %s", tag)
-	_ = w.InBandTx.RemoveRuleByTagWithError(tag)
+	return w.InBandTx.RemoveRuleByTagWithError(tag)
-	return nil, nil
 }
 
-// func (w *WaapRuntimeConfig) RemoveOutbandRuleByTag(tag string) error {
+func (w *WaapRuntimeConfig) RemoveOutbandRuleByTag(tag string) error {
-func (w *WaapRuntimeConfig) RemoveOutbandRuleByTag(params ...any) (any, error) {
-	tag := params[0].(string)
 	w.Logger.Debugf("removing outband rule with tag %s", tag)
-	_ = w.OutOfBandTx.RemoveRuleByTagWithError(tag)
+	return w.OutOfBandTx.RemoveRuleByTagWithError(tag)
-	return nil, nil
 }
 
-// func (w *WaapRuntimeConfig) RemoveInbandRuleByName(name string) error {
+func (w *WaapRuntimeConfig) RemoveInbandRuleByName(name string) error {
-func (w *WaapRuntimeConfig) RemoveInbandRuleByName(params ...any) (any, error) {
+	tag := fmt.Sprintf("crowdsec-%s", name)
-	tag := fmt.Sprintf("crowdsec-%s", params[0].(string))
 	w.Logger.Debugf("removing inband rule %s", tag)
-	_ = w.InBandTx.RemoveRuleByTagWithError(tag)
+	return w.InBandTx.RemoveRuleByTagWithError(tag)
-	return nil, nil
 }
 
-// func (w *WaapRuntimeConfig) RemoveOutbandRuleByName(name string) error {
+func (w *WaapRuntimeConfig) RemoveOutbandRuleByName(name string) error {
-func (w *WaapRuntimeConfig) RemoveOutbandRuleByName(params ...any) (any, error) {
+	tag := fmt.Sprintf("crowdsec-%s", name)
-	tag := fmt.Sprintf("crowdsec-%s", params[0].(string))
 	w.Logger.Debugf("removing outband rule %s", tag)
-	_ = w.OutOfBandTx.RemoveRuleByTagWithError(tag)
+	return w.OutOfBandTx.RemoveRuleByTagWithError(tag)
-	return nil, nil
 }
 
-func (w *WaapRuntimeConfig) CancelEvent(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) CancelEvent() error {
 	w.Logger.Debugf("canceling event")
 	w.Response.SendEvent = false
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableInBandRuleByID(id int) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableInBandRuleByID(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableInBandRuleByID(id int) error {
-	w.DisabledInBandRuleIds = append(w.DisabledInBandRuleIds, params[0].(int))
+	w.DisabledInBandRuleIds = append(w.DisabledInBandRuleIds, id)
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableInBandRuleByName(name string) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableInBandRuleByName(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableInBandRuleByName(name string) error {
-	tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
+	tagValue := fmt.Sprintf("crowdsec-%s", name)
 	w.DisabledInBandRulesTags = append(w.DisabledInBandRulesTags, tagValue)
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableInBandRuleByTag(tag string) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableInBandRuleByTag(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableInBandRuleByTag(tag string) error {
-	w.DisabledInBandRulesTags = append(w.DisabledInBandRulesTags, params[0].(string))
+	w.DisabledInBandRulesTags = append(w.DisabledInBandRulesTags, tag)
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableOutBandRuleByID(id int) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableOutBandRuleByID(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableOutBandRuleByID(id int) error {
-	w.DisabledOutOfBandRuleIds = append(w.DisabledOutOfBandRuleIds, params[0].(int))
+	w.DisabledOutOfBandRuleIds = append(w.DisabledOutOfBandRuleIds, id)
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableOutBandRuleByName(name string) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableOutBandRuleByName(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableOutBandRuleByName(name string) error {
-	tagValue := fmt.Sprintf("crowdsec-%s", params[0].(string))
+	tagValue := fmt.Sprintf("crowdsec-%s", name)
 	w.DisabledOutOfBandRulesTags = append(w.DisabledOutOfBandRulesTags, tagValue)
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(tag string) error {
 // Disable a rule at load time, meaning it will not run for any request
-func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) DisableOutBandRuleByTag(tag string) error {
-	w.DisabledOutOfBandRulesTags = append(w.DisabledOutOfBandRulesTags, params[0].(string))
+	w.DisabledOutOfBandRulesTags = append(w.DisabledOutOfBandRulesTags, tag)
-	return nil, nil
+	return nil
 }
 
-func (w *WaapRuntimeConfig) SendEvent(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) SendEvent() error {
 	w.Logger.Debugf("sending event")
 	w.Response.SendEvent = true
-	return nil, nil
+	return nil
 }
 
-func (w *WaapRuntimeConfig) SendAlert(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) SendAlert() error {
 	w.Logger.Debugf("sending alert")
 	w.Response.SendAlert = true
-	return nil, nil
+	return nil
 }
 
-func (w *WaapRuntimeConfig) CancelAlert(params ...any) (any, error) {
+func (w *WaapRuntimeConfig) CancelAlert() error {
 	w.Logger.Debugf("canceling alert")
 	w.Response.SendAlert = false
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) SetActionByTag(tag string, action string) error {
+func (w *WaapRuntimeConfig) SetActionByTag(tag string, action string) error {
-func (w *WaapRuntimeConfig) SetActionByTag(params ...any) (any, error) {
 	if w.RemediationByTag == nil {
 		w.RemediationByTag = make(map[string]string)
 	}
-	tag := params[0].(string)
-	action := params[1].(string)
 	w.Logger.Debugf("setting action of %s to %s", tag, action)
 	w.RemediationByTag[tag] = action
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) SetActionByID(id int, action string) error {
+func (w *WaapRuntimeConfig) SetActionByID(id int, action string) error {
-func (w *WaapRuntimeConfig) SetActionByID(params ...any) (any, error) {
 	if w.RemediationById == nil {
 		w.RemediationById = make(map[int]string)
 	}
-	id := params[0].(int)
-	action := params[1].(string)
 	w.Logger.Debugf("setting action of %d to %s", id, action)
 	w.RemediationById[id] = action
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) SetActionByID(name string, action string) error {
+func (w *WaapRuntimeConfig) SetActionByName(name string, action string) error {
-func (w *WaapRuntimeConfig) SetActionByName(params ...any) (any, error) {
 	if w.RemediationByTag == nil {
 		w.RemediationByTag = make(map[string]string)
 	}
-	tag := fmt.Sprintf("crowdsec-%s", params[0].(string))
+	tag := fmt.Sprintf("crowdsec-%s", name)
-	action := params[1].(string)
 	w.Logger.Debugf("setting action of %s to %s", tag, action)
 	w.RemediationByTag[tag] = action
-	return nil, nil
+	return nil
 }
 
-// func (w *WaapRuntimeConfig) SetAction(action string) error {
+func (w *WaapRuntimeConfig) SetAction(action string) error {
-func (w *WaapRuntimeConfig) SetAction(params ...any) (any, error) {
 	//log.Infof("setting to %s", action)
-	action := params[0].(string)
 	w.Logger.Debugf("setting action to %s", action)
 	switch action {
 	case "allow":
@@ -579,18 +539,15 @@ func (w *WaapRuntimeConfig) SetAction(params ...any) (any, error) {
 	case "captcha":
 		w.Response.Action = action
 	default:
-		return nil, fmt.Errorf("unknown action %s", action)
+		return fmt.Errorf("unknown action %s", action)
 	}
-	return nil, nil
+	return nil
-
 }
 
-// func (w *WaapRuntimeConfig) SetHTTPCode(code int) error {
+func (w *WaapRuntimeConfig) SetHTTPCode(code int) error {
-func (w *WaapRuntimeConfig) SetHTTPCode(params ...any) (any, error) {
-	code := params[0].(int)
 	w.Logger.Debugf("setting http code to %d", code)
 	w.Response.HTTPResponseCode = code
-	return nil, nil
+	return nil
 }
 
 type BodyResponse struct {

pkg/waf/waf_expr_lib.go

@@ -1,11 +0,0 @@
-package waf
-
-//This is a copy paste from expr_lib.go, we probably want to only have one ?
-
-type exprCustomFunc struct {
-	name      string
-	function  func(params ...any) (any, error)
-	signature []interface{}
-}
-
-var exprFuncs = []exprCustomFunc{}

pkg/waf/waf_helpers.go

@@ -1,26 +1,10 @@
 package waf
 
 import (
-	"github.com/antonmedv/expr"
-	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
 	"github.com/crowdsecurity/crowdsec/pkg/types"
 )
 
-func GetExprWAFOptions(ctx map[string]interface{}) []expr.Option {
-	baseHelpers := exprhelpers.GetExprOptions(ctx)
-
-	for _, function := range exprFuncs {
-		baseHelpers = append(baseHelpers,
-			expr.Function(function.name,
-				function.function,
-				function.signature...,
-			))
-	}
-	return baseHelpers
-}
-
 func GetOnLoadEnv(w *WaapRuntimeConfig) map[string]interface{} {
-	//FIXME: use expr.Function instead of this
 	return map[string]interface{}{
 		"RemoveInBandRuleByID":    w.DisableInBandRuleByID,
 		"RemoveInBandRuleByTag":   w.DisableInBandRuleByTag,
@@ -35,7 +19,6 @@ func GetOnLoadEnv(w *WaapRuntimeConfig) map[string]interface{} {
 }
 
 func GetPreEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]interface{} {
-	//FIXME: use expr.Function instead of this
 	return map[string]interface{}{
 		"IsInBand":                request.IsInBand,
 		"IsOutBand":               request.IsOutBand,
@@ -52,7 +35,6 @@ func GetPreEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]inte
 }
 
 func GetPostEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]interface{} {
-	//FIXME: use expr.Function instead of this
 	return map[string]interface{}{
 		"IsInBand":    request.IsInBand,
 		"IsOutBand":   request.IsOutBand,
@@ -61,7 +43,6 @@ func GetPostEvalEnv(w *WaapRuntimeConfig, request *ParsedRequest) map[string]int
 }
 
 func GetOnMatchEnv(w *WaapRuntimeConfig, request *ParsedRequest, evt types.Event) map[string]interface{} {
-	//FIXME: use expr.Function instead of this
 	return map[string]interface{}{
 		"evt":            evt,
 		"req":            request,