From 393a8b8ef5ff9ed05b2a7ed1f872da0bb47f1e9d Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Mon, 4 Dec 2023 11:31:31 +0100 Subject: [PATCH] linting --- pkg/acquisition/modules/waap/waap.go | 2 +- pkg/hubtest/hubtest_item.go | 7 +++-- pkg/types/waap_event.go | 2 +- pkg/waf/coraza_logger.go | 5 +--- pkg/waf/request.go | 19 +++++++------ pkg/waf/waf_expr_lib.go | 42 +--------------------------- pkg/waf/waf_helpers.go | 13 --------- 7 files changed, 19 insertions(+), 71 deletions(-) diff --git a/pkg/acquisition/modules/waap/waap.go b/pkg/acquisition/modules/waap/waap.go index 1c8eb8be8..8830ef993 100644 --- a/pkg/acquisition/modules/waap/waap.go +++ b/pkg/acquisition/modules/waap/waap.go @@ -305,7 +305,7 @@ func (w *WaapSource) IsAuth(apiKey string) bool { Timeout: 200 * time.Millisecond, } - req, err := http.NewRequest("HEAD", w.lapiURL, nil) + req, err := http.NewRequest(http.MethodHead, w.lapiURL, nil) if err != nil { log.Errorf("Error creating request: %s", err) return false diff --git a/pkg/hubtest/hubtest_item.go b/pkg/hubtest/hubtest_item.go index 90cd3bd02..8e0bc1a20 100644 --- a/pkg/hubtest/hubtest_item.go +++ b/pkg/hubtest/hubtest_item.go @@ -581,14 +581,17 @@ func (t *HubTestItem) RunWithNucleiTemplate() error { //wait for the waap port to be available if _, err := IsAlive(DefaultWaapHost); err != nil { - return fmt.Errorf("Waap is down: %s", err) + return fmt.Errorf("waap is down: %s", err) } // check if the target is available nucleiTargetParsedURL, err := url.Parse(DefaultNucleiTarget) + if err != nil { + return fmt.Errorf("unable to parse target '%s': %s", DefaultNucleiTarget, err) + } nucleiTargetHost := nucleiTargetParsedURL.Host if _, err := IsAlive(nucleiTargetHost); err != nil { - return fmt.Errorf("Target is down: %s", err) + return fmt.Errorf("target is down: %s", err) } nucleiConfig := NucleiConfig{ diff --git a/pkg/types/waap_event.go b/pkg/types/waap_event.go index c0c89408e..9b64d8d7a 100644 --- a/pkg/types/waap_event.go +++ b/pkg/types/waap_event.go @@ -8,7 +8,7 @@ import ( /* 1. If user triggered a rule that is for a CVE, that has high confidence and that is blocking, ban - 2. If user triggered 3 distinct rules with medium confidence accross 3 different requests, ban + 2. If user triggered 3 distinct rules with medium confidence across 3 different requests, ban any(evt.Waf.ByTag("CVE"), {.confidence == "high" && .action == "block"}) diff --git a/pkg/waf/coraza_logger.go b/pkg/waf/coraza_logger.go index 82e0a1697..d7e680c76 100644 --- a/pkg/waf/coraza_logger.go +++ b/pkg/waf/coraza_logger.go @@ -112,10 +112,7 @@ func (e *crzLogEvent) Stringer(key string, val fmt.Stringer) dbg.Event { } func (e crzLogEvent) IsEnabled() bool { - if e.muted { - return false - } - return true + return !e.muted } type crzLogger struct { diff --git a/pkg/waf/request.go b/pkg/waf/request.go index ecd8e6472..5e792a13b 100644 --- a/pkg/waf/request.go +++ b/pkg/waf/request.go @@ -281,22 +281,22 @@ func NewParsedRequestFromRequest(r *http.Request) (ParsedRequest, error) { // the real source of the request is set in 'x-client-ip' clientIP := r.Header.Get(IPHeaderName) if clientIP == "" { - return ParsedRequest{}, fmt.Errorf("Missing '%s' header", IPHeaderName) + return ParsedRequest{}, fmt.Errorf("missing '%s' header", IPHeaderName) } // the real target Host of the request is set in 'x-client-host' clientHost := r.Header.Get(HostHeaderName) if clientHost == "" { - return ParsedRequest{}, fmt.Errorf("Missing '%s' header", HostHeaderName) + return ParsedRequest{}, fmt.Errorf("missing '%s' header", HostHeaderName) } // the real URI of the request is set in 'x-client-uri' clientURI := r.Header.Get(URIHeaderName) if clientURI == "" { - return ParsedRequest{}, fmt.Errorf("Missing '%s' header", URIHeaderName) + return ParsedRequest{}, fmt.Errorf("missing '%s' header", URIHeaderName) } // the real VERB of the request is set in 'x-client-uri' clientMethod := r.Header.Get(VerbHeaderName) if clientMethod == "" { - return ParsedRequest{}, fmt.Errorf("Missing '%s' header", VerbHeaderName) + return ParsedRequest{}, fmt.Errorf("missing '%s' header", VerbHeaderName) } // delete those headers before coraza process the request @@ -310,18 +310,19 @@ func NewParsedRequestFromRequest(r *http.Request) (ParsedRequest, error) { return ParsedRequest{}, fmt.Errorf("unable to parse url '%s': %s", clientURI, err) } - RemoteAddrNormalized := "" + remoteAddrNormalized := "" host, _, err := net.SplitHostPort(r.RemoteAddr) if err != nil { log.Errorf("Invalid waap remote IP source %v: %s", r.RemoteAddr, err.Error()) - RemoteAddrNormalized = r.RemoteAddr + remoteAddrNormalized = r.RemoteAddr } else { ip := net.ParseIP(host) if ip == nil { log.Errorf("Invalid waap remote IP address source %v: %s", r.RemoteAddr, err.Error()) - RemoteAddrNormalized = r.RemoteAddr + remoteAddrNormalized = r.RemoteAddr + } else { + remoteAddrNormalized = ip.String() } - RemoteAddrNormalized = ip.String() } return ParsedRequest{ @@ -339,6 +340,6 @@ func NewParsedRequestFromRequest(r *http.Request) (ParsedRequest, error) { Args: parsedURL.Query(), //TODO: Check if there's not potential bypass as it excludes malformed args TransferEncoding: r.TransferEncoding, ResponseChannel: make(chan WaapTempResponse), - RemoteAddrNormalized: RemoteAddrNormalized, + RemoteAddrNormalized: remoteAddrNormalized, }, nil } diff --git a/pkg/waf/waf_expr_lib.go b/pkg/waf/waf_expr_lib.go index 23e2c711b..717b1bdff 100644 --- a/pkg/waf/waf_expr_lib.go +++ b/pkg/waf/waf_expr_lib.go @@ -8,44 +8,4 @@ type exprCustomFunc struct { signature []interface{} } -/* -func GetOnLoadEnv(w *WaapRuntimeConfig) map[string]interface{} { - return map[string]interface{}{ - "DisableInBandRuleByID": w.DisableInBandRuleByID, - "DisableOutBandRuleByID": w.DisableOutBandRuleByID, - "DisableInBandRuleByTag": w.DisableInBandRuleByTag, - "DisableOutBandRuleByTag": w.DisableOutBandRuleByTag, - } -} -*/ - -/*var onLoadExprFuncs = []exprCustomFunc{ - { - name: "DisableInBandRuleByID", - function: w.DisableInBandRuleByID, - signature: []interface{}{ - new(func(int) error), - }, - }, -}*/ - -var preEvalExprFuncs = []exprCustomFunc{} - -var onMatchExprFuncs = []exprCustomFunc{} - -var exprFuncs = []exprCustomFunc{ - /*{ - name: "SetRulesToInband", - function: SetRulesToInband, - signature: []interface{}{ - new(func() error), - }, - }, - { - name: "SetRulesToOutOfBand", - function: SetRulesToOutOfBand, - signature: []interface{}{ - new(func() error), - }, - },*/ -} +var exprFuncs = []exprCustomFunc{} diff --git a/pkg/waf/waf_helpers.go b/pkg/waf/waf_helpers.go index d485d59aa..137f8544b 100644 --- a/pkg/waf/waf_helpers.go +++ b/pkg/waf/waf_helpers.go @@ -6,19 +6,6 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/types" ) -var exprFunctionOptions []expr.Option - -func initWafHelpers() { - exprFunctionOptions = []expr.Option{} - for _, function := range exprFuncs { - exprFunctionOptions = append(exprFunctionOptions, - expr.Function(function.name, - function.function, - function.signature..., - )) - } -} - func GetExprWAFOptions(ctx map[string]interface{}) []expr.Option { baseHelpers := exprhelpers.GetExprOptions(ctx)