From bc3a179af9202963a180aaadb92a88d42443009a Mon Sep 17 00:00:00 2001
From: blotus <sebastien@crowdsec.net>
Date: Thu, 14 Dec 2023 16:54:12 +0100
Subject: [PATCH] Add env vars to install/remove appsec-{configs,rules} in
 docker image (#2664)

---
 docker/README.md       |  6 +++++-
 docker/docker_start.sh | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/docker/README.md b/docker/README.md
index 84e65ec07..928ed39a7 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -321,11 +321,15 @@ config.yaml) each time the container is run.
 | `SCENARIOS`             | | Scenarios to install, separated by space |
 | `POSTOVERFLOWS`         | | Postoverflows to install, separated by space |
 | `CONTEXTS`              | | Context files to install, separated by space |
+| `APPSEC_CONFIGS`        | | Appsec configs files to install, separated by space |
+| `APPSEC_RULES`          | | Appsec rules files to install, separated by space |
 | `DISABLE_COLLECTIONS`   | | Collections to remove, separated by space: `-e DISABLE_COLLECTIONS="crowdsecurity/linux crowdsecurity/nginx"` |
 | `DISABLE_PARSERS`       | | Parsers to remove, separated by space |
 | `DISABLE_SCENARIOS`     | | Scenarios to remove, separated by space |
 | `DISABLE_POSTOVERFLOWS` | | Postoverflows to remove, separated by space |
-| `DISABLE_POSTOVERFLOWS` | | Context files to remove, separated by space |
+| `DISABLE_CONTEXTS`      | | Context files to remove, separated by space |
+| `DISABLE_APPSEC_CONFIGS`| | Appsec configs files to remove, separated by space |
+| `DISABLE_APPSEC_RULES`  | | Appsec rules files to remove, separated by space |
 |                         | | |
 | __Log verbosity__       | | |
 | `LEVEL_INFO`            | false | Force INFO level for the container log |
diff --git a/docker/docker_start.sh b/docker/docker_start.sh
index 3a1dae76a..55077b4d5 100755
--- a/docker/docker_start.sh
+++ b/docker/docker_start.sh
@@ -333,6 +333,16 @@ if [ "$CONTEXTS" != "" ]; then
     cscli_if_clean contexts install "$(difference "$CONTEXTS" "$DISABLE_CONTEXTS")"
 fi
 
+if [ "$APPSEC_CONFIGS" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-configs install "$(difference "$APPSEC_CONFIGS" "$DISABLE_APPSEC_CONFIGS")"
+fi
+
+if [ "$APPSEC_RULES" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-rules install "$(difference "$APPSEC_RULES" "$DISABLE_APPSEC_RULES")"
+fi
+
 ## Remove collections, parsers, scenarios & postoverflows
 if [ "$DISABLE_COLLECTIONS" != "" ]; then
     # shellcheck disable=SC2086
@@ -359,6 +369,16 @@ if [ "$DISABLE_CONTEXTS" != "" ]; then
     cscli_if_clean contexts remove "$DISABLE_CONTEXTS" --force
 fi
 
+if [ "$DISABLE_APPSEC_CONFIGS" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-configs remove "$DISABLE_APPSEC_CONFIGS" --force
+fi
+
+if [ "$DISABLE_APPSEC_RULES" != "" ]; then
+    # shellcheck disable=SC2086
+    cscli_if_clean appsec-rules remove "$DISABLE_APPSEC_RULES" --force
+fi
+
 ## Register bouncers via env
 for BOUNCER in $(compgen -A variable | grep -i BOUNCER_KEY); do
     KEY=$(printf '%s' "${!BOUNCER}")