beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

ci

Browse source
This commit is contained in:
bui 2024-01-16 09:52:47 +01:00
parent a021f8c972
commit ddecd27ec8
3 changed files with 36 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
pkg/acquisition/modules/appsec/appsec_test.go
View file

@ -43,7 +43,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -71,7 +71,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -101,7 +101,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -130,7 +130,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -159,7 +159,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -186,7 +186,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -213,7 +213,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -242,7 +242,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule42",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -270,7 +270,7 @@ func TestAppsecOnMatchHooks(t *testing.T) {
Name: "rule42",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -315,7 +315,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -343,7 +343,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -375,7 +375,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -403,7 +403,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -431,7 +431,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -459,7 +459,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -490,7 +490,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -517,7 +517,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -544,7 +544,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
Name: "rulez",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -588,7 +588,7 @@ func TestAppsecRuleMatches(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},
@ -617,7 +617,7 @@ func TestAppsecRuleMatches(t *testing.T) {
Name: "rule1",
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: appsec_rule.Match{Type: "regex", Value: "^toto"},
Match: appsec_rule.MatchRule{Type: "regex", Value: "^toto"},
Transform: []string{"lowercase"},
},
},

4
pkg/appsec/appsec_rule/appsec_rule.go
View file

@ -25,7 +25,7 @@ rules:
*/
type Match struct {
type MatchRule struct {
Type string `yaml:"type"`
Value string `yaml:"value"`
Not bool `yaml:"not,omitempty"`
@ -37,7 +37,7 @@ type CustomRule struct {
Zones []string `yaml:"zones"`
Variables []string `yaml:"variables"`
Match Match `yaml:"match"`
Match MatchRule `yaml:"match"`
Transform []string `yaml:"transform"` //t:lowercase, t:uppercase, etc
And []CustomRule `yaml:"and,omitempty"`
Or []CustomRule `yaml:"or,omitempty"`

28
pkg/appsec/appsec_rule/modsec_rule_test.go
View file

@ -13,7 +13,7 @@ func TestVPatchRuleString(t *testing.T) {
rule: CustomRule{
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z0-9]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
expected: `SecRule ARGS_GET:foo "@rx [^a-zA-Z]" "id:2203944045,phase:2,deny,log,msg:'Base Rule',tag:'crowdsec-Base Rule',t:lowercase"`,
@ -23,7 +23,7 @@ func TestVPatchRuleString(t *testing.T) {
rule: CustomRule{
Zones: []string{"ARGS"},
Variables: []string{"foo", "bar"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
expected: `SecRule ARGS_GET:foo|ARGS_GET:bar "@rx [^a-zA-Z]" "id:385719930,phase:2,deny,log,msg:'One zone, multi var',tag:'crowdsec-One zone, multi var',t:lowercase"`,
@ -32,7 +32,7 @@ func TestVPatchRuleString(t *testing.T) {
name: "Base Rule #2",
rule: CustomRule{
Zones: []string{"METHOD"},
Match: Match{Type: "startsWith", Value: "toto"},
Match: MatchRule{Type: "startsWith", Value: "toto"},
},
expected: `SecRule REQUEST_METHOD "@beginsWith toto" "id:2759779019,phase:2,deny,log,msg:'Base Rule #2',tag:'crowdsec-Base Rule #2'"`,
},
@ -40,7 +40,7 @@ func TestVPatchRuleString(t *testing.T) {
name: "Base Negative Rule",
rule: CustomRule{
Zones: []string{"METHOD"},
Match: Match{Type: "startsWith", Value: "toto", Not: true},
Match: MatchRule{Type: "startsWith", Value: "toto", Not: true},
},
expected: `SecRule REQUEST_METHOD "!@beginsWith toto" "id:3966251995,phase:2,deny,log,msg:'Base Negative Rule',tag:'crowdsec-Base Negative Rule'"`,
},
@ -49,7 +49,7 @@ func TestVPatchRuleString(t *testing.T) {
rule: CustomRule{
Zones: []string{"ARGS", "BODY_ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
expected: `SecRule ARGS_GET:foo|ARGS_POST:foo "@rx [^a-zA-Z]" "id:3387135861,phase:2,deny,log,msg:'Multiple Zones',tag:'crowdsec-Multiple Zones',t:lowercase"`,
@ -59,7 +59,7 @@ func TestVPatchRuleString(t *testing.T) {
rule: CustomRule{
Zones: []string{"ARGS", "BODY_ARGS"},
Variables: []string{"foo", "bar"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
expected: `SecRule ARGS_GET:foo|ARGS_GET:bar|ARGS_POST:foo|ARGS_POST:bar "@rx [^a-zA-Z]" "id:1119773585,phase:2,deny,log,msg:'Multiple Zones Multi Var',tag:'crowdsec-Multiple Zones Multi Var',t:lowercase"`,
@ -68,7 +68,7 @@ func TestVPatchRuleString(t *testing.T) {
name: "Multiple Zones No Vars",
rule: CustomRule{
Zones: []string{"ARGS", "BODY_ARGS"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
expected: `SecRule ARGS_GET|ARGS_POST "@rx [^a-zA-Z]" "id:2020110336,phase:2,deny,log,msg:'Multiple Zones No Vars',tag:'crowdsec-Multiple Zones No Vars',t:lowercase"`,
@ -81,13 +81,13 @@ func TestVPatchRuleString(t *testing.T) {
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
{
Zones: []string{"ARGS"},
Variables: []string{"bar"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
},
@ -102,13 +102,13 @@ SecRule ARGS_GET:bar "@rx [^a-zA-Z]" "id:1865217529,phase:2,deny,log,msg:'Basic
{
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
{
Zones: []string{"ARGS"},
Variables: []string{"bar"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
},
@ -123,19 +123,19 @@ SecRule ARGS_GET:bar "@rx [^a-zA-Z]" "id:271441587,phase:2,deny,log,msg:'Basic O
{
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
Or: []CustomRule{
{
Zones: []string{"ARGS"},
Variables: []string{"foo"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
{
Zones: []string{"ARGS"},
Variables: []string{"bar"},
Match: Match{Type: "regex", Value: "[^a-zA-Z]"},
Match: MatchRule{Type: "regex", Value: "[^a-zA-Z]"},
Transform: []string{"lowercase"},
},
},