From f25fdecc3fb890f9410f6ff9ac42f3b7c40e12d7 Mon Sep 17 00:00:00 2001 From: "Thibault \"bui\" Koechlin" Date: Wed, 18 Jan 2023 14:50:03 +0100 Subject: [PATCH] normalize scopes for alerts and decisions (#2001) * normalize scopes for alerts and decisions --- pkg/apiserver/controllers/v1/alerts.go | 28 +++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/pkg/apiserver/controllers/v1/alerts.go b/pkg/apiserver/controllers/v1/alerts.go index 1b227ff9c..eebbe4d8b 100644 --- a/pkg/apiserver/controllers/v1/alerts.go +++ b/pkg/apiserver/controllers/v1/alerts.go @@ -6,6 +6,7 @@ import ( "net" "net/http" "strconv" + "strings" "time" jwt "github.com/appleboy/gin-jwt/v2" @@ -13,6 +14,7 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/csplugin" "github.com/crowdsecurity/crowdsec/pkg/database/ent" "github.com/crowdsecurity/crowdsec/pkg/models" + "github.com/crowdsecurity/crowdsec/pkg/types" "github.com/gin-gonic/gin" "github.com/go-openapi/strfmt" log "github.com/sirupsen/logrus" @@ -112,6 +114,21 @@ func (c *Controller) sendAlertToPluginChannel(alert *models.Alert, profileID uin } } +func normalizeScope(scope string) string { + switch strings.ToLower(scope) { + case "ip": + return types.Ip + case "range": + return types.Range + case "as": + return types.AS + case "country": + return types.Country + default: + return scope + } +} + // CreateAlert writes the alerts received in the body to the database func (c *Controller) CreateAlert(gctx *gin.Context) { @@ -131,6 +148,16 @@ func (c *Controller) CreateAlert(gctx *gin.Context) { } stopFlush := false for _, alert := range input { + //normalize scope for alert.Source and decisions + if alert.Source.Scope != nil { + *alert.Source.Scope = normalizeScope(*alert.Source.Scope) + } + for _, decision := range alert.Decisions { + if decision.Scope != nil { + *decision.Scope = normalizeScope(*decision.Scope) + } + } + alert.MachineID = machineID if len(alert.Decisions) != 0 { for pIdx, profile := range c.Profiles { @@ -268,7 +295,6 @@ func (c *Controller) DeleteAlertByID(gctx *gin.Context) { gctx.JSON(http.StatusOK, deleteAlertResp) } - // DeleteAlerts deletes alerts from the database based on the specified filter func (c *Controller) DeleteAlerts(gctx *gin.Context) { incomingIP := gctx.ClientIP()