beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1589 commits 83 branches 177 tags 151 MiB
Commit graph

704 commits

Author SHA1 Message Date
mmetc 6ffb68322f
pkg/hubtest: split hubtest_item.go (#2753) 
* split hubtest_item.go, update linter config
* extract loops to methods
* split installParser
* split installScenario
* split installPostoverflow
* split installAppsecRule
* generalize method installHubItems()
 2024-01-18 11:09:14 +01:00
mmetc d760b401e6
apiclient: split auth_key, auth_retry, auth_jwt (#2743) 2024-01-17 15:08:41 +01:00
Laurence Jones 4df4e5b3bf
[parser/scenarios] defer yaml file closure (#2689) 
* Defer close the fd's
* Convert fatals into return with errors
 2024-01-17 12:09:01 +01:00
AlteredCoder 70e8377c0d
Fix appsec evt send order (#2749) 2024-01-17 11:59:31 +01:00
Thibault "bui" Koechlin 685cda545b
fix the reload process for appsec (#2750) 2024-01-17 11:54:44 +01:00
AlteredCoder a52f1b75ff
Don't close the body of the request (#2747) 2024-01-16 17:23:35 +01:00
mmetc 08794c5b6d
[appsec] waf tester (#2746) 2024-01-16 11:39:23 +01:00
AlteredCoder a65223aa5b
Add original http request to hooks (#2740) 2024-01-16 10:33:44 +01:00
mmetc 24b5e8f100
Fix #2733 "cscli hang forever when i try to delete a decision" (#2745) 2024-01-16 09:16:21 +01:00
mmetc c6e4762f28
apiserver: remove cached field isEnrolled (#2744) 
not worth it just to avoid parsing a string twice
 2024-01-16 09:14:33 +01:00
blotus 6acbcb0a33
Various appsec fixes (#2742) 2024-01-15 16:38:11 +01:00
blotus e452dc80bd
ignore native modsec rules that were either pass or allow (#2684) 2024-01-15 15:12:02 +01:00
blotus fd309134a2
log death reason of file reader if available (#2721) 2024-01-15 15:00:49 +01:00
mmetc 48f011dc1c
apiclient/apiserver: lint/2 (#2741) 2024-01-15 12:38:31 +01:00
mmetc 75d8ad9798
apiclient/apiserver: lint (#2739) 2024-01-15 11:44:38 +01:00
Thibault "bui" Koechlin 6ca053ca67
fix #2720 #2719 (#2724) 
* fix order of display of parsers

* add a --no-clean opt
 2024-01-15 09:16:03 +01:00
mmetc 1e0bcedef5
Ignore missing console/context.yaml if not explicitly required by config.yaml (#2726) 2024-01-12 16:29:04 +01:00
mmetc 733f5e165b
csprofiles: fix default decision duration, lint (#2703) 
* return nil with errors
* errors.Wrap -> fmt.Errorf
* var -> const
* fix default decision duration
* lint (whitespace)
 2024-01-12 15:18:59 +01:00
mmetc fca8883cd9
cscli capi status -> message for missing credentials (#2730) 
* cscli capi status -> message for missing credentials
* lint
 2024-01-12 14:41:36 +01:00
Thibault "bui" Koechlin 896dfefcdf
[appsec] implement count transformation (#2698) 
* implement count transfo
 2024-01-12 14:30:08 +01:00
mmetc 6960419a2e
Remove redundant file check for capi_whitelists_path (#2728) 2024-01-12 14:17:01 +01:00
Thibault "bui" Koechlin adba4e2a2f
fix multizone multivar (#2727) 2024-01-12 10:11:13 +01:00
mmetc 260f5a7992
pkg/cwhub: improve error messages (#2712) 
* pkg/cwhub: improve error messages
* lint
 2024-01-11 10:28:58 +01:00
mmetc 437a97510a
apiclient: handle 0-byte error response (#2716) 
* apiclient: correctly handle 0-byte response
* lint
 2024-01-10 12:00:22 +01:00
mmetc f306d59016
logging: full timestamp with timezone in crowdsec.log (#2707) 
RFC3339 = "2006-01-02T15:04:05Z07:00" (same as /var/log/syslog)
 2024-01-08 21:20:25 +01:00
mmetc 5622ac8338
CI: enable testifylint (#2696) 
- reverse actual and expected values
 - use assert.False, assert.True
 - use assert.Len, assert.Emtpy
 - use require.Error, require.NoError
 - use assert.InDelta
 2024-01-05 15:26:13 +01:00
mmetc da746f77d5
apiserver/apiclient: compact tests (#2694) 
* apiserver/apiclient: compact tests
* update golangci-lint configuration
 2024-01-04 17:10:36 +01:00
Thibault "bui" Koechlin 1c03fbe99e
minor waf fixes (#2693) 2024-01-03 17:19:48 +01:00
mmetc a504113186
lint (wsl) (#2692) 2024-01-03 10:55:41 +01:00
mmetc 2a2b09b52a
cwhub: install --force repair tainted, non-installed items (#2686) 2024-01-03 10:08:45 +01:00
mmetc ca784b147b
test and log fixes (#2690) 
* cscli inspect: suggest --diff if an item is tainted
* appropriate warning, or error if context configuration file is empty
* fix user/group lookup unit test
* fix: allow hub upgrade --force with local items
* fix pkg/parser lookup for 8.8.8.8
* fix func test
* fix hubtests: machines add --force
 2024-01-03 09:33:52 +01:00
blotus b6f272d09a
always set the transaction in the current request (#2682) 2023-12-22 11:44:06 +01:00
blotus a62e28fdfb
always set inband transaction even if we have no rules (#2681) 2023-12-22 10:18:35 +01:00
blotus 33e3fdabe4
Appsec additional fixes (#2676) 2023-12-21 11:51:04 +01:00
mmetc 6e34d609b7
cscli: silence cwhub logger for non-hub related commands (#2675) 2023-12-19 17:20:09 +01:00
mmetc 822fcdacbb
fflags: don't print deprecation warning if there is no message (papi) (#2666) 2023-12-18 09:35:57 +01:00
mmetc 08694adf1b
lint (errorlint) (#2644) 2023-12-18 09:35:28 +01:00
mmetc a79fcaf378
Add "taintedBy" and "--diff" flag to cscli... inspect (#2665) 
* "cscli inspect" reports tainted sub-items
* cscli... inspect --diff
* unified diff
* option --diff --rev
* tainted message
* correctly report multiple taint reasons
 2023-12-15 15:27:22 +01:00
blotus 9b07e1f7ce
update scenarios and parsers constraints (#2663) 2023-12-14 16:34:51 +01:00
AlteredCoder a941576acc
Improvement to run hubtest for appsec in docker (#2660) 2023-12-14 16:05:16 +01:00
mmetc 89f704ef18
light pkg/api{client,server} refact (#2659) 
* tests: don't run crowdsec if not necessary
* make listen_uri report the random port number when 0 is requested
* move apiserver.getTLSAuthType() -> csconfig.TLSCfg.GetAuthType()
* move apiserver.isEnrolled() -> apiclient.ApiClient.IsEnrolled()
* extract function apiserver.recoverFromPanic()
* simplify and move APIServer.GetTLSConfig() -> TLSCfg.GetTLSConfig()
* moved TLSCfg type to csconfig/tls.go
* APIServer.InitController(): early return / happy path
* extract function apiserver.newGinLogger()
* lapi tests
* update unit test
* lint (testify)
* lint (whitespace, variable names)
* update docker tests
 2023-12-14 14:54:11 +01:00
mmetc 67cdf91f94
Short build tag in version number (#2658) 
* use short commit hash in version number
* var -> const
* cscli: extract version.go, doc.go
* don't repeat commit hash in version number
 2023-12-14 09:16:38 +01:00
Thibault "bui" Koechlin 51f70e47e3
Minor improvements to hubtest and appsec component (#2656) 2023-12-13 17:45:56 +01:00
blotus 04f3dc09f9
remove PAPI feature flag (#2601) 2023-12-08 14:55:45 +01:00
AlteredCoder b1f85693c2
Appsec improvement and fixes after merge (#2645) 2023-12-08 10:25:00 +01:00
mmetc 4acb4f8df3
cwhub: context type (#2631) 
* add hub type "context"
* cscli lapi: log.Fatal -> fmt.Errorf; lint
* tests for context.yaml
* load console context from hub
* original & compiled context
* deprecate "cscli lapi context delete"
$ cscli lapi context delete
Command "delete" is deprecated, please manually edit the context file.
* cscli completion: add appsec-rules, appsec-configs, explain, hubtest
 2023-12-07 16:20:13 +01:00
Thibault "bui" Koechlin 8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00
mmetc 90d3a21853
CI: use go 1.21.5 (#2640) 
* use go 1.21.5
* Simpler go:build directives
 2023-12-06 12:38:36 +01:00
mmetc 1ab4487b65
cscli hub list: show only non-empty tables with -o human 
* agent config: remove unused LintOnly bool
* Item.IsLocal() -> Item.State.IsLocal(); split method InstallStatus()
* cscli hub list: show only non-empty tables with -o human
 2023-12-05 13:38:52 +01:00
mmetc 23968e472d
Refact bouncer auth (#2456) 
Co-authored-by: blotus <sebastien@crowdsec.net>
 2023-12-04 23:06:01 +01:00