beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1600 commits 83 branches 177 tags 151 MiB
Commit graph

1600 commits

This branch
This branch
All branches
Author SHA1 Message Date
bui 0cebf833c7 add options via WaapConfig for inband and outofband engines 2023-10-26 14:46:08 +02:00
bui 82bb8a2789 no leak plz 2023-10-26 13:01:11 +02:00
bui f18b554177 warn at start if body reading is disabled 2023-10-26 12:45:59 +02:00
bui 6cbeefead6 up 2023-10-26 12:04:58 +02:00
bui e49f33b4a7 Merge branch 'coraza_poc_acquis' of github.com:crowdsecurity/crowdsec into coraza_poc_acquis 2023-10-26 12:04:12 +02:00
bui 46ae0b3822 properly set default log level 2023-10-26 12:03:57 +02:00
Sebastien Blot 676352b5b1
new custom rule format 2023-10-25 18:45:49 +02:00
bui 4bfca8cab5 fix meta encoding 2023-10-25 13:54:57 +02:00
bui eafffe7c94 up 2023-10-24 18:16:39 +02:00
bui 9edde09608 up 2023-10-24 18:16:30 +02:00
bui 1f3801f390 add the helpers and the type 2023-10-24 17:24:31 +02:00
bui c02c74b5fe shortcut for waap events 2023-10-24 17:24:16 +02:00
bui b2bb15bb49 generate a special event for waap 2023-10-24 17:23:46 +02:00
bui dd49620922 our shortcut for waap events 2023-10-24 17:23:29 +02:00
bui 685006508c make waap rules generate crowdsec events (again) 2023-10-24 13:43:27 +02:00
bui 03650401c5 default level 2023-10-24 10:57:22 +02:00
bui 00e1ffbf58 simplify a bit 2023-10-24 10:49:28 +02:00
bui bd9df8f480 logger 2023-10-23 10:59:02 +02:00
bui 1b9d8c8226 logger 2023-10-23 10:54:26 +02:00
bui c00b1abd72 logger 2023-10-23 10:54:11 +02:00
bui 2ff238d5f8 logger 2023-10-23 10:53:52 +02:00
bui dca6faab08 logger 2023-10-23 10:53:39 +02:00
bui b110c74487 allow description 2023-10-20 13:49:15 +02:00
bui 5dbc2758fa warn user when setting unexpected default_remediation 2023-10-20 13:32:20 +02:00
Sebastien Blot 0acda36d33
up 2023-10-20 11:58:57 +02:00
Sebastien Blot 1468bb9681
up 2023-10-19 17:25:48 +02:00
Sebastien Blot 68c78249d5
up 2023-10-19 17:20:33 +02:00
Sebastien Blot ef118a49ff
add waap-configs hub item 2023-10-19 16:53:00 +02:00
Sebastien Blot 15120a6d8f
merge hub-1.5.6 2023-10-19 14:19:37 +02:00
Sebastien Blot 350e8979b1
merge hub-1.5.6 branch 2023-10-19 12:18:16 +02:00
Marco Mariani b89c5652ca Merge branch 'master' into hub-1.5.6 2023-10-19 12:05:19 +02:00
mmetc 88e4f7c157
Refact pkg/csconfig, pkg/cwhub (#2555) 
* csconfig: drop redundant hub information on *Cfg structs
* rename validItemFileName() -> item.validPath()
* Methods on hub object
* updated tests to reduce need of csconfig.Config or global state
 2023-10-19 12:04:29 +02:00
Sebastien Blot ecbdf2f0e1
merge master branch 2023-10-19 10:51:54 +02:00
Sebastien Blot 2600ffbd19
delete coraza submodule 2023-10-19 10:25:55 +02:00
bui c89b42939e naming 2023-10-18 17:17:57 +02:00
bui 98fb84d3e7 be consistent : waap-rules 2023-10-18 17:11:43 +02:00
Sebastien Blot 511468b8fe
up 2023-10-18 13:42:56 +02:00
mmetc 57d3ebba12
typo (#2556) 2023-10-18 10:03:02 +02:00
mmetc be6555e46c
Refact pkg/csconfig, HubCfg (#2552) 
- rename csconfig.Hub -> HubCfg
 - move some Load*() functions to NewConfig()
 - config.yaml: optional common section
 - remove unused working_dir
 2023-10-18 09:38:33 +02:00
Laurence Jones d2d788c5dc
[hubtest] escpae scenario asssert meta keys (#2551) 2023-10-17 15:29:21 +01:00
mmetc 4eae40865e
HubIndex struct, comments, name changes (#2549) 
* pkg/cwhub: rename PARSERS_OVFLW -> POSTOVERFLOWS
* mostly comments, some light cleanup
* move type hubtest.HubIndex -> cwhub.HubIndex
* move and rename LoadPkgIndex -> ParseIndex
* move displaySummary(), skippedLocal, skippedTainted to HubIndex struct
 2023-10-17 16:17:37 +02:00
mmetc 810a8adcf0 fix build (#2548) 2023-10-17 16:12:41 +02:00
mmetc 325003bb69 Refact cscli item listing, tests (#2547) 
* hub diet; taint tests
* cmd/crowdsec-cli: split utils.go, moved cwhub.GetHubStatusForItemType()
* cscli: refactor hub list commands, fix edge cases
 2023-10-17 16:12:41 +02:00
mmetc f496bd1692 bats: more cscli hub tests (#2541) 
- updated logs and user messages
- added func tests for all the items: install, remove, upgrade, list
- rewritten taint tests for collections
- removed redundant csconfig.LoadPrometheus()
 2023-10-17 16:12:41 +02:00
mmetc a00bae6039 cmd/crowdsec-cli: remove global prometheusURL (#2542) 
* cmd/crowdsec-cli: remove global prometheusURL
* PrometheusUrl now includes the path (/metrics)
 2023-10-17 16:12:41 +02:00
mmetc 734ba46e6a Refact cscli hub/item commands (#2536) 
* log.Fatal -> fmt.Errorf
* lint cmd/crowdsec-cli hub items and split collection commands
* cscli collections: add examples
* cscli parsers: avoid globals
* cscli scenarios: avoid globals
* cscli collections, postoverflows: avoid globals
* cscli hub: avoid globals
* remove unused globals
 2023-10-17 16:12:41 +02:00
mmetc 7db5bf8979 pkg/csconfig: set prometheus address:port defaults (#2533) 
We set these default in one place (after loading the configuration)
instead of leaving that to both metric server and consumer.
 2023-10-17 16:12:41 +02:00
Thibault "bui" Koechlin a4dc5053d2
fix null deref in cti calls if key is empty (#2540) 
* fix null deref in cti calls if key is empty

* avoid hardcoded error check
 2023-10-17 09:34:53 +01:00
Sebastien Blot d3bb9f8ae1
up 2023-10-17 09:32:40 +02:00
Laurence Jones 19de3a8a77
Runtime whitelist parsing improvement (#2422) 
* Improve whitelist parsing

* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist

* No point passing clog as an argument since it is just a pointer to node we already know about

* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs

* reimplement early return if expr errors

* Fix lint and dont need to parse ip back to string just loop over sources

* Log error with node logger as it provides context

* Move getsource to a function cleanup some code

* Change func name

* Split out compile to a function so we can use in tests. Add a bunch of tests

* spell correction

* Use node logger so it has context

* alternative solution

* quick fixes

* Use containswls

* Change whitelist test to use parseipsource and only events

* Make it simpler

* Postoverflow tests, some basic ones to make sure it works

* Use official pkg

* Add @mmetc reco

* Add @mmetc reco

* Change if if to a switch to only evaluate once

* simplify assertions

---------

Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-10-16 10:08:57 +01:00