bui
c02c74b5fe
shortcut for waap events
2023-10-24 17:24:16 +02:00
bui
b2bb15bb49
generate a special event for waap
2023-10-24 17:23:46 +02:00
bui
685006508c
make waap rules generate crowdsec events (again)
2023-10-24 13:43:27 +02:00
bui
03650401c5
default level
2023-10-24 10:57:22 +02:00
bui
00e1ffbf58
simplify a bit
2023-10-24 10:49:28 +02:00
bui
bd9df8f480
logger
2023-10-23 10:59:02 +02:00
bui
1b9d8c8226
logger
2023-10-23 10:54:26 +02:00
bui
c00b1abd72
logger
2023-10-23 10:54:11 +02:00
bui
2ff238d5f8
logger
2023-10-23 10:53:52 +02:00
bui
dca6faab08
logger
2023-10-23 10:53:39 +02:00
mmetc
ac98256602
Refact pkg/cwhub, cmd/crowdsec-cli ( #2557 )
...
- pkg/cwhub: change file layout, rename functions
- method Item.SubItems
- cmd/crowdsec-cli: generic code for hub items
- cscli: removing any type of items in a collection now requires --force
- tests
2023-10-20 14:32:35 +02:00
bui
b110c74487
allow description
2023-10-20 13:49:15 +02:00
bui
5dbc2758fa
warn user when setting unexpected default_remediation
2023-10-20 13:32:20 +02:00
Sebastien Blot
0acda36d33
up
2023-10-20 11:58:57 +02:00
Sebastien Blot
1468bb9681
up
2023-10-19 17:25:48 +02:00
Sebastien Blot
68c78249d5
up
2023-10-19 17:20:33 +02:00
Sebastien Blot
ef118a49ff
add waap-configs hub item
2023-10-19 16:53:00 +02:00
Sebastien Blot
15120a6d8f
merge hub-1.5.6
2023-10-19 14:19:37 +02:00
Sebastien Blot
350e8979b1
merge hub-1.5.6 branch
2023-10-19 12:18:16 +02:00
Marco Mariani
b89c5652ca
Merge branch 'master' into hub-1.5.6
2023-10-19 12:05:19 +02:00
mmetc
88e4f7c157
Refact pkg/csconfig, pkg/cwhub ( #2555 )
...
* csconfig: drop redundant hub information on *Cfg structs
* rename validItemFileName() -> item.validPath()
* Methods on hub object
* updated tests to reduce need of csconfig.Config or global state
2023-10-19 12:04:29 +02:00
Sebastien Blot
ecbdf2f0e1
merge master branch
2023-10-19 10:51:54 +02:00
bui
c89b42939e
naming
2023-10-18 17:17:57 +02:00
bui
98fb84d3e7
be consistent : waap-rules
2023-10-18 17:11:43 +02:00
Sebastien Blot
511468b8fe
up
2023-10-18 13:42:56 +02:00
mmetc
57d3ebba12
typo ( #2556 )
2023-10-18 10:03:02 +02:00
mmetc
be6555e46c
Refact pkg/csconfig, HubCfg ( #2552 )
...
- rename csconfig.Hub -> HubCfg
- move some Load*() functions to NewConfig()
- config.yaml: optional common section
- remove unused working_dir
2023-10-18 09:38:33 +02:00
Laurence Jones
d2d788c5dc
[hubtest] escpae scenario asssert meta keys ( #2551 )
2023-10-17 15:29:21 +01:00
mmetc
4eae40865e
HubIndex struct, comments, name changes ( #2549 )
...
* pkg/cwhub: rename PARSERS_OVFLW -> POSTOVERFLOWS
* mostly comments, some light cleanup
* move type hubtest.HubIndex -> cwhub.HubIndex
* move and rename LoadPkgIndex -> ParseIndex
* move displaySummary(), skippedLocal, skippedTainted to HubIndex struct
2023-10-17 16:17:37 +02:00
mmetc
325003bb69
Refact cscli item listing, tests ( #2547 )
...
* hub diet; taint tests
* cmd/crowdsec-cli: split utils.go, moved cwhub.GetHubStatusForItemType()
* cscli: refactor hub list commands, fix edge cases
2023-10-17 16:12:41 +02:00
mmetc
f496bd1692
bats: more cscli hub tests ( #2541 )
...
- updated logs and user messages
- added func tests for all the items: install, remove, upgrade, list
- rewritten taint tests for collections
- removed redundant csconfig.LoadPrometheus()
2023-10-17 16:12:41 +02:00
mmetc
a00bae6039
cmd/crowdsec-cli: remove global prometheusURL ( #2542 )
...
* cmd/crowdsec-cli: remove global prometheusURL
* PrometheusUrl now includes the path (/metrics)
2023-10-17 16:12:41 +02:00
mmetc
734ba46e6a
Refact cscli hub/item commands ( #2536 )
...
* log.Fatal -> fmt.Errorf
* lint cmd/crowdsec-cli hub items and split collection commands
* cscli collections: add examples
* cscli parsers: avoid globals
* cscli scenarios: avoid globals
* cscli collections, postoverflows: avoid globals
* cscli hub: avoid globals
* remove unused globals
2023-10-17 16:12:41 +02:00
mmetc
7db5bf8979
pkg/csconfig: set prometheus address:port defaults ( #2533 )
...
We set these default in one place (after loading the configuration)
instead of leaving that to both metric server and consumer.
2023-10-17 16:12:41 +02:00
Thibault "bui" Koechlin
a4dc5053d2
fix null deref in cti calls if key is empty ( #2540 )
...
* fix null deref in cti calls if key is empty
* avoid hardcoded error check
2023-10-17 09:34:53 +01:00
Sebastien Blot
d3bb9f8ae1
up
2023-10-17 09:32:40 +02:00
Laurence Jones
19de3a8a77
Runtime whitelist parsing improvement ( #2422 )
...
* Improve whitelist parsing
* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist
* No point passing clog as an argument since it is just a pointer to node we already know about
* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs
* reimplement early return if expr errors
* Fix lint and dont need to parse ip back to string just loop over sources
* Log error with node logger as it provides context
* Move getsource to a function cleanup some code
* Change func name
* Split out compile to a function so we can use in tests. Add a bunch of tests
* spell correction
* Use node logger so it has context
* alternative solution
* quick fixes
* Use containswls
* Change whitelist test to use parseipsource and only events
* Make it simpler
* Postoverflow tests, some basic ones to make sure it works
* Use official pkg
* Add @mmetc reco
* Add @mmetc reco
* Change if if to a switch to only evaluate once
* simplify assertions
---------
Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-10-16 10:08:57 +01:00
Thibault "bui" Koechlin
3cd4847093
sort map keys when generating asserts ( #2494 )
...
* sort map keys when generating asserts
2023-10-16 09:54:19 +02:00
Laurence Jones
b2a6eb92bf
Dont create 3 maps just pass the same one to expr ( #2421 )
2023-10-13 22:35:30 +01:00
Laurence Jones
f0cda0406b
Load file only once if specified twice, and bail earlier if type is unknown ( #2419 )
2023-10-13 22:34:57 +01:00
Laurence Jones
ff7acd3347
Reset grokky once all patterns are compiled as we do not need to hold them in memoory ( #2420 )
2023-10-13 12:53:42 +01:00
mmetc
a6b55f2b5e
cscli config feeature-flags: point user to the right location of feature.yaml ( #2539 )
2023-10-13 09:52:51 +02:00
mmetc
3b1563a538
Refact cscli hub / pkg/cwhub (part 6) ( #2524 )
...
* hub.ConfigDir -> hub.InstallDir; hub.DataDir -> hub.InstallDataDir
* cleanup GetInstalledItemsAsString()
* lint: ReferenceMissingError -> ErrMissingReference
* lint: parent_dir -> parentDir
* link: export Walker type
* lint: return error last
* lint: shadow
* move around and group variable definitions
2023-10-09 21:33:35 +02:00
mmetc
0ecb6eefee
add missing scenarios in first login when authenticating with TLS ( #2454 )
...
* refact jwt:Authenticator
* include scenarios in first login request for machines with tlsAuth
* log.Printf -> log.Infof
* errors.Wrap -> fmt.Errorf
* don't override validation error
* fix test
2023-10-09 15:26:38 +02:00
Manuel Sabban
6e228f3f3f
pkg/cwhub: cleanup in argument call ( #2527 )
...
* cleanup in argument call
* update test as well
* cwhub_tests: reduce verbosity and use helpers
---------
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-10-09 13:26:34 +02:00
Laurence Jones
28238cb01f
reverse nil statement instead of else ( #2530 )
2023-10-09 11:36:05 +01:00
Laurence Jones
0dd22e8b93
convert ifelseif to switch ( #2529 )
2023-10-09 11:23:19 +01:00
mmetc
9ae8bd79c5
Refact pkg/csconfig tests ( #2526 )
...
* remove unused method
* whitespace, redundant comments
* use test helpers
* move DumpConsoleConfig() from pkg/csconfig to cscli
* package doc header
* var -> const
* rename ./tests -> ./testdata
* shorter tests with more error checks
* lint/formatting
* use helpers; fix tests that didn't actually test
* lint; rename expectedResult -> expected
2023-10-09 11:10:51 +02:00
blotus
6b5da29e3d
Use a default duration if no duration is provided in a profile ( #2520 )
2023-10-06 14:43:17 +02:00
Thibault "bui" Koechlin
6c20d38c41
ligten bucket logger ( #2523 )
2023-10-06 14:42:44 +02:00
mmetc
338141f067
Refact cscli hub / pkg/cwhub (part 5) ( #2521 )
...
* remove unused yaml tags
* cscli/cwhub: deduplicate, remove dead code
* log.Fatal -> fmt.Errorf
* deflate utils.go by moving functions to respective files
* indexOf() -> slices.Index()
* ItemStatus() + toEmoji() -> Item.status()
* Item.versionStatus()
* move getSHA256() to loader.go
2023-10-06 13:59:51 +02:00
mmetc
9235f55c47
Refact pkg/cwhub (part 4) ( #2518 )
...
* generalize function: GetInstalledItems, GetInstalledItemsAsString
* extracted function itemKey, happy path
* review comments / remove redundant; rename file to remove build tags
* remove unused fields in Item struct
* unix build tag
2023-10-05 09:35:03 +02:00
Sebastien Blot
92a3c4b2fb
up
2023-10-04 14:17:21 +02:00
mmetc
61d4ccbfdd
use go 1.21.1 ( #2418 )
...
* use go 1.21.1, require 1.21
* import "slices" from stdlib
* allow codeql to set version number from tags
* codeql: custom WASM build - the automated one can silently fail
2023-10-04 13:01:57 +02:00
mmetc
89028f17cf
Refact pkg/cwhub (part 3) ( #2516 )
...
* removed unused error; comment
* rename loop variables
* happy path
* rename loop variables
* extract function, method
* log.Printf -> log.Infof
* tests -> testdata
from "go help test":
The go tool will ignore a directory named "testdata", making it available
to hold ancillary data needed by the tests.
* align tags
* extract function toEmoji
2023-10-04 12:54:21 +02:00
mmetc
3253b16f0f
Refact pkg/cwhub (part 2) ( #2513 )
...
* remove globals for walker callback
* extract method getItemInfo()
* code dedup, if/else -> switch
* dedent: happy path
* remove target variable
2023-10-04 11:17:35 +02:00
mmetc
d39131d154
Refact pkg/cwhub (part 1) ( #2512 )
...
* wrap errors, whitespace
* remove named return
* reverse CheckSuffix logic, rename function
* drop redundant if/else, happy path
* log.Fatal -> fmt.Errorf
* simplify GetItemMap, AddItem
* var -> const
* removed short-lived vars
* de-duplicate function and reverse logic
2023-10-04 10:34:10 +02:00
Sebastien Blot
dd7fa82543
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
535738b962
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
d3ce4cbf8e
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
d5e0c8a36b
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
7fdd4d04fe
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
ca930cce09
wip
2023-10-04 10:25:32 +02:00
Sebastien Blot
502e21bc5b
wip
2023-10-04 10:25:31 +02:00
mmetc
8b5ad6990d
lint: pkg/cwhub ( #2510 )
...
no functional changes
- reformat
- comments
- whitespace
- removed a dot or two in log messages
- some "var x=y" -> x:=y
2023-10-03 11:20:56 +02:00
mmetc
6dadfcb2ef
refact: simplify hubtest CopyDir() ( #2509 )
2023-10-03 11:17:02 +02:00
mmetc
bfda483c0a
fix issue #2499 - nil dereference while using capi whitelists ( #2501 )
2023-10-02 11:42:17 +02:00
Laurence Jones
b8e6bd8c9a
[Explain] s02 can cause panic if empty ( #2486 )
...
* Add parsers length check as it can panic is enrich is empty
* Lets get smarter and loop backwards to find last successful stage
* Shorten code
---------
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-09-29 12:03:56 +01:00
mmetc
95ed308207
cscli setup: accept stdin; fix proftpd detection test and service unmask ( #2496 )
2023-09-29 12:58:35 +02:00
Thibault "bui" Koechlin
8f6659a2ec
fix the float comparison by using Abs(a,b) < 1e-6 approach (IEEE 754). Move the initializiation of expr helpers ( #2492 )
2023-09-28 17:22:00 +02:00
Laurence Jones
37c0c067a8
cscli hubtest whitelist ( #2479 )
...
* Initial tests
* Always print whitelist as we can compare if we mess up the opposite way
2023-09-20 16:42:19 +01:00
Thibault "bui" Koechlin
e4dcdd2572
fix include_capi filter ( #2478 )
2023-09-20 11:56:00 +02:00
mmetc
ac01faf483
strip '=' signs from encoded api keys ( #2472 )
...
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-09-19 14:00:23 +02:00
Thibault "bui" Koechlin
4c08e1e68c
exclude 'lists' too if we exclude CAPI ( #2474 )
2023-09-19 13:56:22 +02:00
mmetc
d5b6f2974b
Avoid sending nil body with metrics ( #2470 )
2023-09-19 13:53:50 +02:00
Laurence Jones
64deeab1ec
Fix PO expr whitelist ( #2471 )
2023-09-19 12:51:03 +01:00
bui
42341222df
up
2023-09-19 08:54:31 +02:00
bui
a8321b5cc5
up
2023-09-14 09:43:22 +02:00
bui
6a47b9e97d
up
2023-09-13 18:03:03 +02:00
bui
7081666199
up
2023-09-13 17:34:53 +02:00
bui
2e60e8021c
up wip
2023-09-13 17:12:09 +02:00
blotus
43ef32aa8d
Kafka acquisition: do not create empty events when a read error occurs ( #2466 )
2023-09-13 13:20:36 +02:00
bui
c435447d8e
up
2023-09-13 10:57:29 +02:00
bui
6930b1e3e5
up
2023-09-13 10:45:06 +02:00
bui
1286efc74f
up
2023-09-12 18:17:58 +02:00
Thibault "bui" Koechlin
0040569fa9
if 'include capi' is false, only exclude capi alerts instead of assuming they necessarily have attached decisions ( #2435 )
2023-09-12 11:19:36 +02:00
mmetc
d45bec4047
minor log message improvements ( #2455 )
2023-09-12 11:04:56 +02:00
bui
5a0b1b72d3
up
2023-09-12 10:42:28 +02:00
bui
1a5799e058
up
2023-09-12 09:45:14 +02:00
Thibault "bui" Koechlin
4e26e23725
Waap config ( #2460 )
...
* revamp wip
2023-09-11 10:35:14 +02:00
bui
24d2c264a7
clarify logging if triggering inband or outofband rules
2023-09-05 17:56:02 +02:00
mmetc
fd94e2c056
refactor alert/decisions insert/update to avoid database locking in bulk operations ( #2446 )
2023-09-04 14:21:45 +02:00
Laurence Jones
aff80a2863
Add html escape function so it can be invoked from template ( #2451 )
2023-09-04 09:49:39 +01:00
alteredCoder
0379574b14
support SSL for waf
2023-08-31 11:07:51 +02:00
mmetc
25868f27de
option db_client.decision_bulk_size ( #2440 )
2023-08-25 17:05:17 +02:00
mmetc
c588be0842
golangci-lint: use v1.54, remove unnecessary byte/string conversions ( #2438 )
2023-08-25 16:22:10 +02:00
alteredCoder
e0bd4dc928
fix linter
2023-08-24 12:11:54 +02:00
mmetc
2aa55e9444
move plugins/notifications/* to cmd/notification-* ( #2429 )
...
This ensures keeping all dependencies in sync, and simplifies
packaging under freebsd/gentoo/etc because there is a single
vendor directory.
2023-08-24 09:46:25 +02:00
mmetc
e36df40ba7
pkg/types cleanup ( #2398 )
...
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
2023-08-24 09:44:46 +02:00
Laurence Jones
86d9384954
Whitelist reason ( #2439 )
...
* Update node.go
Dont update whitelist reason if event is whitelisted
* oops
2023-08-23 14:51:37 +01:00