8cca4346a5
Add a new datasource that: - Receives HTTP requests from remediation components - Apply rules on them to determine whether they are malicious or not - Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios) The PR also adds support for 2 new hub items: - appsec-configs: Configure the Application Security Engine (which rules to load, in which phase) - appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang) --------- Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Marco Mariani <marco@crowdsec.net>
106 lines
2.9 KiB
Go
106 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
"golang.org/x/text/cases"
|
|
"golang.org/x/text/language"
|
|
"gopkg.in/yaml.v3"
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/appsec"
|
|
"github.com/crowdsecurity/crowdsec/pkg/appsec/appsec_rule"
|
|
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
|
)
|
|
|
|
func NewAppsecConfigCLI() *itemCLI {
|
|
return &itemCLI{
|
|
name: cwhub.APPSEC_CONFIGS,
|
|
singular: "appsec-config",
|
|
oneOrMore: "appsec-config(s)",
|
|
help: cliHelp{
|
|
example: `cscli appsec-configs list -a
|
|
cscli appsec-configs install crowdsecurity/vpatch
|
|
cscli appsec-configs inspect crowdsecurity/vpatch
|
|
cscli appsec-configs upgrade crowdsecurity/vpatch
|
|
cscli appsec-configs remove crowdsecurity/vpatch
|
|
`,
|
|
},
|
|
installHelp: cliHelp{
|
|
example: `cscli appsec-configs install crowdsecurity/vpatch`,
|
|
},
|
|
removeHelp: cliHelp{
|
|
example: `cscli appsec-configs remove crowdsecurity/vpatch`,
|
|
},
|
|
upgradeHelp: cliHelp{
|
|
example: `cscli appsec-configs upgrade crowdsecurity/vpatch`,
|
|
},
|
|
inspectHelp: cliHelp{
|
|
example: `cscli appsec-configs inspect crowdsecurity/vpatch`,
|
|
},
|
|
listHelp: cliHelp{
|
|
example: `cscli appsec-configs list
|
|
cscli appsec-configs list -a
|
|
cscli appsec-configs list crowdsecurity/vpatch`,
|
|
},
|
|
}
|
|
}
|
|
|
|
func NewAppsecRuleCLI() *itemCLI {
|
|
inspectDetail := func(item *cwhub.Item) error {
|
|
appsecRule := appsec.AppsecCollectionConfig{}
|
|
yamlContent, err := os.ReadFile(item.State.LocalPath)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to read file %s : %s", item.State.LocalPath, err)
|
|
}
|
|
if err := yaml.Unmarshal(yamlContent, &appsecRule); err != nil {
|
|
return fmt.Errorf("unable to unmarshal yaml file %s : %s", item.State.LocalPath, err)
|
|
}
|
|
|
|
for _, ruleType := range appsec_rule.SupportedTypes() {
|
|
fmt.Printf("\n%s format:\n", cases.Title(language.Und, cases.NoLower).String(ruleType))
|
|
for _, rule := range appsecRule.Rules {
|
|
convertedRule, _, err := rule.Convert(ruleType, appsecRule.Name)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to convert rule %s : %s", rule.Name, err)
|
|
}
|
|
fmt.Println(convertedRule)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
return &itemCLI{
|
|
name: "appsec-rules",
|
|
singular: "appsec-rule",
|
|
oneOrMore: "appsec-rule(s)",
|
|
help: cliHelp{
|
|
example: `cscli appsec-rules list -a
|
|
cscli appsec-rules install crowdsecurity/crs
|
|
cscli appsec-rules inspect crowdsecurity/crs
|
|
cscli appsec-rules upgrade crowdsecurity/crs
|
|
cscli appsec-rules remove crowdsecurity/crs
|
|
`,
|
|
},
|
|
installHelp: cliHelp{
|
|
example: `cscli appsec-rules install crowdsecurity/crs`,
|
|
},
|
|
removeHelp: cliHelp{
|
|
example: `cscli appsec-rules remove crowdsecurity/crs`,
|
|
},
|
|
upgradeHelp: cliHelp{
|
|
example: `cscli appsec-rules upgrade crowdsecurity/crs`,
|
|
},
|
|
inspectHelp: cliHelp{
|
|
example: `cscli appsec-rules inspect crowdsecurity/crs`,
|
|
},
|
|
inspectDetail: inspectDetail,
|
|
listHelp: cliHelp{
|
|
example: `cscli appsec-rules list
|
|
cscli appsec-rules list -a
|
|
cscli appsec-rules list crowdsecurity/crs`,
|
|
},
|
|
}
|
|
}
|