1 year ago · e4dcdd2572
--- a/pkg/apiserver/apic.go
+++ b/pkg/apiserver/apic.go
@@ -43,8 +43,6 @@ const (
 
				 	metricsIntervalDelta   = time.Minute * 15
			
 
				 )
			
 
				 
			
 
				-var SCOPE_CAPI_ALIAS_ALIAS string = "crowdsecurity/community-blocklist" //we don't use "CAPI" directly, to make it less confusing for the user
			
 
				-
			
 
				 type apic struct {
			
 
				 	// when changing the intervals in tests, always set *First too
			
 
				 	// or they can be negative
			
@@ -776,14 +774,14 @@ func (a *apic) UpdateBlocklists(links *modelscapi.GetDecisionsStreamResponseLink
 
				 	for _, blocklist := range links.Blocklists {
			
 
				 		if err := a.updateBlocklist(defaultClient, blocklist, add_counters); err != nil {
			
 
				 			return err
			
 
				-		}	
			
 
				+		}
			
 
				 	}
			
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				 func setAlertScenario(alert *models.Alert, add_counters map[string]map[string]int, delete_counters map[string]map[string]int) {
			
 
				 	if *alert.Source.Scope == types.CAPIOrigin {
			
 
				-		*alert.Source.Scope = SCOPE_CAPI_ALIAS_ALIAS
			
 
				+		*alert.Source.Scope = types.CommunityBlocklistPullSourceScope
			
 
				 		alert.Scenario = ptr.Of(fmt.Sprintf("update : +%d/-%d IPs", add_counters[types.CAPIOrigin]["all"], delete_counters[types.CAPIOrigin]["all"]))
			
 
				 	} else if *alert.Source.Scope == types.ListOrigin {
			
 
				 		*alert.Source.Scope = fmt.Sprintf("%s:%s", types.ListOrigin, *alert.Scenario)
			
--- a/pkg/apiserver/apic_test.go
+++ b/pkg/apiserver/apic_test.go
@@ -689,7 +689,7 @@ func TestAPICWhitelists(t *testing.T) {
 
				 		alertScenario[alert.SourceScope]++
			
 
				 	}
			
 
				 	assert.Equal(t, 3, len(alertScenario))
			
 
				-	assert.Equal(t, 1, alertScenario[SCOPE_CAPI_ALIAS_ALIAS])
			
 
				+	assert.Equal(t, 1, alertScenario[types.CommunityBlocklistPullSourceScope])
			
 
				 	assert.Equal(t, 1, alertScenario["lists:blocklist1"])
			
 
				 	assert.Equal(t, 1, alertScenario["lists:blocklist2"])
			
 
				 
			
@@ -818,7 +818,7 @@ func TestAPICPullTop(t *testing.T) {
 
				 		alertScenario[alert.SourceScope]++
			
 
				 	}
			
 
				 	assert.Equal(t, 3, len(alertScenario))
			
 
				-	assert.Equal(t, 1, alertScenario[SCOPE_CAPI_ALIAS_ALIAS])
			
 
				+	assert.Equal(t, 1, alertScenario[types.CommunityBlocklistPullSourceScope])
			
 
				 	assert.Equal(t, 1, alertScenario["lists:blocklist1"])
			
 
				 	assert.Equal(t, 1, alertScenario["lists:blocklist2"])
			
 
				 
			
--- a/pkg/database/alerts.go
+++ b/pkg/database/alerts.go
@@ -859,8 +859,24 @@ func AlertPredicatesFromFilter(filter map[string][]string) ([]predicate.Alert, e
 
				 			predicates = append(predicates, alert.HasDecisionsWith(decision.OriginEQ(value[0])))
			
 
				 		case "include_capi": //allows to exclude one or more specific origins
			
 
				 			if value[0] == "false" {
			
 
				-				predicates = append(predicates, alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.CAPIOrigin))))
			
 
				-				predicates = append(predicates, alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.ListOrigin))))
			
 
				+				predicates = append(predicates, alert.And(
			
 
				+					//do not show alerts with active decisions having origin CAPI or lists
			
 
				+					alert.And(
			
 
				+						alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.CAPIOrigin))),
			
 
				+						alert.Not(alert.HasDecisionsWith(decision.OriginEQ(types.ListOrigin))),
			
 
				+					),
			
 
				+					alert.Not(
			
 
				+						alert.And(
			
 
				+							//do not show neither alerts with no decisions if the Source Scope is lists: or CAPI
			
 
				+							alert.Not(alert.HasDecisions()),
			
 
				+							alert.Or(
			
 
				+								alert.SourceScopeHasPrefix(types.ListOrigin+":"),
			
 
				+								alert.SourceScopeEQ(types.CommunityBlocklistPullSourceScope),
			
 
				+							),
			
 
				+						),
			
 
				+					),
			
 
				+				),
			
 
				+				)
			
 
				 
			
 
				 			} else if value[0] != "true" {
			
 
				 				log.Errorf("Invalid bool '%s' for include_capi", value[0])
			
--- a/pkg/types/constants.go
+++ b/pkg/types/constants.go
@@ -17,6 +17,7 @@ const ConsoleOrigin = "console"
 
				 const CscliImportOrigin = "cscli-import"
			
 
				 const ListOrigin = "lists"
			
 
				 const CAPIOrigin = "CAPI"
			
 
				+const CommunityBlocklistPullSourceScope = "crowdsecurity/community-blocklist"
			
 
				 
			
 
				 const DecisionTypeBan = "ban"