преди 3 години · 4995cf1b02
--- a/common/defender.go
+++ b/common/defender.go
@@ -5,6 +5,7 @@ import (
 
				 	"fmt"
			
 
				 	"net"
			
 
				 	"os"
			
 
				+	"strings"
			
 
				 	"sync"
			
 
				 	"time"
			
 
				 
			
@@ -81,10 +82,16 @@ type DefenderConfig struct {
 
				 	// to return when you request for the entire host list from the defender
			
 
				 	EntriesSoftLimit int `json:"entries_soft_limit" mapstructure:"entries_soft_limit"`
			
 
				 	EntriesHardLimit int `json:"entries_hard_limit" mapstructure:"entries_hard_limit"`
			
 
				-	// Path to a file containing a list of ip addresses and/or networks to never ban
			
 
				+	// Path to a file containing a list of IP addresses and/or networks to never ban
			
 
				 	SafeListFile string `json:"safelist_file" mapstructure:"safelist_file"`
			
 
				-	// Path to a file containing a list of ip addresses and/or networks to always ban
			
 
				+	// Path to a file containing a list of IP addresses and/or networks to always ban
			
 
				 	BlockListFile string `json:"blocklist_file" mapstructure:"blocklist_file"`
			
 
				+	// List of IP addresses and/or networks to never ban.
			
 
				+	// For large lists prefer SafeListFile
			
 
				+	SafeList []string `json:"safelist" mapstructure:"safelist"`
			
 
				+	// List of IP addresses and/or networks to always ban.
			
 
				+	// For large lists prefer BlockListFile
			
 
				+	BlockList []string `json:"blocklist" mapstructure:"blocklist"`
			
 
				 }
			
 
				 
			
 
				 type baseDefender struct {
			
@@ -100,6 +107,7 @@ func (d *baseDefender) Reload() error {
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				+	blockList = addEntriesToList(d.config.BlockList, blockList, "blocklist")
			
 
				 
			
 
				 	d.Lock()
			
 
				 	d.blockList = blockList
			
@@ -109,6 +117,7 @@ func (d *baseDefender) Reload() error {
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				+	safeList = addEntriesToList(d.config.SafeList, safeList, "safelist")
			
 
				 
			
 
				 	d.Lock()
			
 
				 	d.safeList = safeList
			
@@ -256,7 +265,7 @@ func loadHostListFromFile(name string) (*HostList, error) {
 
				 		for _, cidrNet := range hostList.CIDRNetworks {
			
 
				 			_, network, err := net.ParseCIDR(cidrNet)
			
 
				 			if err != nil {
			
 
				-				logger.Warn(logSender, "", "unable to parse CIDR network %#v", cidrNet)
			
 
				+				logger.Warn(logSender, "", "unable to parse CIDR network %#v: %v", cidrNet, err)
			
 
				 				continue
			
 
				 			}
			
 
				 			err = result.Ranges.Insert(cidranger.NewBasicRangerEntry(*network))
			
@@ -272,3 +281,47 @@ func loadHostListFromFile(name string) (*HostList, error) {
 
				 
			
 
				 	return nil, nil
			
 
				 }
			
 
				+
			
 
				+func addEntriesToList(entries []string, hostList *HostList, listName string) *HostList {
			
 
				+	if len(entries) == 0 {
			
 
				+		return hostList
			
 
				+	}
			
 
				+
			
 
				+	if hostList == nil {
			
 
				+		hostList = &HostList{
			
 
				+			IPAddresses: make(map[string]bool),
			
 
				+			Ranges:      cidranger.NewPCTrieRanger(),
			
 
				+		}
			
 
				+	}
			
 
				+	ipCount := 0
			
 
				+	ipLoaded := 0
			
 
				+	cdrCount := 0
			
 
				+	cdrLoaded := 0
			
 
				+
			
 
				+	for _, entry := range entries {
			
 
				+		if strings.LastIndex(entry, "/") > 0 {
			
 
				+			cdrCount++
			
 
				+			_, network, err := net.ParseCIDR(entry)
			
 
				+			if err != nil {
			
 
				+				logger.Warn(logSender, "", "unable to parse CIDR network %#v: %v", entry, err)
			
 
				+				continue
			
 
				+			}
			
 
				+			err = hostList.Ranges.Insert(cidranger.NewBasicRangerEntry(*network))
			
 
				+			if err == nil {
			
 
				+				cdrLoaded++
			
 
				+			}
			
 
				+		} else {
			
 
				+			ipCount++
			
 
				+			if net.ParseIP(entry) == nil {
			
 
				+				logger.Warn(logSender, "", "unable to parse IP %#v", entry)
			
 
				+				continue
			
 
				+			}
			
 
				+			hostList.IPAddresses[entry] = true
			
 
				+			ipLoaded++
			
 
				+		}
			
 
				+	}
			
 
				+	logger.Info(logSender, "", "%s from config loaded, ip addresses loaded: %v/%v networks loaded: %v/%v",
			
 
				+		listName, ipLoaded, ipCount, cdrLoaded, cdrCount)
			
 
				+
			
 
				+	return hostList
			
 
				+}
			
--- a/common/defender_test.go
+++ b/common/defender_test.go
@@ -54,6 +54,8 @@ func TestBasicDefender(t *testing.T) {
 
				 		EntriesHardLimit:   2,
			
 
				 		SafeListFile:       "slFile",
			
 
				 		BlockListFile:      "blFile",
			
 
				+		SafeList:           []string{"192.168.1.3", "192.168.1.4", "192.168.9.0/24"},
			
 
				+		BlockList:          []string{"192.168.1.1", "192.168.1.2", "10.8.9.0/24"},
			
 
				 	}
			
 
				 
			
 
				 	_, err = newInMemoryDefender(config)
			
@@ -67,9 +69,13 @@ func TestBasicDefender(t *testing.T) {
 
				 
			
 
				 	defender := d.(*memoryDefender)
			
 
				 	assert.True(t, defender.IsBanned("172.16.1.1"))
			
 
				+	assert.True(t, defender.IsBanned("192.168.1.1"))
			
 
				 	assert.False(t, defender.IsBanned("172.16.1.10"))
			
 
				+	assert.False(t, defender.IsBanned("192.168.1.10"))
			
 
				 	assert.False(t, defender.IsBanned("10.8.2.3"))
			
 
				+	assert.False(t, defender.IsBanned("10.9.2.3"))
			
 
				 	assert.True(t, defender.IsBanned("10.8.0.3"))
			
 
				+	assert.True(t, defender.IsBanned("10.8.9.3"))
			
 
				 	assert.False(t, defender.IsBanned("invalid ip"))
			
 
				 	assert.Equal(t, 0, defender.countBanned())
			
 
				 	assert.Equal(t, 0, defender.countHosts())
			
@@ -80,8 +86,10 @@ func TestBasicDefender(t *testing.T) {
 
				 	assert.Error(t, err)
			
 
				 
			
 
				 	defender.AddEvent("172.16.1.4", HostEventLoginFailed)
			
 
				+	defender.AddEvent("192.168.1.4", HostEventLoginFailed)
			
 
				 	defender.AddEvent("192.168.8.4", HostEventUserNotFound)
			
 
				 	defender.AddEvent("172.16.1.3", HostEventLimitExceeded)
			
 
				+	defender.AddEvent("192.168.1.3", HostEventLimitExceeded)
			
 
				 	assert.Equal(t, 0, defender.countHosts())
			
 
				 
			
 
				 	testIP := "12.34.56.78"
			
@@ -364,6 +372,21 @@ func TestLoadHostListFromFile(t *testing.T) {
 
				 	assert.NoError(t, err)
			
 
				 }
			
 
				 
			
 
				+func TestAddEntriesToHostList(t *testing.T) {
			
 
				+	name := "testList"
			
 
				+	hostlist := addEntriesToList([]string{"192.168.6.1", "10.7.0.0/25"}, nil, name)
			
 
				+	require.NotNil(t, hostlist)
			
 
				+	assert.True(t, hostlist.isListed("192.168.6.1"))
			
 
				+	assert.False(t, hostlist.isListed("192.168.6.2"))
			
 
				+	assert.True(t, hostlist.isListed("10.7.0.28"))
			
 
				+	assert.False(t, hostlist.isListed("10.7.0.129"))
			
 
				+	// load invalid values
			
 
				+	hostlist = addEntriesToList([]string{"invalidip", "invalidnet/24"}, nil, name)
			
 
				+	require.NotNil(t, hostlist)
			
 
				+	assert.Len(t, hostlist.IPAddresses, 0)
			
 
				+	assert.Equal(t, 0, hostlist.Ranges.Len())
			
 
				+}
			
 
				+
			
 
				 func TestDefenderCleanup(t *testing.T) {
			
 
				 	d := memoryDefender{
			
 
				 		baseDefender: baseDefender{
			
--- a/common/protocol_test.go
+++ b/common/protocol_test.go
@@ -1,6 +1,7 @@
 
				 package common_test
			
 
				 
			
 
				 import (
			
 
				+	"bufio"
			
 
				 	"bytes"
			
 
				 	"crypto/rand"
			
 
				 	"fmt"
			
@@ -59,12 +60,13 @@ const (
 
				 var (
			
 
				 	allPerms        = []string{dataprovider.PermAny}
			
 
				 	homeBasePath    string
			
 
				+	logFilePath     string
			
 
				 	testFileContent = []byte("test data")
			
 
				 )
			
 
				 
			
 
				 func TestMain(m *testing.M) {
			
 
				 	homeBasePath = os.TempDir()
			
 
				-	logFilePath := filepath.Join(configDir, "common_test.log")
			
 
				+	logFilePath = filepath.Join(configDir, "common_test.log")
			
 
				 	logger.InitLogger(logFilePath, 5, 1, 28, false, false, zerolog.DebugLevel)
			
 
				 
			
 
				 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
			
@@ -263,6 +265,8 @@ func TestBaseConnection(t *testing.T) {
 
				 		assert.NoError(t, err)
			
 
				 		err = client.RemoveDirectory("missing")
			
 
				 		assert.Error(t, err)
			
 
				+	} else {
			
 
				+		printLatestLogs(10)
			
 
				 	}
			
 
				 
			
 
				 	_, err = httpdtest.RemoveUser(user, http.StatusOK)
			
@@ -291,6 +295,8 @@ func TestCheckFsAfterUpdate(t *testing.T) {
 
				 		defer client.Close()
			
 
				 		err = checkBasicSFTP(client)
			
 
				 		assert.Error(t, err)
			
 
				+	} else {
			
 
				+		printLatestLogs(10)
			
 
				 	}
			
 
				 	// update the user and login again, this time the home dir will be created
			
 
				 	_, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
			
@@ -3795,3 +3801,26 @@ func isDbDefenderSupported() bool {
 
				 		return false
			
 
				 	}
			
 
				 }
			
 
				+
			
 
				+func printLatestLogs(maxNumberOfLines int) {
			
 
				+	var lines []string
			
 
				+	f, err := os.Open(logFilePath)
			
 
				+	if err != nil {
			
 
				+		return
			
 
				+	}
			
 
				+	defer f.Close()
			
 
				+	scanner := bufio.NewScanner(f)
			
 
				+	for scanner.Scan() {
			
 
				+		lines = append(lines, scanner.Text()+"\r\n")
			
 
				+		for len(lines) > maxNumberOfLines {
			
 
				+			lines = lines[1:]
			
 
				+		}
			
 
				+	}
			
 
				+	if scanner.Err() != nil {
			
 
				+		logger.WarnToConsole("Unable to print latest logs: %v", scanner.Err())
			
 
				+		return
			
 
				+	}
			
 
				+	for _, line := range lines {
			
 
				+		logger.DebugToConsole(line)
			
 
				+	}
			
 
				+}
			
--- a/config/config.go
+++ b/config/config.go
@@ -188,6 +188,8 @@ func Init() {
 
				 				EntriesHardLimit:   150,
			
 
				 				SafeListFile:       "",
			
 
				 				BlockListFile:      "",
			
 
				+				SafeList:           []string{},
			
 
				+				BlockList:          []string{},
			
 
				 			},
			
 
				 			RateLimitersConfig: []common.RateLimiterConfig{defaultRateLimiter},
			
 
				 		},
			
@@ -1544,6 +1546,8 @@ func setViperDefaults() {
 
				 	viper.SetDefault("common.defender.entries_hard_limit", globalConf.Common.DefenderConfig.EntriesHardLimit)
			
 
				 	viper.SetDefault("common.defender.safelist_file", globalConf.Common.DefenderConfig.SafeListFile)
			
 
				 	viper.SetDefault("common.defender.blocklist_file", globalConf.Common.DefenderConfig.BlockListFile)
			
 
				+	viper.SetDefault("common.defender.safelist", globalConf.Common.DefenderConfig.SafeList)
			
 
				+	viper.SetDefault("common.defender.blocklist", globalConf.Common.DefenderConfig.BlockList)
			
 
				 	viper.SetDefault("sftpd.max_auth_tries", globalConf.SFTPD.MaxAuthTries)
			
 
				 	viper.SetDefault("sftpd.banner", globalConf.SFTPD.Banner)
			
 
				 	viper.SetDefault("sftpd.host_keys", globalConf.SFTPD.HostKeys)
			
--- a/docs/defender.md
+++ b/docs/defender.md
@@ -64,4 +64,6 @@ Here is a small example:
 
				 }
			
 
				 ```
			
 
				 
			
 
				+Small lists can also be set using the `safelist`/`blocklist` configuration parameters and or using environment variables. These lists will be merged with the ones specified via files, if any, so that you can set both.
			
 
				+
			
 
				 These list will be always loaded in memory (even if you use the `provider` driver) for faster lookups. The REST API queries "live" data and not these lists.
			
--- a/docs/full-configuration.md
+++ b/docs/full-configuration.md
@@ -90,6 +90,8 @@ The configuration file contains the following sections:
 
				     - `entries_hard_limit`, integer. The number of banned IPs and host scores kept in memory will vary between the soft and hard limit for `memory` driver. If you use the `provider` driver, this setting will limit the number of entries to return when you ask for the entire host list from the defender. Default: 150.
			
 
				     - `safelist_file`, string. Path to a file containing a list of ip addresses and/or networks to never ban.
			
 
				     - `blocklist_file`, string. Path to a file containing a list of ip addresses and/or networks to always ban. The lists can be reloaded on demand sending a `SIGHUP` signal on Unix based systems and a `paramchange` request to the running service on Windows. An host that is already banned will not be automatically unbanned if you put it inside the safe list, you have to unban it using the REST API.
			
 
				+    - `safelist`, list of IP addresses and/or IP ranges and/or networks to never ban. Invalid entries will be silently ignored. For large lists prefer `safelist_file`. `safelist` and `safelist_file` will be merged so that you can set both.
			
 
				+    - `blocklist`, list of IP addresses and/or IP ranges and/or networks to always ban. Invalid entries will be silently ignored.. For large lists prefer `blocklist_file`. `blocklist` and `blocklist_file` will be merged so that you can set both.
			
 
				   - `rate_limiters`, list of structs containing the rate limiters configuration. Take a look [here](./rate-limiting.md) for more details. Each struct has the following fields:
			
 
				     - `average`, integer. Average defines the maximum rate allowed. 0 means disabled. Default: 0
			
 
				     - `period`, integer. Period defines the period as milliseconds. The rate is actually defined by dividing average by period Default: 1000 (1 second).
			
--- a/go.mod
+++ b/go.mod
@@ -4,21 +4,21 @@ go 1.18
 
				 
			
 
				 require (
			
 
				 	cloud.google.com/go/storage v1.22.0
			
 
				-	github.com/Azure/azure-sdk-for-go/sdk/azcore v0.23.1
			
 
				-	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.0
			
 
				+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0
			
 
				+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
			
 
				 	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
			
 
				 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
			
 
				 	github.com/aws/aws-sdk-go-v2 v1.16.3
			
 
				-	github.com/aws/aws-sdk-go-v2/config v1.15.4
			
 
				+	github.com/aws/aws-sdk-go-v2/config v1.15.5
			
 
				 	github.com/aws/aws-sdk-go-v2/credentials v1.12.0
			
 
				 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4
			
 
				-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.9
			
 
				+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.10
			
 
				 	github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.13.4
			
 
				 	github.com/aws/aws-sdk-go-v2/service/s3 v1.26.9
			
 
				-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.6
			
 
				+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.7
			
 
				 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.4
			
 
				 	github.com/cockroachdb/cockroach-go/v2 v2.2.8
			
 
				-	github.com/coreos/go-oidc/v3 v3.1.0
			
 
				+	github.com/coreos/go-oidc/v3 v3.2.0
			
 
				 	github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001
			
 
				 	github.com/fclairamb/ftpserverlib v0.18.0
			
 
				 	github.com/fclairamb/go-log v0.3.0
			
@@ -34,18 +34,18 @@ require (
 
				 	github.com/hashicorp/go-plugin v1.4.4
			
 
				 	github.com/hashicorp/go-retryablehttp v0.7.1
			
 
				 	github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
			
 
				-	github.com/klauspost/compress v1.15.3
			
 
				+	github.com/klauspost/compress v1.15.4
			
 
				 	github.com/lestrrat-go/jwx v1.2.24
			
 
				 	github.com/lib/pq v1.10.5
			
 
				 	github.com/lithammer/shortuuid/v3 v3.0.7
			
 
				-	github.com/mattn/go-sqlite3 v1.14.12
			
 
				+	github.com/mattn/go-sqlite3 v1.14.13
			
 
				 	github.com/mhale/smtpd v0.8.0
			
 
				 	github.com/minio/sio v0.3.0
			
 
				 	github.com/otiai10/copy v1.7.0
			
 
				 	github.com/pires/go-proxyproto v0.6.2
			
 
				 	github.com/pkg/sftp v1.13.5-0.20220303113417-dcfc1d5e4162
			
 
				 	github.com/pquerna/otp v1.3.0
			
 
				-	github.com/prometheus/client_golang v1.12.1
			
 
				+	github.com/prometheus/client_golang v1.12.2
			
 
				 	github.com/robfig/cron/v3 v3.0.1
			
 
				 	github.com/rs/cors v1.8.2
			
 
				 	github.com/rs/xid v1.4.0
			
@@ -64,12 +64,12 @@ require (
 
				 	go.etcd.io/bbolt v1.3.6
			
 
				 	go.uber.org/automaxprocs v1.5.1
			
 
				 	gocloud.dev v0.25.0
			
 
				-	golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f
			
 
				+	golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88
			
 
				 	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
			
 
				 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
			
 
				 	golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6
			
 
				 	golang.org/x/time v0.0.0-20220411224347-583f2d630306
			
 
				-	google.golang.org/api v0.78.0
			
 
				+	google.golang.org/api v0.79.0
			
 
				 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
			
 
				 )
			
 
				 
			
@@ -77,7 +77,7 @@ require (
 
				 	cloud.google.com/go v0.101.1 // indirect
			
 
				 	cloud.google.com/go/compute v1.6.1 // indirect
			
 
				 	cloud.google.com/go/iam v0.3.0 // indirect
			
 
				-	github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.2 // indirect
			
 
				+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
			
 
				 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 // indirect
			
 
				 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 // indirect
			
 
				 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.4 // indirect
			
@@ -105,7 +105,7 @@ require (
 
				 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
			
 
				 	github.com/golang/protobuf v1.5.2 // indirect
			
 
				 	github.com/google/go-cmp v0.5.8 // indirect
			
 
				-	github.com/googleapis/gax-go/v2 v2.3.0 // indirect
			
 
				+	github.com/googleapis/gax-go/v2 v2.4.0 // indirect
			
 
				 	github.com/googleapis/go-type-adapters v1.0.0 // indirect
			
 
				 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
			
 
				 	github.com/hashicorp/hcl v1.0.0 // indirect
			
@@ -124,13 +124,13 @@ require (
 
				 	github.com/mattn/go-colorable v0.1.12 // indirect
			
 
				 	github.com/mattn/go-isatty v0.0.14 // indirect
			
 
				 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
			
 
				-	github.com/miekg/dns v1.1.48 // indirect
			
 
				+	github.com/miekg/dns v1.1.49 // indirect
			
 
				 	github.com/minio/sha256-simd v1.0.0 // indirect
			
 
				 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
			
 
				 	github.com/mitchellh/mapstructure v1.5.0 // indirect
			
 
				 	github.com/oklog/run v1.1.0 // indirect
			
 
				 	github.com/pelletier/go-toml v1.9.5 // indirect
			
 
				-	github.com/pelletier/go-toml/v2 v2.0.0 // indirect
			
 
				+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
			
 
				 	github.com/pkg/errors v0.9.1 // indirect
			
 
				 	github.com/pmezard/go-difflib v1.0.0 // indirect
			
 
				 	github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
			
@@ -138,12 +138,12 @@ require (
 
				 	github.com/prometheus/common v0.34.0 // indirect
			
 
				 	github.com/prometheus/procfs v0.7.3 // indirect
			
 
				 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
			
 
				-	github.com/spf13/cast v1.4.1 // indirect
			
 
				+	github.com/spf13/cast v1.5.0 // indirect
			
 
				 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
			
 
				 	github.com/spf13/pflag v1.0.5 // indirect
			
 
				 	github.com/subosito/gotenv v1.2.0 // indirect
			
 
				 	github.com/tklauser/go-sysconf v0.3.10 // indirect
			
 
				-	github.com/tklauser/numcpus v0.4.0 // indirect
			
 
				+	github.com/tklauser/numcpus v0.5.0 // indirect
			
 
				 	github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect
			
 
				 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
			
 
				 	go.opencensus.io v0.23.0 // indirect
			
@@ -158,7 +158,7 @@ require (
 
				 	gopkg.in/ini.v1 v1.66.4 // indirect
			
 
				 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
			
 
				 	gopkg.in/yaml.v2 v2.4.0 // indirect
			
 
				-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
			
 
				+	gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99 // indirect
			
 
				 )
			
 
				 
			
 
				 replace (
			
--- a/go.sum
+++ b/go.sum
@@ -86,15 +86,15 @@ github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo
 
				 github.com/Azure/azure-sdk-for-go v59.3.0+incompatible h1:dPIm0BO4jsMXFcCI/sLTPkBtE7mk8WMuRHA0JeWhlcQ=
			
 
				 github.com/Azure/azure-sdk-for-go v59.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
			
 
				 github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.23.1 h1:3CVsSo4mp8NDWO11tHzN/mdo2zP0CtaSK5IcwBjfqRA=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.23.1/go.mod h1:w5pDIZuawUmY3Bj4tVx3Xb8KS96ToB0j315w9rqpAg0=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0 h1:sVPhtT2qjO86rTUaWMr4WoES4TkjGnzcioXcnHV9s5k=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
			
 
				 github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.14.0 h1:NVS/4LOQfkBpk+B1VopIzv1ptmYeEskA8w/3K/w7vjo=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 h1:Yoicul8bnVdQrhDMTHxdEckRGX01XvwXDHUT9zYZ3k0=
			
 
				 github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.2 h1:Px2KVERcYEg2Lv25AqC2hVr0xUWaq94wuEObLIkYzmA=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.2/go.mod h1:CdSJQNNzZhCkwDaV27XV1w48ZBPtxe7mlrZAsPNxD5g=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.0 h1:0nJeKDmB7a1a8RDMjTltahlPsaNlWjq/LpkZleSwINk=
			
 
				-github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.0/go.mod h1:mbwxKc/fW+IkF0GG591MuXw0KuEQBDkeRoZ9vmVJPxg=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM=
			
 
				+github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA=
			
 
				 github.com/Azure/azure-service-bus-go v0.11.5/go.mod h1:MI6ge2CuQWBVq+ly456MY7XqNLJip5LO1iSFodbNLbU=
			
 
				 github.com/Azure/azure-storage-blob-go v0.14.0/go.mod h1:SMqIBi+SuiQH32bvyjngEewEeXoPfKMgWlBDaYf6fck=
			
 
				 github.com/Azure/go-amqp v0.16.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg=
			
@@ -141,8 +141,8 @@ github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX
 
				 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 h1:SdK4Ppk5IzLs64ZMvr6MrSficMtjY2oS0WOORXTlxwU=
			
 
				 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM=
			
 
				 github.com/aws/aws-sdk-go-v2/config v1.15.3/go.mod h1:9YL3v07Xc/ohTsxFXzan9ZpFpdTOFl4X65BAKYaz8jg=
			
 
				-github.com/aws/aws-sdk-go-v2/config v1.15.4 h1:P4mesY1hYUxru4f9SU0XxNKXmzfxsD0FtMIPRBjkH7Q=
			
 
				-github.com/aws/aws-sdk-go-v2/config v1.15.4/go.mod h1:ZijHHh0xd/A+ZY53az0qzC5tT46kt4JVCePf2NX9Lk4=
			
 
				+github.com/aws/aws-sdk-go-v2/config v1.15.5 h1:P+xwhr6kabhxDTXTVH9YoHkqjLJ0wVVpIUHtFNr2hjU=
			
 
				+github.com/aws/aws-sdk-go-v2/config v1.15.5/go.mod h1:ZijHHh0xd/A+ZY53az0qzC5tT46kt4JVCePf2NX9Lk4=
			
 
				 github.com/aws/aws-sdk-go-v2/credentials v1.11.2/go.mod h1:j8YsY9TXTm31k4eFhspiQicfXPLZ0gYXA50i4gxPE8g=
			
 
				 github.com/aws/aws-sdk-go-v2/credentials v1.12.0 h1:4R/NqlcRFSkR0wxOhgHi+agGpbEr5qMCjn7VqUIJY+E=
			
 
				 github.com/aws/aws-sdk-go-v2/credentials v1.12.0/go.mod h1:9YWk7VW+eyKsoIL6/CljkTrNVWBSK9pkqOPUuijid4A=
			
@@ -150,8 +150,8 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.3/go.mod h1:uk1vhHHERfSVCUnq
 
				 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 h1:FP8gquGeGHHdfY6G5llaMQDF+HAf20VKc8opRwmjf04=
			
 
				 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4/go.mod h1:u/s5/Z+ohUQOPXl00m2yJVyioWDECsbpXTQlaqSlufc=
			
 
				 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.3/go.mod h1:0dHuD2HZZSiwfJSy1FO5bX1hQ1TxVV1QXXjpn3XUE44=
			
 
				-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.9 h1:YLaNNJWkBsmo2ksMDiGrTUlGNMn6HZ/PP8CcXjRFZVE=
			
 
				-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.9/go.mod h1:1ca7t9uEmhcv9srUhdsjT3V4wJOcqabbgP1+1i3X8Vs=
			
 
				+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.10 h1:JL7cY85hyjlgfA29MMyAlItX+JYIH9XsxgMBS7jtlqA=
			
 
				+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.10/go.mod h1:p+ul5bLZSDRRXCZ/vePvfmZBH9akozXBJA5oMshWa5U=
			
 
				 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.9/go.mod h1:AnVH5pvai0pAF4lXRq0bmhbes1u9R8wTE+g+183bZNM=
			
 
				 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 h1:uFWgo6mGJI1n17nbcvSc6fxVuR3xLNqvXt12JCnEcT8=
			
 
				 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10/go.mod h1:F+EZtuIwjlv35kRJPyBGcsA4f7bnSoz15zOQ2lJq1Z4=
			
@@ -181,8 +181,8 @@ github.com/aws/aws-sdk-go-v2/service/s3 v1.26.3/go.mod h1:g1qvDuRsJY+XghsV6zg00Z
 
				 github.com/aws/aws-sdk-go-v2/service/s3 v1.26.9 h1:LCQKnopq2t4oQS3VKivlYTzAHCTJZZoQICM9fny7KHY=
			
 
				 github.com/aws/aws-sdk-go-v2/service/s3 v1.26.9/go.mod h1:iMYipLPXlWpBJ0KFX7QJHZ84rBydHBY8as2aQICTPWk=
			
 
				 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.4/go.mod h1:PJc8s+lxyU8rrre0/4a0pn2wgwiDvOEzoOjcJUBr67o=
			
 
				-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.6 h1:m+mxqLIrGq7GJo5qw4rHn8BbUqHrvxvwFx54N1Pglvw=
			
 
				-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.6/go.mod h1:Z+i6uqZgCOBXhNoEGoRm/ZaLsaJA9rGUAmkVKM/3+g4=
			
 
				+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.7 h1:9PpUYZ6D8J9p3kP7IW4iob1x1kbD5tMhKuRWzT/aQ6o=
			
 
				+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.7/go.mod h1:Z+i6uqZgCOBXhNoEGoRm/ZaLsaJA9rGUAmkVKM/3+g4=
			
 
				 github.com/aws/aws-sdk-go-v2/service/sns v1.17.4/go.mod h1:kElt+uCcXxcqFyc+bQqZPFD9DME/eC6oHBXvFzQ9Bcw=
			
 
				 github.com/aws/aws-sdk-go-v2/service/sqs v1.18.3/go.mod h1:skmQo0UPvsjsuYYSYMVmrPc1HWCbHUJyrCEp+ZaLzqM=
			
 
				 github.com/aws/aws-sdk-go-v2/service/ssm v1.24.1/go.mod h1:NR/xoKjdbRJ+qx0pMR4mI+N/H1I1ynHwXnO6FowXJc0=
			
@@ -226,8 +226,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH
 
				 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
			
 
				 github.com/cockroachdb/cockroach-go/v2 v2.2.8 h1:IrQpwOXQza67nSSezygYjl4GQtQnE+rDrU2yK6MmNFA=
			
 
				 github.com/cockroachdb/cockroach-go/v2 v2.2.8/go.mod h1:q4ZRgO6CQpwNyEvEwSxwNrOSVchsmzrBnAv3HuZ3Abc=
			
 
				-github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw=
			
 
				-github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
			
 
				+github.com/coreos/go-oidc/v3 v3.2.0 h1:2eR2MGR7thBXSQ2YbODlF0fcmgtliLCfr9iX6RW11fc=
			
 
				+github.com/coreos/go-oidc/v3 v3.2.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
			
 
				 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
			
 
				 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
			
 
				 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
			
@@ -248,7 +248,6 @@ github.com/denisenkom/go-mssqldb v0.12.0/go.mod h1:iiK0YP1ZeepvmBQk/QpLEhhTNJgfz
 
				 github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
			
 
				 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
			
 
				 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
			
 
				-github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
			
 
				 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
			
 
				 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
			
 
				 github.com/drakkan/crypto v0.0.0-20220505051548-eb52ab1741ed h1:08cqWe9aKRNPpH5nfTyAVoitSif6pvXbGa9v3+PDAzI=
			
@@ -278,6 +277,7 @@ github.com/fclairamb/go-log v0.3.0 h1:oSC7Zjt0FZIYC5xXahUUycKGkypSdr2srFPLsp7CLd
 
				 github.com/fclairamb/go-log v0.3.0/go.mod h1:XG61EiPlAXnPDN8SA4N3zeA+GyBJmVOCCo12WORx/gA=
			
 
				 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
			
 
				 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
			
 
				+github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
			
 
				 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
			
 
				 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
			
 
				 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
			
@@ -430,8 +430,9 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m
 
				 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
			
 
				 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
			
 
				 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
			
 
				-github.com/googleapis/gax-go/v2 v2.3.0 h1:nRJtk3y8Fm770D42QV6T90ZnvFZyk7agSo3Q+Z9p3WI=
			
 
				 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
			
 
				+github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk=
			
 
				+github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
			
 
				 github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
			
 
				 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
			
 
				 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
			
@@ -537,8 +538,8 @@ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8
 
				 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
			
 
				 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
			
 
				 github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
			
 
				-github.com/klauspost/compress v1.15.3 h1:wmfu2iqj9q22SyMINp1uQ8C2/V4M1phJdmH9fG4nba0=
			
 
				-github.com/klauspost/compress v1.15.3/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
			
 
				+github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ=
			
 
				+github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
			
 
				 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
			
 
				 github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE=
			
 
				 github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
			
@@ -549,12 +550,12 @@ github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 
				 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
			
 
				 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
			
 
				 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
			
 
				-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
			
 
				 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
			
 
				+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
			
 
				 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
			
 
				 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
			
 
				-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
			
 
				 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
			
 
				+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
			
 
				 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
			
 
				 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
			
 
				 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
			
@@ -609,15 +610,15 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 
				 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
			
 
				 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
			
 
				 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
			
 
				-github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0=
			
 
				-github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
			
 
				+github.com/mattn/go-sqlite3 v1.14.13 h1:1tj15ngiFfcZzii7yd82foL+ks+ouQcj8j/TPq3fk1I=
			
 
				+github.com/mattn/go-sqlite3 v1.14.13/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
			
 
				 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
			
 
				 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
			
 
				 github.com/mhale/smtpd v0.8.0 h1:5JvdsehCg33PQrZBvFyDMMUDQmvbzVpZgKob7eYBJc0=
			
 
				 github.com/mhale/smtpd v0.8.0/go.mod h1:MQl+y2hwIEQCXtNhe5+55n0GZOjSmeqORDIXbqUL3x4=
			
 
				 github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
			
 
				-github.com/miekg/dns v1.1.48 h1:Ucfr7IIVyMBz4lRE8qmGUuZ4Wt3/ZGu9hmcMT3Uu4tQ=
			
 
				-github.com/miekg/dns v1.1.48/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
			
 
				+github.com/miekg/dns v1.1.49 h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=
			
 
				+github.com/miekg/dns v1.1.49/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
			
 
				 github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
			
 
				 github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
			
 
				 github.com/minio/sio v0.3.0 h1:syEFBewzOMOYVzSTFpp1MqpSZk8rUNbz8VIIc+PNzus=
			
@@ -648,8 +649,8 @@ github.com/otiai10/mint v1.3.3 h1:7JgpsBaN0uMkyju4tbYHu0mnM55hNKVYLsXmwr15NQI=
 
				 github.com/otiai10/mint v1.3.3/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
			
 
				 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
			
 
				 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
			
 
				-github.com/pelletier/go-toml/v2 v2.0.0 h1:P7Bq0SaI8nsexyay5UAyDo+ICWy5MQPgEZ5+l8JQTKo=
			
 
				-github.com/pelletier/go-toml/v2 v2.0.0/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
			
 
				+github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
			
 
				+github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
			
 
				 github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
			
 
				 github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
			
 
				 github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA=
			
@@ -673,8 +674,9 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 
				 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
			
 
				 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
			
 
				 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
			
 
				-github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
			
 
				 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
			
 
				+github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
			
 
				+github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
			
 
				 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
			
 
				 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
			
 
				 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
			
@@ -696,6 +698,7 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 
				 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
			
 
				 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
			
 
				 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
			
 
				+github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
			
 
				 github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U=
			
 
				 github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
			
 
				 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
			
@@ -724,8 +727,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
 
				 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
			
 
				 github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
			
 
				 github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
			
 
				-github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
			
 
				-github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
			
 
				+github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
			
 
				+github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
			
 
				 github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
			
 
				 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
			
 
				 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
			
@@ -751,8 +754,9 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s
 
				 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
			
 
				 github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
			
 
				 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
			
 
				-github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=
			
 
				 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
			
 
				+github.com/tklauser/numcpus v0.5.0 h1:ooe7gN0fg6myJ0EKoTAf5hebTZrH52px3New/D9iJ+A=
			
 
				+github.com/tklauser/numcpus v0.5.0/go.mod h1:OGzpTxpcIMNGYQdit2BYL1pvk/dSOaJWjKoflh+RQjo=
			
 
				 github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 h1:PM5hJF7HVfNWmCjMdEfbuOBNXSVF2cMFGgQTPdKCbwM=
			
 
				 github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
			
 
				 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
			
@@ -1098,8 +1102,9 @@ google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc
 
				 google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
			
 
				 google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
			
 
				 google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
			
 
				-google.golang.org/api v0.78.0 h1:5ewPyCwP43C3i8B6C2Kb+eVAevbnke2xR8VbcSWjS4I=
			
 
				 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
			
 
				+google.golang.org/api v0.79.0 h1:vaOcm0WdXvhGkci9a0+CcQVZqSRjN8ksSBlWv99f8Pg=
			
 
				+google.golang.org/api v0.79.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
			
 
				 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
			
 
				 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
			
 
				 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
			
@@ -1273,8 +1278,9 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 
				 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
			
 
				 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
			
 
				 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
			
 
				-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
			
 
				 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
			
 
				+gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99 h1:dbuHpmKjkDzSOMKAWl10QNlgaZUd3V1q99xc81tt2Kc=
			
 
				+gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
			
 
				 gorm.io/driver/postgres v1.0.8/go.mod h1:4eOzrI1MUfm6ObJU/UcmbXyiHSs8jSwH95G5P5dxcAg=
			
 
				 gorm.io/gorm v1.20.12/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
			
 
				 gorm.io/gorm v1.21.4/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
			
--- a/sftpgo.json
+++ b/sftpgo.json
@@ -31,7 +31,9 @@
 
				       "entries_soft_limit": 100,
			
 
				       "entries_hard_limit": 150,
			
 
				       "safelist_file": "",
			
 
				-      "blocklist_file": ""
			
 
				+      "blocklist_file": "",
			
 
				+      "safelist": [],
			
 
				+      "blocklist": []
			
 
				     },
			
 
				     "rate_limiters": [
			
 
				       {