crowdsec/pkg/appsec/loader.go

package appsec

import (
	"os"

	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
	log "github.com/sirupsen/logrus"
	"gopkg.in/yaml.v2"
)

var appsecRules map[string]AppsecCollectionConfig = make(map[string]AppsecCollectionConfig) //FIXME: would probably be better to have a struct for this

var hub *cwhub.Hub //FIXME: this is a temporary hack to make the hub available in the package

func LoadAppsecRules(hubInstance *cwhub.Hub) error {

	hub = hubInstance
	appsecRules = make(map[string]AppsecCollectionConfig)

	for _, hubAppsecRuleItem := range hub.GetItemMap(cwhub.APPSEC_RULES) {
		if !hubAppsecRuleItem.State.Installed {
			continue
		}

		content, err := os.ReadFile(hubAppsecRuleItem.State.LocalPath)

		if err != nil {
			log.Warnf("unable to read file %s : %s", hubAppsecRuleItem.State.LocalPath, err)
			continue
		}

		var rule AppsecCollectionConfig

		err = yaml.UnmarshalStrict(content, &rule)

		if err != nil {
			log.Warnf("unable to unmarshal file %s : %s", hubAppsecRuleItem.State.LocalPath, err)
			continue
		}

		rule.hash = hubAppsecRuleItem.State.LocalHash
		rule.version = hubAppsecRuleItem.Version

		log.Infof("Adding %s to appsec rules", rule.Name)

		appsecRules[rule.Name] = rule
	}

	if len(appsecRules) == 0 {
		log.Debugf("No appsec rules found")
	}
	return nil
}
Application Security Engine Support (#2273) Add a new datasource that: - Receives HTTP requests from remediation components - Apply rules on them to determine whether they are malicious or not - Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios) The PR also adds support for 2 new hub items: - appsec-configs: Configure the Application Security Engine (which rules to load, in which phase) - appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang) --------- Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Marco Mariani <marco@crowdsec.net> 2023-12-07 11:21:04 +00:00			`package appsec`

			`import (`
			`"os"`

			`"github.com/crowdsecurity/crowdsec/pkg/cwhub"`
			`log "github.com/sirupsen/logrus"`
			`"gopkg.in/yaml.v2"`
			`)`

			`var appsecRules map[string]AppsecCollectionConfig = make(map[string]AppsecCollectionConfig) //FIXME: would probably be better to have a struct for this`

			`var hub *cwhub.Hub //FIXME: this is a temporary hack to make the hub available in the package`

			`func LoadAppsecRules(hubInstance *cwhub.Hub) error {`

			`hub = hubInstance`
fix the reload process for appsec (#2750) 2024-01-17 10:54:44 +00:00			`appsecRules = make(map[string]AppsecCollectionConfig)`
Application Security Engine Support (#2273) Add a new datasource that: - Receives HTTP requests from remediation components - Apply rules on them to determine whether they are malicious or not - Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios) The PR also adds support for 2 new hub items: - appsec-configs: Configure the Application Security Engine (which rules to load, in which phase) - appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang) --------- Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Marco Mariani <marco@crowdsec.net> 2023-12-07 11:21:04 +00:00
			`for _, hubAppsecRuleItem := range hub.GetItemMap(cwhub.APPSEC_RULES) {`
			`if !hubAppsecRuleItem.State.Installed {`
			`continue`
			`}`

			`content, err := os.ReadFile(hubAppsecRuleItem.State.LocalPath)`

			`if err != nil {`
			`log.Warnf("unable to read file %s : %s", hubAppsecRuleItem.State.LocalPath, err)`
			`continue`
			`}`

			`var rule AppsecCollectionConfig`

			`err = yaml.UnmarshalStrict(content, &rule)`

			`if err != nil {`
			`log.Warnf("unable to unmarshal file %s : %s", hubAppsecRuleItem.State.LocalPath, err)`
			`continue`
			`}`

			`rule.hash = hubAppsecRuleItem.State.LocalHash`
			`rule.version = hubAppsecRuleItem.Version`

			`log.Infof("Adding %s to appsec rules", rule.Name)`

			`appsecRules[rule.Name] = rule`
			`}`

			`if len(appsecRules) == 0 {`
			`log.Debugf("No appsec rules found")`
			`}`
			`return nil`
			`}`