wip
This commit is contained in:
Sebastien Blot
parent
26c876dc38
commit
152c940774
5 changed files with 103 additions and 47 deletions
|
|
@ -18,6 +18,7 @@ import (
|
|||
leaky "github.com/crowdsecurity/crowdsec/pkg/leakybucket"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/parser"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/types"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/waf"
|
||||
)
|
||||
|
||||
func initCrowdsec(cConfig *csconfig.Config) (*parser.Parsers, error) {
|
||||
|
|
@ -38,6 +39,10 @@ func initCrowdsec(cConfig *csconfig.Config) (*parser.Parsers, error) {
|
|||
return nil, fmt.Errorf("while loading scenarios: %w", err)
|
||||
}
|
||||
|
||||
if err := waf.LoadWaapRules(); err != nil {
|
||||
return nil, fmt.Errorf("while loading waap rules: %w", err)
|
||||
}
|
||||
|
||||
if err := LoadAcquisition(cConfig); err != nil {
|
||||
return nil, fmt.Errorf("while loading acquisition config: %w", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,9 +133,18 @@ func (w *WaapSource) Configure(yamlConfig []byte, logger *log.Entry) error {
|
|||
//let's load the associated waap_config:
|
||||
if w.config.WaapConfigPath != "" {
|
||||
waapCfg := waf.WaapConfig{Logger: w.logger.WithField("component", "waap_config")}
|
||||
err := waapCfg.Load(w.config.WaapConfigPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load waap_config : %s", err)
|
||||
if w.config.WaapConfigPath != "" {
|
||||
err := waapCfg.LoadByPath(w.config.WaapConfigPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load waap_config : %s", err)
|
||||
}
|
||||
} else if w.config.WaapConfig != "" {
|
||||
err := waapCfg.Load(w.config.WaapConfig)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load waap_config : %s", err)
|
||||
}
|
||||
} else {
|
||||
return fmt.Errorf("no waap_config provided")
|
||||
}
|
||||
w.WaapRuntime, err = waapCfg.Build()
|
||||
if err != nil {
|
||||
|
|
|
|||
59
pkg/waf/loader.go
Normal file
59
pkg/waf/loader.go
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
package waf
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
var waapRules map[string]WaapCollectionConfig = make(map[string]WaapCollectionConfig) //FIXME: would probably be better to have a struct for this
|
||||
|
||||
func LoadWaapRules() error {
|
||||
hub, err := cwhub.GetHub()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load hub : %s", err)
|
||||
}
|
||||
|
||||
for _, hubWafRuleItem := range hub.GetItemMap(cwhub.WAAP_RULES) {
|
||||
//log.Infof("loading %s", hubWafRuleItem.LocalPath)
|
||||
if !hubWafRuleItem.Installed {
|
||||
continue
|
||||
}
|
||||
|
||||
content, err := os.ReadFile(hubWafRuleItem.LocalPath)
|
||||
|
||||
if err != nil {
|
||||
log.Warnf("unable to read file %s : %s", hubWafRuleItem.LocalPath, err)
|
||||
continue
|
||||
}
|
||||
|
||||
var rule WaapCollectionConfig
|
||||
|
||||
err = yaml.UnmarshalStrict(content, &rule)
|
||||
|
||||
if err != nil {
|
||||
log.Warnf("unable to unmarshal file %s : %s", hubWafRuleItem.LocalPath, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if rule.Type != WAAP_RULE {
|
||||
log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath)
|
||||
continue
|
||||
}
|
||||
|
||||
rule.hash = hubWafRuleItem.LocalHash
|
||||
rule.version = hubWafRuleItem.Version
|
||||
|
||||
log.Infof("Adding %s to waap rules", rule.Name)
|
||||
|
||||
waapRules[rule.Name] = rule
|
||||
}
|
||||
|
||||
if len(waapRules) == 0 {
|
||||
return fmt.Errorf("no waap rules found in hub")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/antonmedv/expr"
|
||||
"github.com/antonmedv/expr/vm"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
|
@ -104,7 +105,7 @@ func (w *WaapRuntimeConfig) ClearResponse() {
|
|||
w.Response.SendEvent = true
|
||||
}
|
||||
|
||||
func (wc *WaapConfig) Load(file string) error {
|
||||
func (wc *WaapConfig) LoadByPath(file string) error {
|
||||
|
||||
wc.Logger.Debugf("loading config %s", file)
|
||||
|
||||
|
|
@ -147,6 +148,31 @@ func (wc *WaapConfig) Load(file string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (wc *WaapConfig) Load(configName string) error {
|
||||
hub, err := cwhub.GetHub()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load hub : %s", err)
|
||||
}
|
||||
|
||||
waapConfigs := hub.GetItemMap(cwhub.WAAP_CONFIGS)
|
||||
|
||||
for _, hubWaapConfigItem := range waapConfigs {
|
||||
if !hubWaapConfigItem.Installed {
|
||||
continue
|
||||
}
|
||||
if hubWaapConfigItem.Name != configName {
|
||||
continue
|
||||
}
|
||||
wc.Logger.Infof("loading %s", hubWaapConfigItem.LocalPath)
|
||||
err = wc.LoadByPath(hubWaapConfigItem.LocalPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to load waap-config %s : %s", hubWaapConfigItem.LocalPath, err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (wc *WaapConfig) Build() (*WaapRuntimeConfig, error) {
|
||||
ret := &WaapRuntimeConfig{}
|
||||
ret.Name = wc.Name
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
corazatypes "github.com/crowdsecurity/coraza/v3/types"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/waf/waap_rule"
|
||||
"gopkg.in/yaml.v2"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
@ -50,53 +49,11 @@ var WaapRulesDetails = make(map[int]RulesDetails)
|
|||
|
||||
func LoadCollection(collection string) (WaapCollection, error) {
|
||||
|
||||
//FIXME: do it once globally
|
||||
waapRules := make(map[string]WaapCollectionConfig)
|
||||
|
||||
hub, err := cwhub.GetHub()
|
||||
if err != nil {
|
||||
return WaapCollection{}, fmt.Errorf("unable to load hub : %s", err)
|
||||
}
|
||||
|
||||
for _, hubWafRuleItem := range hub.GetItemMap(cwhub.WAAP_RULES) {
|
||||
//log.Infof("loading %s", hubWafRuleItem.LocalPath)
|
||||
if !hubWafRuleItem.Installed {
|
||||
continue
|
||||
}
|
||||
|
||||
content, err := os.ReadFile(hubWafRuleItem.LocalPath)
|
||||
|
||||
if err != nil {
|
||||
log.Warnf("unable to read file %s : %s", hubWafRuleItem.LocalPath, err)
|
||||
continue
|
||||
}
|
||||
|
||||
var rule WaapCollectionConfig
|
||||
|
||||
err = yaml.UnmarshalStrict(content, &rule)
|
||||
|
||||
if err != nil {
|
||||
log.Warnf("unable to unmarshal file %s : %s", hubWafRuleItem.LocalPath, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if rule.Type != WAAP_RULE { //FIXME: rename to waap-rule when hub is properly updated
|
||||
log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath)
|
||||
continue
|
||||
}
|
||||
|
||||
rule.hash = hubWafRuleItem.LocalHash
|
||||
rule.version = hubWafRuleItem.Version
|
||||
|
||||
log.Infof("Adding %s to waap rules", rule.Name)
|
||||
|
||||
waapRules[rule.Name] = rule
|
||||
}
|
||||
|
||||
if len(waapRules) == 0 {
|
||||
return WaapCollection{}, fmt.Errorf("no waap rules found in hub")
|
||||
}
|
||||
|
||||
var loadedRule WaapCollectionConfig
|
||||
var ok bool
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue