diff --git a/cmd/crowdsec/crowdsec.go b/cmd/crowdsec/crowdsec.go index 3b3a69cd3..a2aaba97b 100644 --- a/cmd/crowdsec/crowdsec.go +++ b/cmd/crowdsec/crowdsec.go @@ -18,6 +18,7 @@ import ( leaky "github.com/crowdsecurity/crowdsec/pkg/leakybucket" "github.com/crowdsecurity/crowdsec/pkg/parser" "github.com/crowdsecurity/crowdsec/pkg/types" + "github.com/crowdsecurity/crowdsec/pkg/waf" ) func initCrowdsec(cConfig *csconfig.Config) (*parser.Parsers, error) { @@ -38,6 +39,10 @@ func initCrowdsec(cConfig *csconfig.Config) (*parser.Parsers, error) { return nil, fmt.Errorf("while loading scenarios: %w", err) } + if err := waf.LoadWaapRules(); err != nil { + return nil, fmt.Errorf("while loading waap rules: %w", err) + } + if err := LoadAcquisition(cConfig); err != nil { return nil, fmt.Errorf("while loading acquisition config: %w", err) } diff --git a/pkg/acquisition/modules/waap/waap.go b/pkg/acquisition/modules/waap/waap.go index 3089a2ce1..4fbacfeb5 100644 --- a/pkg/acquisition/modules/waap/waap.go +++ b/pkg/acquisition/modules/waap/waap.go @@ -133,9 +133,18 @@ func (w *WaapSource) Configure(yamlConfig []byte, logger *log.Entry) error { //let's load the associated waap_config: if w.config.WaapConfigPath != "" { waapCfg := waf.WaapConfig{Logger: w.logger.WithField("component", "waap_config")} - err := waapCfg.Load(w.config.WaapConfigPath) - if err != nil { - return fmt.Errorf("unable to load waap_config : %s", err) + if w.config.WaapConfigPath != "" { + err := waapCfg.LoadByPath(w.config.WaapConfigPath) + if err != nil { + return fmt.Errorf("unable to load waap_config : %s", err) + } + } else if w.config.WaapConfig != "" { + err := waapCfg.Load(w.config.WaapConfig) + if err != nil { + return fmt.Errorf("unable to load waap_config : %s", err) + } + } else { + return fmt.Errorf("no waap_config provided") } w.WaapRuntime, err = waapCfg.Build() if err != nil { diff --git a/pkg/waf/loader.go b/pkg/waf/loader.go new file mode 100644 index 000000000..5acc136fc --- /dev/null +++ b/pkg/waf/loader.go @@ -0,0 +1,59 @@ +package waf + +import ( + "fmt" + "os" + + "github.com/crowdsecurity/crowdsec/pkg/cwhub" + log "github.com/sirupsen/logrus" + "gopkg.in/yaml.v2" +) + +var waapRules map[string]WaapCollectionConfig = make(map[string]WaapCollectionConfig) //FIXME: would probably be better to have a struct for this + +func LoadWaapRules() error { + hub, err := cwhub.GetHub() + if err != nil { + return fmt.Errorf("unable to load hub : %s", err) + } + + for _, hubWafRuleItem := range hub.GetItemMap(cwhub.WAAP_RULES) { + //log.Infof("loading %s", hubWafRuleItem.LocalPath) + if !hubWafRuleItem.Installed { + continue + } + + content, err := os.ReadFile(hubWafRuleItem.LocalPath) + + if err != nil { + log.Warnf("unable to read file %s : %s", hubWafRuleItem.LocalPath, err) + continue + } + + var rule WaapCollectionConfig + + err = yaml.UnmarshalStrict(content, &rule) + + if err != nil { + log.Warnf("unable to unmarshal file %s : %s", hubWafRuleItem.LocalPath, err) + continue + } + + if rule.Type != WAAP_RULE { + log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath) + continue + } + + rule.hash = hubWafRuleItem.LocalHash + rule.version = hubWafRuleItem.Version + + log.Infof("Adding %s to waap rules", rule.Name) + + waapRules[rule.Name] = rule + } + + if len(waapRules) == 0 { + return fmt.Errorf("no waap rules found in hub") + } + return nil +} diff --git a/pkg/waf/waap.go b/pkg/waf/waap.go index 9846b7c22..96b585e59 100644 --- a/pkg/waf/waap.go +++ b/pkg/waf/waap.go @@ -7,6 +7,7 @@ import ( "github.com/antonmedv/expr" "github.com/antonmedv/expr/vm" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" log "github.com/sirupsen/logrus" "gopkg.in/yaml.v2" ) @@ -104,7 +105,7 @@ func (w *WaapRuntimeConfig) ClearResponse() { w.Response.SendEvent = true } -func (wc *WaapConfig) Load(file string) error { +func (wc *WaapConfig) LoadByPath(file string) error { wc.Logger.Debugf("loading config %s", file) @@ -147,6 +148,31 @@ func (wc *WaapConfig) Load(file string) error { return nil } +func (wc *WaapConfig) Load(configName string) error { + hub, err := cwhub.GetHub() + if err != nil { + return fmt.Errorf("unable to load hub : %s", err) + } + + waapConfigs := hub.GetItemMap(cwhub.WAAP_CONFIGS) + + for _, hubWaapConfigItem := range waapConfigs { + if !hubWaapConfigItem.Installed { + continue + } + if hubWaapConfigItem.Name != configName { + continue + } + wc.Logger.Infof("loading %s", hubWaapConfigItem.LocalPath) + err = wc.LoadByPath(hubWaapConfigItem.LocalPath) + if err != nil { + return fmt.Errorf("unable to load waap-config %s : %s", hubWaapConfigItem.LocalPath, err) + } + } + + return nil +} + func (wc *WaapConfig) Build() (*WaapRuntimeConfig, error) { ret := &WaapRuntimeConfig{} ret.Name = wc.Name diff --git a/pkg/waf/waap_rules_collection.go b/pkg/waf/waap_rules_collection.go index 45e5995b3..720be295f 100644 --- a/pkg/waf/waap_rules_collection.go +++ b/pkg/waf/waap_rules_collection.go @@ -9,7 +9,6 @@ import ( corazatypes "github.com/crowdsecurity/coraza/v3/types" "github.com/crowdsecurity/crowdsec/pkg/cwhub" "github.com/crowdsecurity/crowdsec/pkg/waf/waap_rule" - "gopkg.in/yaml.v2" log "github.com/sirupsen/logrus" ) @@ -50,53 +49,11 @@ var WaapRulesDetails = make(map[int]RulesDetails) func LoadCollection(collection string) (WaapCollection, error) { - //FIXME: do it once globally - waapRules := make(map[string]WaapCollectionConfig) - hub, err := cwhub.GetHub() if err != nil { return WaapCollection{}, fmt.Errorf("unable to load hub : %s", err) } - for _, hubWafRuleItem := range hub.GetItemMap(cwhub.WAAP_RULES) { - //log.Infof("loading %s", hubWafRuleItem.LocalPath) - if !hubWafRuleItem.Installed { - continue - } - - content, err := os.ReadFile(hubWafRuleItem.LocalPath) - - if err != nil { - log.Warnf("unable to read file %s : %s", hubWafRuleItem.LocalPath, err) - continue - } - - var rule WaapCollectionConfig - - err = yaml.UnmarshalStrict(content, &rule) - - if err != nil { - log.Warnf("unable to unmarshal file %s : %s", hubWafRuleItem.LocalPath, err) - continue - } - - if rule.Type != WAAP_RULE { //FIXME: rename to waap-rule when hub is properly updated - log.Warnf("unexpected type %s instead of %s for file %s", rule.Type, WAAP_RULE, hubWafRuleItem.LocalPath) - continue - } - - rule.hash = hubWafRuleItem.LocalHash - rule.version = hubWafRuleItem.Version - - log.Infof("Adding %s to waap rules", rule.Name) - - waapRules[rule.Name] = rule - } - - if len(waapRules) == 0 { - return WaapCollection{}, fmt.Errorf("no waap rules found in hub") - } - var loadedRule WaapCollectionConfig var ok bool