- reverse actual and expected values
- use assert.False, assert.True
- use assert.Len, assert.Emtpy
- use require.Error, require.NoError
- use assert.InDelta
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)
The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)
---------
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* Improve whitelist parsing
* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist
* No point passing clog as an argument since it is just a pointer to node we already know about
* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs
* reimplement early return if expr errors
* Fix lint and dont need to parse ip back to string just loop over sources
* Log error with node logger as it provides context
* Move getsource to a function cleanup some code
* Change func name
* Split out compile to a function so we can use in tests. Add a bunch of tests
* spell correction
* Use node logger so it has context
* alternative solution
* quick fixes
* Use containswls
* Change whitelist test to use parseipsource and only events
* Make it simpler
* Postoverflow tests, some basic ones to make sure it works
* Use official pkg
* Add @mmetc reco
* Add @mmetc reco
* Change if if to a switch to only evaluate once
* simplify assertions
---------
Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
The lumberjack package fixed the issue in natefinch/lumberjack#83 (tested with umask 002) and this code is now redundant since we updated the dependency to v2.2.1.
* properly update the time structure within event to ensure it works in time-machine
* move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
* v3 model generation
* v3 model generation
* comms
* fixes after master merge
* missing reader close
* use constants defined for types
---------
Co-authored-by: bui <thibault@crowdsec.net>
* Allow any parser to suggest a format string for the date to be parsed.
* allow the enricher functions to get the parser's logger so they can inherit the level
* github-ci: color unit test output and logs
* new config option: force_color_logs (useful in CI)
* bats: show sqlite/mysql dump at the end
* removed "-v" (print package names) from "go build"
* general workflow cleanup
