* Improve whitelist parsing
* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist
* No point passing clog as an argument since it is just a pointer to node we already know about
* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs
* reimplement early return if expr errors
* Fix lint and dont need to parse ip back to string just loop over sources
* Log error with node logger as it provides context
* Move getsource to a function cleanup some code
* Change func name
* Split out compile to a function so we can use in tests. Add a bunch of tests
* spell correction
* Use node logger so it has context
* alternative solution
* quick fixes
* Use containswls
* Change whitelist test to use parseipsource and only events
* Make it simpler
* Postoverflow tests, some basic ones to make sure it works
* Use official pkg
* Add @mmetc reco
* Add @mmetc reco
* Change if if to a switch to only evaluate once
* simplify assertions
---------
Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* refact jwt:Authenticator
* include scenarios in first login request for machines with tlsAuth
* log.Printf -> log.Infof
* errors.Wrap -> fmt.Errorf
* don't override validation error
* fix test
* cleanup in argument call
* update test as well
* cwhub_tests: reduce verbosity and use helpers
---------
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* use go 1.21.1, require 1.21
* import "slices" from stdlib
* allow codeql to set version number from tags
* codeql: custom WASM build - the automated one can silently fail
* removed unused error; comment
* rename loop variables
* happy path
* rename loop variables
* extract function, method
* log.Printf -> log.Infof
* tests -> testdata
from "go help test":
The go tool will ignore a directory named "testdata", making it available
to hold ancillary data needed by the tests.
* align tags
* extract function toEmoji
* Add parsers length check as it can panic is enrich is empty
* Lets get smarter and loop backwards to find last successful stage
* Shorten code
---------
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
now it does not attempt any retry, instead of attempting all retries
immediately
example: cannot reach LAPI
Before:
$ CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF=true cscli decisions list
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 4 retries left
INFO[27-07-2023 10:44:44] retrying in 0 seconds (attempt 2 of 5)
[...]
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 1 retries left
INFO[27-07-2023 10:44:44] retrying in 0 seconds (attempt 5 of 5)
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 0 retries left
FATA[27-07-2023 10:44:44] Unable to list decisions : performing request: Get "http://localhost:8080/v1/alerts?has_active_decision=true&include_capi=false&limit=100": could not get jwt token: Post "http://localhost:8080/v1/watchers/login": dial tcp [::1]:8080: connect: connection refused
After:
$ CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF=true ./test/local/bin/cscli decisions list
FATA[11-08-2023 16:49:58] unable to retrieve decisions: performing request: Get "http://127.0.0.1:8080/v1/alerts?has_active_decision=true&include_capi=false&limit=100": could not get jwt token: Post "http://127.0.0.1:8080/v1/watchers/login": dial tcp 127.0.0.1:8080: connect: connection refused
* apic: minor refactoring
* Add whitelist length check
If user configures the file but fails to define and actual whitelist we should check length to save allocs
* Init with length from file
* extract loop method from ApplyApicWhitelists
* pass pointer
* extract loop method updateBlocklist
---------
Co-authored-by: Laurence Jones <laurence.jones@live.co.uk>