0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1599 commits 83 branches 177 tags 151 MiB
Commit graph

1599 commits

This branch
This branch
All branches
Author SHA1 Message Date
bui
82bb8a2789 no leak plz 2023-10-26 13:01:11 +02:00
bui
f18b554177 warn at start if body reading is disabled 2023-10-26 12:45:59 +02:00
bui
6cbeefead6 up 2023-10-26 12:04:58 +02:00
bui
e49f33b4a7 Merge branch 'coraza_poc_acquis' of github.com:crowdsecurity/crowdsec into coraza_poc_acquis 2023-10-26 12:04:12 +02:00
bui
46ae0b3822 properly set default log level 2023-10-26 12:03:57 +02:00
Sebastien Blot
676352b5b1
new custom rule format 2023-10-25 18:45:49 +02:00
bui
4bfca8cab5 fix meta encoding 2023-10-25 13:54:57 +02:00
bui
eafffe7c94 up 2023-10-24 18:16:39 +02:00
bui
9edde09608 up 2023-10-24 18:16:30 +02:00
bui
1f3801f390 add the helpers and the type 2023-10-24 17:24:31 +02:00
bui
c02c74b5fe shortcut for waap events 2023-10-24 17:24:16 +02:00
bui
b2bb15bb49 generate a special event for waap 2023-10-24 17:23:46 +02:00
bui
dd49620922 our shortcut for waap events 2023-10-24 17:23:29 +02:00
bui
685006508c make waap rules generate crowdsec events (again) 2023-10-24 13:43:27 +02:00
bui
03650401c5 default level 2023-10-24 10:57:22 +02:00
bui
00e1ffbf58 simplify a bit 2023-10-24 10:49:28 +02:00
bui
bd9df8f480 logger 2023-10-23 10:59:02 +02:00
bui
1b9d8c8226 logger 2023-10-23 10:54:26 +02:00
bui
c00b1abd72 logger 2023-10-23 10:54:11 +02:00
bui
2ff238d5f8 logger 2023-10-23 10:53:52 +02:00
bui
dca6faab08 logger 2023-10-23 10:53:39 +02:00
bui
b110c74487 allow description 2023-10-20 13:49:15 +02:00
bui
5dbc2758fa warn user when setting unexpected default_remediation 2023-10-20 13:32:20 +02:00
Sebastien Blot
0acda36d33
up 2023-10-20 11:58:57 +02:00
Sebastien Blot
1468bb9681
up 2023-10-19 17:25:48 +02:00
Sebastien Blot
68c78249d5
up 2023-10-19 17:20:33 +02:00
Sebastien Blot
ef118a49ff
add waap-configs hub item 2023-10-19 16:53:00 +02:00
Sebastien Blot
15120a6d8f
merge hub-1.5.6 2023-10-19 14:19:37 +02:00
Sebastien Blot
350e8979b1
merge hub-1.5.6 branch 2023-10-19 12:18:16 +02:00
Marco Mariani
b89c5652ca Merge branch 'master' into hub-1.5.6 2023-10-19 12:05:19 +02:00
mmetc
88e4f7c157
Refact pkg/csconfig, pkg/cwhub (#2555) 
* csconfig: drop redundant hub information on *Cfg structs
* rename validItemFileName() -> item.validPath()
* Methods on hub object
* updated tests to reduce need of csconfig.Config or global state
 2023-10-19 12:04:29 +02:00
Sebastien Blot
ecbdf2f0e1
merge master branch 2023-10-19 10:51:54 +02:00
Sebastien Blot
2600ffbd19
delete coraza submodule 2023-10-19 10:25:55 +02:00
bui
c89b42939e naming 2023-10-18 17:17:57 +02:00
bui
98fb84d3e7 be consistent : waap-rules 2023-10-18 17:11:43 +02:00
Sebastien Blot
511468b8fe
up 2023-10-18 13:42:56 +02:00
mmetc
57d3ebba12
typo (#2556) 2023-10-18 10:03:02 +02:00
mmetc
be6555e46c
Refact pkg/csconfig, HubCfg (#2552) 
- rename csconfig.Hub -> HubCfg
 - move some Load*() functions to NewConfig()
 - config.yaml: optional common section
 - remove unused working_dir
 2023-10-18 09:38:33 +02:00
Laurence Jones
d2d788c5dc
[hubtest] escpae scenario asssert meta keys (#2551) 2023-10-17 15:29:21 +01:00
mmetc
4eae40865e
HubIndex struct, comments, name changes (#2549) 
* pkg/cwhub: rename PARSERS_OVFLW -> POSTOVERFLOWS
* mostly comments, some light cleanup
* move type hubtest.HubIndex -> cwhub.HubIndex
* move and rename LoadPkgIndex -> ParseIndex
* move displaySummary(), skippedLocal, skippedTainted to HubIndex struct
 2023-10-17 16:17:37 +02:00
mmetc
810a8adcf0 fix build (#2548) 2023-10-17 16:12:41 +02:00
mmetc
325003bb69 Refact cscli item listing, tests (#2547) 
* hub diet; taint tests
* cmd/crowdsec-cli: split utils.go, moved cwhub.GetHubStatusForItemType()
* cscli: refactor hub list commands, fix edge cases
 2023-10-17 16:12:41 +02:00
mmetc
f496bd1692 bats: more cscli hub tests (#2541) 
- updated logs and user messages
- added func tests for all the items: install, remove, upgrade, list
- rewritten taint tests for collections
- removed redundant csconfig.LoadPrometheus()
 2023-10-17 16:12:41 +02:00
mmetc
a00bae6039 cmd/crowdsec-cli: remove global prometheusURL (#2542) 
* cmd/crowdsec-cli: remove global prometheusURL
* PrometheusUrl now includes the path (/metrics)
 2023-10-17 16:12:41 +02:00
mmetc
734ba46e6a Refact cscli hub/item commands (#2536) 
* log.Fatal -> fmt.Errorf
* lint cmd/crowdsec-cli hub items and split collection commands
* cscli collections: add examples
* cscli parsers: avoid globals
* cscli scenarios: avoid globals
* cscli collections, postoverflows: avoid globals
* cscli hub: avoid globals
* remove unused globals
 2023-10-17 16:12:41 +02:00
mmetc
7db5bf8979 pkg/csconfig: set prometheus address:port defaults (#2533) 
We set these default in one place (after loading the configuration)
instead of leaving that to both metric server and consumer.
 2023-10-17 16:12:41 +02:00
Thibault "bui" Koechlin
a4dc5053d2
fix null deref in cti calls if key is empty (#2540) 
* fix null deref in cti calls if key is empty

* avoid hardcoded error check
 2023-10-17 09:34:53 +01:00
Sebastien Blot
d3bb9f8ae1
up 2023-10-17 09:32:40 +02:00
Laurence Jones
19de3a8a77
Runtime whitelist parsing improvement (#2422) 
* Improve whitelist parsing

* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist

* No point passing clog as an argument since it is just a pointer to node we already know about

* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs

* reimplement early return if expr errors

* Fix lint and dont need to parse ip back to string just loop over sources

* Log error with node logger as it provides context

* Move getsource to a function cleanup some code

* Change func name

* Split out compile to a function so we can use in tests. Add a bunch of tests

* spell correction

* Use node logger so it has context

* alternative solution

* quick fixes

* Use containswls

* Change whitelist test to use parseipsource and only events

* Make it simpler

* Postoverflow tests, some basic ones to make sure it works

* Use official pkg

* Add @mmetc reco

* Add @mmetc reco

* Change if if to a switch to only evaluate once

* simplify assertions

---------

Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-10-16 10:08:57 +01:00
Laurence Jones
e7ad3d88ae
Clear up some community confusion (#2543) 2023-10-16 10:08:41 +01:00