mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-10 20:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

explicit message for malformed data URL in local items (#3537)

Browse source
This commit is contained in:
mmetc 2025-03-25 11:53:49 +01:00 committed by GitHub
parent 0d2c2daca5
commit 55aa1893d1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
debian/migrate-hub.sh vendored
View file

@ -1,7 +1,7 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# This script is provided (only in the source distribution) as an ad-hoc solution # This script is provided (only in the source distribution) as an ad-hoc solution
# to migrate an installation from the crowdsec package maintained in the debian repositories # to migrate an installation from the crowdsec package maintained in the debian or ubuntu repositories
# to the official crowdsec repository. # to the official crowdsec repository.
set -eu set -eu
@ -9,7 +9,7 @@ set -eu
if [ ! -d /var/lib/crowdsec/hub/ ]; then if [ ! -d /var/lib/crowdsec/hub/ ]; then
echo "You don't have a hub directory to migrate." echo "You don't have a hub directory to migrate."
echo echo
echo "Use this script only if you upgrade from the crowdsec package included in the debian repositories." echo "Use this script only if you upgrade from the crowdsec package included in the debian or ubuntu repositories."
exit 1 exit 1
fi fi

2
pkg/hubops/colorize.go
View file

@ -15,8 +15,10 @@ func colorizeItemName(fullname string) string {
bold := color.New(color.Bold) bold := color.New(color.Bold)
author := parts[0] author := parts[0]
name := parts[1] name := parts[1]
return author + "/" + bold.Sprint(name) return author + "/" + bold.Sprint(name)
} }
return fullname return fullname
} }

8
pkg/hubops/download.go
View file

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"net/url"
"os" "os"
"time" "time"
@ -118,6 +119,13 @@ func downloadDataSet(ctx context.Context, dataFolder string, force bool, reader
continue continue
} }
// twopenny validation
if u, err := url.Parse(dataS.SourceURL); err != nil {
return false, err
} else if u.Scheme == "" {
return false, fmt.Errorf("a valid URL was expected (note: local items can download data too): %s", dataS.SourceURL)
}
// XXX: check context cancellation // XXX: check context cancellation
destPath, err := cwhub.SafePath(dataFolder, dataS.DestPath) destPath, err := cwhub.SafePath(dataFolder, dataS.DestPath)
if err != nil { if err != nil {

23
test/bats/20_hub_items.bats
View file

@ -151,6 +151,29 @@ teardown() {
assert_output --partial "Nothing to do." assert_output --partial "Nothing to do."
} }
@test "when upgrading the hub, a local item's data will be downloaded" {
rune -0 mkdir -p "$CONFIG_DIR/collections"
cat >"$CONFIG_DIR"/collections/foobar.yaml <<-EOT
data:
- source_url: https://localhost:1234/database.mmdb
dest_file: database.mmdb
EOT
rune -1 cscli hub upgrade
assert_line "downloading https://localhost:1234/database.mmdb"
assert_stderr --partial 'Get "https://localhost:1234/database.mmdb":'
assert_stderr --partial 'connect: connection refused'
# bad link, or local path
cat >"$CONFIG_DIR"/collections/foobar.yaml <<-EOT
data:
- source_url: /tmp/meh
dest_file: database.mmdb
EOT
rune -1 cscli hub upgrade
refute_line "downloading /tmp/meh"
assert_stderr --partial 'a valid URL was expected (note: local items can download data too): /tmp/meh'
}
@test "a local item cannot be removed by cscli" { @test "a local item cannot be removed by cscli" {
rune -0 mkdir -p "$CONFIG_DIR/scenarios" rune -0 mkdir -p "$CONFIG_DIR/scenarios"
rune -0 touch "$CONFIG_DIR/scenarios/foobar.yaml" rune -0 touch "$CONFIG_DIR/scenarios/foobar.yaml"