Merge branch 'master' into releases/1.6.x

2025-05-11 12:25:53 +02:00 · 2025-03-24 15:29:06 +01:00 · 2025-03-24 15:29:06 +01:00 · 5b0ff6ee9c
commit 5b0ff6ee9c
parent 416eb27f94 c245b1e6f8
36 changed files with 223 additions and 174 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -46,6 +46,7 @@ linters-settings:
  gomoddirectives:
    replace-allow-list:
      - golang.org/x/time/rate
+      - github.com/corazawaf/coraza/v3

  govet:
    enable-all: true
@ -279,12 +280,10 @@ linters:
    # Recommended? (requires some work)
    #

-    - containedctx          # containedctx is a linter that detects struct contained context.Context field
    - errname               # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
    - ireturn               # Accept Interfaces, Return Concrete Types
    - mnd                   # An analyzer to detect magic numbers.
    - nilnil                # Checks that there is no simultaneous return of `nil` error and an invalid value.
-    - noctx                 # Finds sending http request without context.Context
    - unparam               # Reports unused function parameters

    #
@ -502,3 +501,8 @@ issues:
        - usetesting
      path: "pkg/apiserver/(.+)_test.go"
      text: "os.CreateTemp.* could be replaced by os.CreateTemp.*"
+
+    - linters:
+        - containedctx
+      path: "cmd/notification-file/main.go"
+      text: "found a struct that contains a context.Context field"
--- a/cmd/crowdsec-cli/clihub/hub.go
+++ b/cmd/crowdsec-cli/clihub/hub.go
@ -46,6 +46,7 @@ cscli hub upgrade`,
 		DisableAutoGenTag: true,
 	}

+	cmd.AddCommand(cli.newBranchCmd())
 	cmd.AddCommand(cli.newListCmd())
 	cmd.AddCommand(cli.newUpdateCmd())
 	cmd.AddCommand(cli.newUpgradeCmd())
@ -84,6 +85,28 @@ func (cli *cliHub) List(out io.Writer, hub *cwhub.Hub, all bool) error {
 	return nil
 }

+func (cli *cliHub) newBranchCmd() *cobra.Command {
+	var all bool
+
+	cmd := &cobra.Command{
+		Use:               "branch",
+		Short:             "Show selected hub branch",
+		Long:              "Display the hub branch to be used, depending on configuration and crowdsec version",
+		Args:              args.NoArgs,
+		DisableAutoGenTag: true,
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			branch := require.HubBranch(cmd.Context(), cli.cfg())
+			fmt.Println(branch)
+			return nil
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.BoolVarP(&all, "all", "a", false, "List all available items, including those not installed")
+
+	return cmd
+}
+
 func (cli *cliHub) newListCmd() *cobra.Command {
 	var all bool

--- a/go.mod
+++ b/go.mod
@ -23,12 +23,11 @@ require (
 	github.com/corazawaf/libinjection-go v0.2.2
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/creack/pty v1.1.21 // indirect
-	github.com/crowdsecurity/coraza/v3 v3.0.0-20250121111732-9b0043b679d7
 	github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26
 	github.com/crowdsecurity/go-cs-lib v0.0.16
 	github.com/crowdsecurity/grokky v0.2.2
 	github.com/crowdsecurity/machineid v1.0.2
-	github.com/davecgh/go-spew v1.1.1
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 	github.com/dghubble/sling v1.4.2
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v27.3.1+incompatible
@ -99,12 +98,12 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
-	golang.org/x/crypto v0.32.0
+	golang.org/x/crypto v0.36.0
 	golang.org/x/mod v0.23.0
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0
-	golang.org/x/text v0.21.0
+	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/sync v0.12.0
+	golang.org/x/sys v0.31.0
+	golang.org/x/text v0.23.0
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/grpc v1.67.1
 	google.golang.org/protobuf v1.36.3
@ -117,6 +116,8 @@ require (

 )

+require github.com/corazawaf/coraza/v3 v3.3.2
+
 require (
 	ariga.io/atlas v0.31.1-0.20250212144724-069be8033e83 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@ -130,7 +131,6 @@ require (
 	github.com/bytedance/sonic/loader v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
@ -164,7 +164,6 @@ require (
 	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
 	github.com/jackc/pgtype v1.14.0 // indirect
-	github.com/jcchavezs/mergefs v0.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@ -188,7 +187,7 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 // indirect
 	github.com/pierrec/lz4/v4 v4.1.18 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@ -219,7 +218,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/arch v0.12.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
@ -235,3 +234,5 @@ require (
 )

 replace golang.org/x/time/rate => github.com/crowdsecurity/crowdsec/pkg/time/rate v0.0.0
+
+replace github.com/corazawaf/coraza/v3 => github.com/crowdsecurity/coraza/v3 v3.0.0-20250320231801-749b8bded21a
--- a/go.sum
+++ b/go.sum
@ -93,8 +93,6 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc h1:OlJhrgI3I+FLUCTI3JJW8MoqyM78WbqJjecqMnqG+wc=
 github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc/go.mod h1:7rsocqNDkTCira5T0M7buoKR2ehh7YZiPkzxRuAgvVU=
-github.com/corazawaf/coraza/v3 v3.3.2 h1:eG1HPLySTR9lND6y6fPOajubwbuHRF6aXCsCtxyqKTY=
-github.com/corazawaf/coraza/v3 v3.3.2/go.mod h1:4EqMZkRoil11FnResCT/2JIg61dH+6D7F48VG8SVzuA=
 github.com/corazawaf/libinjection-go v0.2.2 h1:Chzodvb6+NXh6wew5/yhD0Ggioif9ACrQGR4qjTCs1g=
 github.com/corazawaf/libinjection-go v0.2.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@ -109,8 +107,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
 github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/crowdsecurity/coraza/v3 v3.0.0-20250121111732-9b0043b679d7 h1:nIwAjapWmiQD3W/uAWYE3z+DC5Coy/zTyPBCJ379fAw=
-github.com/crowdsecurity/coraza/v3 v3.0.0-20250121111732-9b0043b679d7/go.mod h1:A+uciRXu+yhZcHMtM052bSM6vyJsMMU37NJN+tVoGqo=
+github.com/crowdsecurity/coraza/v3 v3.0.0-20250320231801-749b8bded21a h1:2Nyr+47Y/K68wohQWCrE7jKRIOpp6hJ29XCEQO3FhOw=
+github.com/crowdsecurity/coraza/v3 v3.0.0-20250320231801-749b8bded21a/go.mod h1:xSaXWOhFMSbrV8qOOfBKAyw3aOqfwaSaOy5BgSF8XlA=
 github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26 h1:r97WNVC30Uen+7WnLs4xDScS/Ex988+id2k6mDf8psU=
 github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26/go.mod h1:zpv7r+7KXwgVUZnUNjyP22zc/D7LKjyoY02weH2RBbk=
 github.com/crowdsecurity/go-cs-lib v0.0.16 h1:2/htodjwc/sfsv4deX8F/2Fzg1bOI8w3O1/BPSvvsB0=
@ -121,8 +119,9 @@ github.com/crowdsecurity/machineid v1.0.2 h1:wpkpsUghJF8Khtmn/tg6GxgdhLA1Xflerh5
 github.com/crowdsecurity/machineid v1.0.2/go.mod h1:XWUSlnS0R0+u/JK5ulidwlbceNT3ZOCKteoVQEn6Luo=
 github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dghubble/sling v1.4.2 h1:vs1HIGBbSl2SEALyU+irpYFLZMfc49Fp+jYryFebQjM=
 github.com/dghubble/sling v1.4.2/go.mod h1:o0arCOz0HwfqYQJLrRtqunaWOn4X6jxE/6ORKRpVTD4=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
@ -588,8 +587,9 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@ -804,8 +804,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@ -837,8 +837,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -848,8 +848,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -885,8 +885,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@ -894,8 +894,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@ -908,8 +908,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
 golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
--- a/pkg/acquisition/modules/appsec/appsec_runner.go
+++ b/pkg/acquisition/modules/appsec/appsec_runner.go
@ -11,8 +11,8 @@ import (
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/tomb.v2"

-	"github.com/crowdsecurity/coraza/v3"
-	corazatypes "github.com/crowdsecurity/coraza/v3/types"
+	"github.com/corazawaf/coraza/v3"
+	corazatypes "github.com/corazawaf/coraza/v3/types"

 	// load body processors via init()
 	_ "github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/bodyprocessors"
--- a/pkg/acquisition/modules/appsec/bodyprocessors/raw.go
+++ b/pkg/acquisition/modules/appsec/bodyprocessors/raw.go
@ -5,8 +5,8 @@ import (
 	"strconv"
 	"strings"

-	"github.com/crowdsecurity/coraza/v3/experimental/plugins"
-	"github.com/crowdsecurity/coraza/v3/experimental/plugins/plugintypes"
+	"github.com/corazawaf/coraza/v3/experimental/plugins"
+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
 )

 type rawBodyProcessor struct{}
--- a/pkg/acquisition/modules/appsec/rx_operator.go
+++ b/pkg/acquisition/modules/appsec/rx_operator.go
@ -8,8 +8,8 @@ import (
 	"github.com/wasilibs/go-re2"
 	"github.com/wasilibs/go-re2/experimental"

-	"github.com/crowdsecurity/coraza/v3/experimental/plugins"
-	"github.com/crowdsecurity/coraza/v3/experimental/plugins/plugintypes"
+	"github.com/corazawaf/coraza/v3/experimental/plugins"
+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
 )

 type rx struct {
--- a/pkg/acquisition/modules/appsec/utils.go
+++ b/pkg/acquisition/modules/appsec/utils.go
@ -11,8 +11,8 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"

-	"github.com/crowdsecurity/coraza/v3/collection"
-	"github.com/crowdsecurity/coraza/v3/types/variables"
+	"github.com/corazawaf/coraza/v3/collection"
+	"github.com/corazawaf/coraza/v3/types/variables"
 	"github.com/crowdsecurity/go-cs-lib/ptr"

 	"github.com/crowdsecurity/crowdsec/pkg/alertcontext"
--- a/pkg/acquisition/modules/http/http_test.go
+++ b/pkg/acquisition/modules/http/http_test.go
@ -254,7 +254,12 @@ basic_auth:

 	time.Sleep(1 * time.Second)

-	res, err := http.Get(fmt.Sprintf("%s/test", testHTTPServerAddr))
+	ctx := t.Context()
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, testHTTPServerAddr + "/test", http.NoBody)
+	require.NoError(t, err)
+
+	res, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
 	assert.Equal(t, http.StatusMethodNotAllowed, res.StatusCode)

@ -265,6 +270,8 @@ basic_auth:
 }

 func TestStreamingAcquisitionUnknownPath(t *testing.T) {
+	ctx := t.Context()
+
 	h := &HTTPSource{}
 	_, _, tomb := SetupAndRunHTTPSource(t, h, []byte(`
 source: http
@ -277,7 +284,10 @@ basic_auth:

 	time.Sleep(1 * time.Second)

-	res, err := http.Get(fmt.Sprintf("%s/unknown", testHTTPServerAddr))
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, testHTTPServerAddr + "/unknown", http.NoBody)
+	require.NoError(t, err)
+
+	res, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
 	assert.Equal(t, http.StatusNotFound, res.StatusCode)

@ -303,11 +313,15 @@ basic_auth:

 	client := &http.Client{}

-	resp, err := http.Post(fmt.Sprintf("%s/test", testHTTPServerAddr), "application/json", strings.NewReader("test"))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, testHTTPServerAddr + "/test", strings.NewReader("test"))
+	require.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
 	assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)

-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("%s/test", testHTTPServerAddr), strings.NewReader("test"))
+	req, err = http.NewRequestWithContext(ctx, http.MethodPost, testHTTPServerAddr + "/test", strings.NewReader("test"))
 	require.NoError(t, err)
 	req.SetBasicAuth("test", "WrongPassword")

@ -553,6 +567,8 @@ timeout: 1s`), 0)
 }

 func TestStreamingAcquisitionTLSHTTPRequest(t *testing.T) {
+	ctx := t.Context()
+
 	h := &HTTPSource{}
 	_, _, tomb := SetupAndRunHTTPSource(t, h, []byte(`
 source: http
@ -566,7 +582,11 @@ tls:

 	time.Sleep(1 * time.Second)

-	resp, err := http.Post(fmt.Sprintf("%s/test", testHTTPServerAddr), "application/json", strings.NewReader("test"))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, testHTTPServerAddr + "/test", strings.NewReader("test"))
+	require.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)

 	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
--- a/pkg/apiclient/alerts_service.go
+++ b/pkg/apiclient/alerts_service.go
@ -49,7 +49,7 @@ type AlertsDeleteOpts struct {
 func (s *AlertsService) Add(ctx context.Context, alerts models.AddAlertsRequest) (*models.AddAlertsResponse, *Response, error) {
 	u := fmt.Sprintf("%s/alerts", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &alerts)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &alerts)
 	if err != nil {
 		return nil, nil, err
 	}
@ -78,7 +78,7 @@ func (s *AlertsService) List(ctx context.Context, opts AlertsListOpts) (*models.
 		URI = fmt.Sprintf("%s?%s", URI, params.Encode())
 	}

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, URI, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, URI, nil)
 	if err != nil {
 		return nil, nil, fmt.Errorf("building request: %w", err)
 	}
@ -102,7 +102,7 @@ func (s *AlertsService) Delete(ctx context.Context, opts AlertsDeleteOpts) (*mod

 	u := fmt.Sprintf("%s/alerts?%s", s.client.URLPrefix, params.Encode())

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -120,7 +120,7 @@ func (s *AlertsService) Delete(ctx context.Context, opts AlertsDeleteOpts) (*mod
 func (s *AlertsService) DeleteOne(ctx context.Context, alertID string) (*models.DeleteAlertsResponse, *Response, error) {
 	u := fmt.Sprintf("%s/alerts/%s", s.client.URLPrefix, alertID)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -138,7 +138,7 @@ func (s *AlertsService) DeleteOne(ctx context.Context, alertID string) (*models.
 func (s *AlertsService) GetByID(ctx context.Context, alertID int) (*models.Alert, *Response, error) {
 	u := fmt.Sprintf("%s/alerts/%d", s.client.URLPrefix, alertID)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/pkg/apiclient/allowlists_service.go
+++ b/pkg/apiclient/allowlists_service.go
@ -27,7 +27,7 @@ func (s *AllowlistsService) List(ctx context.Context, opts AllowlistListOpts) (*

 	u += "?" + params.Encode()

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -58,7 +58,7 @@ func (s *AllowlistsService) Get(ctx context.Context, name string, opts Allowlist

 	log.Debugf("GET %s", u)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -76,7 +76,7 @@ func (s *AllowlistsService) Get(ctx context.Context, name string, opts Allowlist
 func (s *AllowlistsService) CheckIfAllowlisted(ctx context.Context, value string) (bool, *Response, error) {
 	u := s.client.URLPrefix + "/allowlists/check/" + value

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodHead, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodHead, u, nil)
 	if err != nil {
 		return false, nil, err
 	}
@ -94,7 +94,7 @@ func (s *AllowlistsService) CheckIfAllowlisted(ctx context.Context, value string
 func (s *AllowlistsService) CheckIfAllowlistedWithReason(ctx context.Context, value string) (*models.CheckAllowlistResponse, *Response, error) {
 	u := s.client.URLPrefix + "/allowlists/check/" + value

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/pkg/apiclient/auth_service.go
+++ b/pkg/apiclient/auth_service.go
@ -21,7 +21,7 @@ type enrollRequest struct {
 func (s *AuthService) UnregisterWatcher(ctx context.Context) (*Response, error) {
 	u := fmt.Sprintf("%s/watchers", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, err
 	}
@ -37,7 +37,7 @@ func (s *AuthService) UnregisterWatcher(ctx context.Context) (*Response, error)
 func (s *AuthService) RegisterWatcher(ctx context.Context, registration models.WatcherRegistrationRequest) (*Response, error) {
 	u := fmt.Sprintf("%s/watchers", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &registration)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &registration)
 	if err != nil {
 		return nil, err
 	}
@ -55,7 +55,7 @@ func (s *AuthService) AuthenticateWatcher(ctx context.Context, auth models.Watch

 	u := fmt.Sprintf("%s/watchers/login", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &auth)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &auth)
 	if err != nil {
 		return authResp, nil, err
 	}
@ -71,7 +71,7 @@ func (s *AuthService) AuthenticateWatcher(ctx context.Context, auth models.Watch
 func (s *AuthService) EnrollWatcher(ctx context.Context, enrollKey string, name string, tags []string, overwrite bool) (*Response, error) {
 	u := fmt.Sprintf("%s/watchers/enroll", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &enrollRequest{EnrollKey: enrollKey, Name: name, Tags: tags, Overwrite: overwrite})
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &enrollRequest{EnrollKey: enrollKey, Name: name, Tags: tags, Overwrite: overwrite})
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/apiclient/client.go
+++ b/pkg/apiclient/client.go
@ -72,10 +72,6 @@ type service struct {
 }

 func InitLAPIClient(ctx context.Context, apiUrl string, papiUrl string, login string, password string, scenarios []string) error {
-	if lapiClient != nil {
-		return errors.New("client already initialized")
-	}
-
 	apiURL, err := url.Parse(apiUrl)
 	if err != nil {
 		return fmt.Errorf("parsing api url ('%s'): %w", apiURL, err)
--- a/pkg/apiclient/client_http.go
+++ b/pkg/apiclient/client_http.go
@ -15,7 +15,7 @@ import (
 	log "github.com/sirupsen/logrus"
 )

-func (c *ApiClient) NewRequestWithContext(ctx context.Context, method, url string, body interface{}) (*http.Request, error) {
+func (c *ApiClient) PrepareRequest(ctx context.Context, method, url string, body interface{}) (*http.Request, error) {
 	if !strings.HasSuffix(c.BaseURL.Path, "/") {
 		return nil, fmt.Errorf("BaseURL must have a trailing slash, but %q does not", c.BaseURL)
 	}
--- a/pkg/apiclient/decisions_service.go
+++ b/pkg/apiclient/decisions_service.go
@ -81,7 +81,7 @@ func (s *DecisionsService) List(ctx context.Context, opts DecisionsListOpts) (*m

 	u := fmt.Sprintf("%s/decisions?%s", s.client.URLPrefix, params.Encode())

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -97,7 +97,7 @@ func (s *DecisionsService) List(ctx context.Context, opts DecisionsListOpts) (*m
 }

 func (s *DecisionsService) FetchV2Decisions(ctx context.Context, url string) (*models.DecisionsStreamResponse, *Response, error) {
-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -138,7 +138,7 @@ func (s *DecisionsService) FetchV3Decisions(ctx context.Context, url string) (*m
 	scenarioDeleted := "deleted"
 	durationDeleted := "1h"

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -271,7 +271,7 @@ func (s *DecisionsService) GetStreamV3(ctx context.Context, opts DecisionsStream
 		return nil, nil, err
 	}

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -289,7 +289,7 @@ func (s *DecisionsService) GetStreamV3(ctx context.Context, opts DecisionsStream
 func (s *DecisionsService) StopStream(ctx context.Context) (*Response, error) {
 	u := fmt.Sprintf("%s/decisions", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, err
 	}
@ -310,7 +310,7 @@ func (s *DecisionsService) Delete(ctx context.Context, opts DecisionsDeleteOpts)

 	u := fmt.Sprintf("%s/decisions?%s", s.client.URLPrefix, params.Encode())

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
@ -328,7 +328,7 @@ func (s *DecisionsService) Delete(ctx context.Context, opts DecisionsDeleteOpts)
 func (s *DecisionsService) DeleteOne(ctx context.Context, decisionID string) (*models.DeleteDecisionResponse, *Response, error) {
 	u := fmt.Sprintf("%s/decisions/%s", s.client.URLPrefix, decisionID)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodDelete, u, nil)
+	req, err := s.client.PrepareRequest(ctx, http.MethodDelete, u, nil)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/pkg/apiclient/decisions_sync_service.go
+++ b/pkg/apiclient/decisions_sync_service.go
@ -16,7 +16,7 @@ type DecisionDeleteService service
 func (d *DecisionDeleteService) Add(ctx context.Context, deletedDecisions *models.DecisionsDeleteRequest) (interface{}, *Response, error) {
 	u := fmt.Sprintf("%s/decisions/delete", d.client.URLPrefix)

-	req, err := d.client.NewRequestWithContext(ctx, http.MethodPost, u, &deletedDecisions)
+	req, err := d.client.PrepareRequest(ctx, http.MethodPost, u, &deletedDecisions)
 	if err != nil {
 		return nil, nil, fmt.Errorf("while building request: %w", err)
 	}
--- a/pkg/apiclient/heartbeat.go
+++ b/pkg/apiclient/heartbeat.go
@ -17,7 +17,7 @@ type HeartBeatService service
 func (h *HeartBeatService) Ping(ctx context.Context) (bool, *Response, error) {
 	u := fmt.Sprintf("%s/heartbeat", h.client.URLPrefix)

-	req, err := h.client.NewRequestWithContext(ctx, http.MethodGet, u, nil)
+	req, err := h.client.PrepareRequest(ctx, http.MethodGet, u, nil)
 	if err != nil {
 		return false, nil, err
 	}
--- a/pkg/apiclient/metrics.go
+++ b/pkg/apiclient/metrics.go
@ -13,7 +13,7 @@ type MetricsService service
 func (s *MetricsService) Add(ctx context.Context, metrics *models.Metrics) (interface{}, *Response, error) {
 	u := fmt.Sprintf("%s/metrics/", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &metrics)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &metrics)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/pkg/apiclient/signal.go
+++ b/pkg/apiclient/signal.go
@ -15,7 +15,7 @@ type SignalService service
 func (s *SignalService) Add(ctx context.Context, signals *models.AddSignalsRequest) (interface{}, *Response, error) {
 	u := fmt.Sprintf("%s/signals", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &signals)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &signals)
 	if err != nil {
 		return nil, nil, fmt.Errorf("while building request: %w", err)
 	}
--- a/pkg/apiclient/usagemetrics.go
+++ b/pkg/apiclient/usagemetrics.go
@ -13,7 +13,7 @@ type UsageMetricsService service
 func (s *UsageMetricsService) Add(ctx context.Context, metrics *models.AllMetrics) (interface{}, *Response, error) {
 	u := fmt.Sprintf("%s/usage-metrics", s.client.URLPrefix)

-	req, err := s.client.NewRequestWithContext(ctx, http.MethodPost, u, &metrics)
+	req, err := s.client.PrepareRequest(ctx, http.MethodPost, u, &metrics)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/pkg/apiserver/apic.go
+++ b/pkg/apiserver/apic.go
@ -754,7 +754,13 @@ func (a *apic) UpdateAllowlists(ctx context.Context, allowlistsLinks []*modelsca
 			description = *link.Description
 		}

-		resp, err := defaultClient.GetClient().Get(*link.URL)
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, *link.URL, http.NoBody)
+		if err != nil {
+			log.Errorf("while pulling allowlist: %s", err)
+			continue
+		}
+
+		resp, err := defaultClient.GetClient().Do(req)
 		if err != nil {
 			log.Errorf("while pulling allowlist: %s", err)
 			continue
@ -854,7 +860,7 @@ func (a *apic) ApplyApicWhitelists(ctx context.Context, decisions []*models.Deci
 		log.Errorf("while getting allowlists content: %s", err)
 	}

-	if a.whitelists != nil {
+	if a.whitelists != nil && (len(a.whitelists.Cidrs) > 0 || len(a.whitelists.Ips) > 0) {
 		log.Warn("capi_whitelists_path is deprecated, please use centralized allowlists instead. See https://docs.crowdsec.net/docs/next/local_api/centralized_allowlists.")
 	}

--- a/pkg/appsec/coraza_logger.go
+++ b/pkg/appsec/coraza_logger.go
@ -6,7 +6,7 @@ import (

 	log "github.com/sirupsen/logrus"

-	dbg "github.com/crowdsecurity/coraza/v3/debuglog"
+	dbg "github.com/corazawaf/coraza/v3/debuglog"
 )

 var DebugRules = map[int]bool{}
--- a/pkg/appsec/ja4h/ja4h_test.go
+++ b/pkg/appsec/ja4h/ja4h_test.go
@ -21,6 +21,8 @@ For those hashes, the value used was the one returned by our code (because we de
 */

 func TestJA4H_A(t *testing.T) {
+	ctx := t.Context()
+
 	tests := []struct {
 		name           string
 		request        func() *http.Request
@ -29,7 +31,7 @@ func TestJA4H_A(t *testing.T) {
 		{
 			name: "basic GET request - HTTP1.1 - no accept-language header",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				return req
 			},
 			expectedResult: "ge11nn000000",
@ -37,7 +39,7 @@ func TestJA4H_A(t *testing.T) {
 		{
 			name: "basic GET request - HTTP1.1 - with accept-language header",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.Header.Set("Accept-Language", "en-US")
 				return req
 			},
@ -46,7 +48,7 @@ func TestJA4H_A(t *testing.T) {
 		{
 			name: "basic POST request - HTTP1.1 - no accept-language header - cookies - referer",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodPost, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodPost, "http://example.com", http.NoBody)
 				req.AddCookie(&http.Cookie{Name: "foo", Value: "bar"})
 				req.Header.Set("Referer", "http://example.com")
 				return req
@ -56,7 +58,7 @@ func TestJA4H_A(t *testing.T) {
 		{
 			name: "bad accept-language header",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.Header.Set("Accept-Language", "aksjdhaslkdhalkjsd")
 				return req
 			},
@ -65,7 +67,7 @@ func TestJA4H_A(t *testing.T) {
 		{
 			name: "bad accept-language header 2",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.Header.Set("Accept-Language", ",")
 				return req
 			},
@ -86,6 +88,9 @@ func TestJA4H_A(t *testing.T) {
 func TestJA4H_B(t *testing.T) {
 	// This test is only for non-regression
 	// Because go does not keep headers order, we just want to make sure our code always process the headers in the same order
+
+	ctx := t.Context()
+
 	tests := []struct {
 		name           string
 		request        func() *http.Request
@ -94,7 +99,7 @@ func TestJA4H_B(t *testing.T) {
 		{
 			name: "no headers",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				return req
 			},
 			expectedResult: "e3b0c44298fc",
@ -102,7 +107,7 @@ func TestJA4H_B(t *testing.T) {
 		{
 			name: "header with arbitrary content",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.Header.Set("X-Custom-Header", "some value")
 				return req
 			},
@ -111,7 +116,7 @@ func TestJA4H_B(t *testing.T) {
 		{
 			name: "header with multiple headers",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.Header.Set("X-Custom-Header", "some value")
 				req.Header.Set("Authorization", "Bearer token")
 				return req
@ -121,7 +126,7 @@ func TestJA4H_B(t *testing.T) {
 		{
 			name: "curl-like request",
 			request: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://localhost", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://localhost", http.NoBody)
 				req.Header.Set("Host", "localhost")
 				req.Header.Set("User-Agent", "curl/8.12.1")
 				req.Header.Set("Accept", "*/*")
@ -260,6 +265,8 @@ func TestJA4H_D(t *testing.T) {
 }

 func TestJA4H(t *testing.T) {
+	ctx := t.Context()
+
 	tests := []struct {
 		name         string
 		req          func() *http.Request
@ -268,7 +275,7 @@ func TestJA4H(t *testing.T) {
 		{
 			name: "Basic GET - No cookies",
 			req: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				return req
 			},
 			expectedHash: "ge11nn000000_e3b0c44298fc_000000000000_000000000000",
@ -276,7 +283,7 @@ func TestJA4H(t *testing.T) {
 		{
 			name: "Basic GET - With cookies",
 			req: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.AddCookie(&http.Cookie{Name: "session", Value: "12345"})
 				return req
 			},
@ -285,7 +292,7 @@ func TestJA4H(t *testing.T) {
 		{
 			name: "Basic GET - Multiple cookies",
 			req: func() *http.Request {
-				req, _ := http.NewRequest(http.MethodGet, "http://example.com", http.NoBody)
+				req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "http://example.com", http.NoBody)
 				req.AddCookie(&http.Cookie{Name: "foo", Value: "bar"})
 				req.AddCookie(&http.Cookie{Name: "baz", Value: "qux"})
 				return req
--- a/pkg/appsec/tx.go
+++ b/pkg/appsec/tx.go
@ -1,10 +1,10 @@
 package appsec

 import (
-	"github.com/crowdsecurity/coraza/v3"
-	"github.com/crowdsecurity/coraza/v3/experimental"
-	"github.com/crowdsecurity/coraza/v3/experimental/plugins/plugintypes"
-	"github.com/crowdsecurity/coraza/v3/types"
+	"github.com/corazawaf/coraza/v3"
+	"github.com/corazawaf/coraza/v3/experimental"
+	"github.com/corazawaf/coraza/v3/experimental/plugins/plugintypes"
+	"github.com/corazawaf/coraza/v3/types"
 )

 type ExtendedTransaction struct {
--- a/pkg/hubops/disable.go
+++ b/pkg/hubops/disable.go
@ -5,6 +5,8 @@ import (
 	"fmt"
 	"os"

+	log "github.com/sirupsen/logrus"
+
 	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
 )

@ -53,7 +55,7 @@ func (c *DisableCommand) Prepare(plan *ActionPlan) (bool, error) {
 	i := c.Item

 	if i.State.IsLocal() {
-		plan.Warning(i.FQName() + " is a local item, please delete manually")
+		log.Warnf("%s is a local item, please delete manually", i.FQName())
 		return false, nil
 	}

--- a/pkg/hubops/download.go
+++ b/pkg/hubops/download.go
@ -10,7 +10,7 @@ import (
 	"time"

 	"github.com/fatih/color"
-	"github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"

 	"github.com/crowdsecurity/go-cs-lib/downloader"
@ -38,13 +38,13 @@ func (c *DownloadCommand) Prepare(plan *ActionPlan) (bool, error) {
 	i := c.Item

 	if i.State.IsLocal() {
-		plan.Info(i.FQName() + " - not downloading local item")
+		log.Infof("%s - not downloading local item", i.FQName())
 		return false, nil
 	}

 	// XXX: if it's tainted do we upgrade the dependencies anyway?
 	if i.State.Tainted && !c.Force {
-		plan.Warning(i.FQName() + " is tainted, use '--force' to overwrite")
+		log.Warnf("%s is tainted, use '--force' to overwrite", i.FQName())
 		return false, nil
 	}

@ -132,7 +132,7 @@ func downloadDataSet(ctx context.Context, dataFolder string, force bool, reader
 				BeforeRequest(func(req *http.Request) {
 					fmt.Printf("downloading %s\n", req.URL)
 				}).
-				WithLogger(logrus.WithField("url", dataS.SourceURL))
+				WithLogger(log.WithField("url", dataS.SourceURL))

 			if !force {
 				d = d.WithLastModified().
--- a/pkg/hubops/plan.go
+++ b/pkg/hubops/plan.go
@ -10,7 +10,6 @@ import (
 	"strings"

 	"github.com/AlecAivazis/survey/v2"
-	"github.com/fatih/color"

 	"github.com/crowdsecurity/go-cs-lib/slicetools"

@ -96,14 +95,6 @@ func (p *ActionPlan) AddCommand(c Command) error {
 	return nil
 }

-func (p *ActionPlan) Info(msg string) {
-	fmt.Println(msg)
-}
-
-func (p *ActionPlan) Warning(msg string) {
-	fmt.Printf("%s %s\n", color.YellowString("WARN"), msg)
-}
-
 // Description returns a string representation of the action plan.
 // If verbose is false, the operations are grouped by item type and operation type.
 // If verbose is true, they are listed as they appear in the command slice.
--- a/test/bats/01_crowdsec.bats
+++ b/test/bats/01_crowdsec.bats
@ -124,7 +124,29 @@ teardown() {
    assert_stderr --partial "api server init: unable to run local API: controller init: CS_LAPI_SECRET not strong enough"
 }

+@test "crowdsec - reload" {
+    # we test that reload works as intended with the agent enabled
+
+    logfile="$(config_get '.common.log_dir')/crowdsec.log"
+
+    rune -0 truncate -s0 "$logfile"
+
+    rune -0 ./instance-crowdsec start-pid
+    PID="$output"
+
+    sleep .5
+    rune -0 kill -HUP "$PID"
+
+    sleep 5
+    rune -0 ps "$PID"
+
+    assert_file_contains "$logfile" "Reload is finished"
+}
+
@test "crowdsec - reload (change of logfile, disabled agent)" {
+    # we test that reload works as intended with the agent disabled
+    # and that we can change the log configuration
+
    logdir1=$(TMPDIR="$BATS_TEST_TMPDIR" mktemp -u)
    log_old="${logdir1}/crowdsec.log"
    config_set ".common.log_dir=\"${logdir1}\""
--- a/test/bats/20_hub.bats
+++ b/test/bats/20_hub.bats
@ -172,8 +172,9 @@ teardown() {
    mkdir -p "$CONFIG_DIR/collections"
    touch "$CONFIG_DIR/collections/foo.yaml"
    rune -0 cscli hub upgrade
+    assert_stderr --partial 'collections:foo.yaml - not downloading local item'
+
    assert_output - <<-EOT
-	collections:foo.yaml - not downloading local item
 	Action plan:
 	🔄 check & update data files
 	EOT
--- a/test/bats/20_hub_items.bats
+++ b/test/bats/20_hub_items.bats
@ -155,29 +155,29 @@ teardown() {
    rune -0 mkdir -p "$CONFIG_DIR/scenarios"
    rune -0 touch "$CONFIG_DIR/scenarios/foobar.yaml"
    rune -0 cscli scenarios remove foobar.yaml
+    assert_stderr --partial 'scenarios:foobar.yaml is a local item, please delete manually'
    assert_output - <<-EOT
-	WARN scenarios:foobar.yaml is a local item, please delete manually
 	Nothing to do.
 	EOT
    rune -0 cscli scenarios remove foobar.yaml --purge
+    assert_stderr --partial 'scenarios:foobar.yaml is a local item, please delete manually'
    assert_output - <<-EOT
-	WARN scenarios:foobar.yaml is a local item, please delete manually
 	Nothing to do.
 	EOT
    rune -0 cscli scenarios remove foobar.yaml --force
+    assert_stderr --partial 'scenarios:foobar.yaml is a local item, please delete manually'
    assert_output - <<-EOT
-	WARN scenarios:foobar.yaml is a local item, please delete manually
 	Nothing to do.
 	EOT

    rune -0 cscli scenarios install crowdsecurity/ssh-bf

    rune -0 cscli scenarios remove --all
-    assert_line "WARN scenarios:foobar.yaml is a local item, please delete manually"
    assert_line "disabling scenarios:crowdsecurity/ssh-bf"
+    assert_stderr --partial "scenarios:foobar.yaml is a local item, please delete manually"

    rune -0 cscli scenarios remove --all --purge
-    assert_line "WARN scenarios:foobar.yaml is a local item, please delete manually"
+    assert_stderr --partial "scenarios:foobar.yaml is a local item, please delete manually"
    assert_line "purging scenarios:crowdsecurity/ssh-bf"
 }

--- a/test/bats/cscli-hubtype-install.bats
+++ b/test/bats/cscli-hubtype-install.bats
@ -166,18 +166,16 @@ get_latest_version() {

    rune -0 cscli parsers install crowdsecurity/whitelists --dry-run
    assert_output - --stderr <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Nothing to do.
 	EOT
-    refute_stderr
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"

    # XXX should this fail with status 1 instead?
    rune -0 cscli parsers install crowdsecurity/whitelists
    assert_output - <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Nothing to do.
 	EOT
-    refute_stderr
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"

    rune -0 cscli parsers install crowdsecurity/whitelists --force
    latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)
@ -230,17 +228,14 @@ get_latest_version() {
    # and maybe re-evaluate the --ignore flag
    rune -0 cscli parsers install crowdsecurity/whitelists --ignore
    assert_output - <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Nothing to do.
 	EOT
-    refute_stderr
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"

    # error on one item, should still install the others
    rune -0 cscli parsers install crowdsecurity/whitelists crowdsecurity/pgsql-logs --ignore
-    refute_stderr
    latest_pgsql=$(get_latest_version parsers crowdsecurity/pgsql-logs)
    assert_output - <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Action plan:
 	📥 download
 	 parsers: crowdsecurity/pgsql-logs ($latest_pgsql)
@ -252,6 +247,7 @@ get_latest_version() {

 	$RELOAD_MESSAGE
 	EOT
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"
    rune -0 cscli parsers inspect crowdsecurity/pgsql-logs --no-metrics -o json
    rune -0 jq -e '.installed==true' <(output)
 }
@ -268,14 +264,14 @@ get_latest_version() {

    # attempt to install from hub
    rune -0 cscli parsers install crowdsecurity/sshd-logs
-    assert_line 'parsers:crowdsecurity/sshd-logs - not downloading local item'
+    assert_stderr --partial 'parsers:crowdsecurity/sshd-logs - not downloading local item'
    rune -0 cscli parsers list -o json
    rune -0 jq -c '.parsers[] | [.name,.status]' <(output)
    assert_json '["crowdsecurity/sshd-logs","enabled,local"]'

    # attempt to install from a collection
    rune -0 cscli collections install crowdsecurity/sshd
-    assert_line 'parsers:crowdsecurity/sshd-logs - not downloading local item'
+    assert_stderr --partial 'parsers:crowdsecurity/sshd-logs - not downloading local item'

    # verify it installed the rest of the collection
    assert_line 'enabling contexts:crowdsecurity/bf_base'
@ -293,11 +289,11 @@ get_latest_version() {

    # attempt to install from hub
    rune -0 cscli parsers install crowdsecurity/sshd-logs
-    assert_line 'parsers:crowdsecurity/sshd-logs - not downloading local item'
+    assert_stderr --partial 'parsers:crowdsecurity/sshd-logs - not downloading local item'

    # attempt to install from a collection
    rune -0 cscli collections install crowdsecurity/sshd
-    assert_line 'parsers:crowdsecurity/sshd-logs - not downloading local item'
+    assert_stderr --partial 'parsers:crowdsecurity/sshd-logs - not downloading local item'

    # verify it installed the rest of the collection
    assert_line 'enabling contexts:crowdsecurity/bf_base'
--- a/test/bats/cscli-hubtype-upgrade.bats
+++ b/test/bats/cscli-hubtype-upgrade.bats
@ -165,17 +165,15 @@ get_latest_version() {

    rune -0 cscli parsers upgrade crowdsecurity/whitelists --dry-run
    assert_output - <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Nothing to do.
 	EOT
-    refute_stderr
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"

    rune -0 cscli parsers upgrade crowdsecurity/whitelists
    assert_output - <<-EOT
-	WARN parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite
 	Nothing to do.
 	EOT
-    refute_stderr
+    assert_stderr --partial "parsers:crowdsecurity/whitelists is tainted, use '--force' to overwrite"

    latest_whitelists=$(get_latest_version parsers crowdsecurity/whitelists)

--- a/test/lib/bats-assert
+++ b/test/lib/bats-assert
@ -1 +1 @@
-Subproject commit 44913ffe6020d1561c4c4d1e26cda8e07a1f374f
+Subproject commit b93143a1bfbde41d9b7343aab0d36f3ef6549e6b
--- a/test/lib/config/config-global
+++ b/test/lib/config/config-global
@ -61,6 +61,19 @@ config_prepare() {
        .api.server.listen_socket="/run/crowdsec.sock" |
        .config_paths.config_dir |= sub("/$", "")
    ' "${CONFIG_DIR}/config.yaml"
+
+    # pin the branch to avoid having to query the last version repeatedly.
+    # this means the fixture could possibly go stale (i.e. use the wrong branch) if a new version is released,
+    # but that shouldn't impact the tests anyway.
+
+    HUB_BRANCH=$("$CSCLI" hub branch 2>/dev/null)
+    export HUB_BRANCH
+
+    echo "Setting up tests with hub branch $HUB_BRANCH"
+
+    # need a working config, so we do it as a separate step.
+
+    yq -i e '.cscli.hub_branch=strenv(HUB_BRANCH)' "${CONFIG_DIR}/config.yaml"
 }

 make_init_data() {
--- a/test/lib/config/config-local
+++ b/test/lib/config/config-local
@ -98,6 +98,19 @@ config_generate() {
    .api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" |
    del(.api.server.online_client)
    ' ../config/config.yaml >"${CONFIG_DIR}/config.yaml"
+
+    # pin the branch to avoid having to query the last version repeatedly.
+    # this means the fixture could possibly go stale (i.e. use the wrong branch) if a new version is released,
+    # but that shouldn't impact the tests anyway.
+
+    HUB_BRANCH=$("$CSCLI" hub branch 2>/dev/null)
+    export HUB_BRANCH
+
+    echo "Setting up tests with hub branch $HUB_BRANCH"
+
+    # need a working config, so we do it as a separate step.
+
+    yq -i e '.cscli.hub_branch=strenv(HUB_BRANCH)' "${CONFIG_DIR}/config.yaml"
 }

 make_init_data() {
--- a/test/lib/setup_file.sh
+++ b/test/lib/setup_file.sh
@ -200,50 +200,6 @@ is_stdin_empty() {
 }
 export -f is_stdin_empty

-assert_stderr() {
-    # it is never useful to call this without arguments
-    if [[ "$#" -eq 0 ]]; then
-        # maybe the caller forgot to use '-' with an heredoc
-        if ! is_stdin_empty; then
-            fail "${FUNCNAME[0]}: called with stdin and no arguments (heredoc?)"
-        fi
-        fail "${FUNCNAME[0]}: called with no arguments"
-    fi
-
-    local oldout="${output}"
-    run -0 echo "${stderr}"
-    assert_output "$@"
-    output="${oldout}"
-}
-export -f assert_stderr
-
-# like refute_output, but for stderr
-refute_stderr() {
-    # calling this without arguments is ok, as long as stdin in empty
-    if ! is_stdin_empty; then
-        fail "${FUNCNAME[0]}: called with stdin (heredoc?)"
-    fi
-
-    local oldout="${output}"
-    run -0 echo "${stderr}"
-    refute_output "$@"
-    output="${oldout}"
-}
-export -f refute_stderr
-
-# like assert_output, but for stderr
-assert_stderr_line() {
-    if [[ "$#" -eq 0 ]]; then
-        fail "${FUNCNAME[0]}: called with no arguments"
-    fi
-
-    local oldout="${output}"
-    run -0 echo "${stderr}"
-    assert_line "$@"
-    output="${oldout}"
-}
-export -f assert_stderr_line
-
 # remove all installed items and data
 hub_purge_all() {
    local CONFIG_DIR