mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-12 04:45:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
2057 commits 88 branches 214 tags 262 MiB
Commit graph

148 commits

Author SHA1 Message Date
Laurence Jones
bcce4afe5e
enhance: Flags now superceed all log levels (#3496) 
* enhance: Flags now superceed all log levels

* enhance: remove global var for local scope

* test

---------

Co-authored-by: marco <marco@crowdsec.net>
 2025-03-07 13:42:08 +00:00
Gilbert Gilb's
5260cf16cc
fix parsing of noncompliant RFC3339 timestamps missing only a timezone (#3346) 2025-01-30 17:14:06 +01:00
mmetc
49fb24c3b1
lint: enable errcheck; add allowlist and explicit checks (#3403) 
* lint: enable errcheck with explicit allow list
* add explicit error checks
* windows tests
* windows nolint
 2025-01-16 16:13:10 +01:00
mmetc
4e6e6dec65
lint: explicit error checks (#3388) 
* errcheck: tests
* fflag errcheck
* http_test errcheck (avoid duplicate metric registration)
 2025-01-02 12:33:54 +01:00
mmetc
ecf34c2fa1
lint/deep-exit: avoid log.Fatal (#3367) 
* lint/deep-exit: don't fail on invalid alert
* lint/deep-exit: kinesis_test.go
* lint/deep-exit: watcher_test.go
* lint/deep-exit: parsing_test.go
* lint/deep-exit: client_test.go
 2024-12-18 16:43:19 +01:00
mmetc
411bb48a81
loop performance optimizations / 1 (#3313) 
* rangeValCopy: each iteration copies 248 bytes
* rangeValCopy: each iteration copies 576 bytes
* rangeValCopy: each iteration copies 376 bytes
* rangeValCopy: each iteration copies 312 bytes
* enable linter: gocritic/rangeValCopy
 2024-12-05 18:04:26 +01:00
mmetc
7a1ad8376a
lint: style, autofix (#3354) 2024-12-05 10:40:48 +01:00
Laurence Jones
dd52e137ee
fix: Add a check to prevent attempting to load a directory within patterns (#3326) 2024-11-12 16:56:16 +00:00
mmetc
ce085dc4cd
logs and user messages: use "parse" and "serialize" instead of marshal/unmarshal (#3240) 2024-09-17 13:19:14 +02:00
mmetc
cae76baa3a
refact acquisition: build profiles (optionally exclude datasources from final binary) (#3217) 
example

$ make BUILD_PROFILE=minimal

or

$ make EXCLUDE=datasource_s3,datasource_kinesis
 2024-09-12 17:26:39 +02:00
mmetc
89aec7cf6b
pkg/cwhub: simpler accessor methods (#3165) 
* pkg/cwhub: simpler accessor methods

 - prefer higher level GetItemsByType, GetInstalledByType over GetItemMap
 - always send both appsec-rules and scenarios to api
 - explicit parameter for (case insensitive) sorted list of items
 - shorter code
 - assume itemType parameter makes sense, don't error

* lint (gofumpt)
 2024-08-22 12:12:40 +02:00
blotus
534fb14f7b
hide geoip related warnings (#3179) 2024-08-19 10:07:06 +02:00
blotus
a3d7900b5f
update expr (#3144) 2024-07-22 12:14:46 +02:00
mmetc
206211ce53
lint: import statement order (#3085) 
* lint: import statement order

* lint
 2024-06-26 12:16:17 +02:00
mmetc
4b988701ed
lint (intrange) (#2970) 2024-06-21 13:47:26 +02:00
mmetc
8a259fd25b
lint (copyloopvar) (#2971) 2024-06-20 22:13:26 +02:00
mmetc
659774fd3d
refactor: prefer logrus.WithField over WithFields with a single param (#3087) 2024-06-20 10:38:23 +02:00
mmetc
e6ebf7af22
enable linter: revive (superfluous-else) (#3082) 
* enable linter: revive (superfluous-else)

* lint (whitespace)
 2024-06-13 11:33:01 +02:00
mmetc
a529e66cd8
Typos (#3084) 
* comment fix

* redundancy

* typo nill -> nil

* remove extra newline from log
 2024-06-13 11:07:44 +02:00
mmetc
73792eacb6
refactor pkg/parser: extract processGrok (#3080) 
* pkg/parser: extract method processGrok()

* early return

* early return/2
 2024-06-12 11:49:19 +02:00
mmetc
ae58b158a5
enable linter: revive (var-declaration) (#3069) 2024-06-11 09:26:50 +02:00
mmetc
72b6da9925
enable linter: revive (early-return) (#3051) 
* enable linter: revive (early-return)

* lint
 2024-06-07 16:53:23 +02:00
mmetc
6ef2396c91
enable linter: revive (blank-imports) (#3062) 
* lint: revive (blank-imports) require a comment to justify blank imports

* typo
 2024-06-06 16:03:32 +02:00
mmetc
73e03ef556
lint: enable revive/if-return, revive/error-strings (#3057) 
* lint: enable revive/if-return, revive/error-strings

* lint
 2024-06-05 11:37:57 +02:00
mmetc
3dd17b9081
tests: log.Fatal -> return err (#3056) 
* tests: log.Fatal -> return err

* lint
 2024-06-05 11:04:54 +02:00
mmetc
7313d49145
enable linter: revive(bool-literal-in-expr) (#2983) 2024-06-04 09:47:25 +02:00
blotus
16bfab86c8
check type assertion in geoip enrichers (#3040) 2024-05-31 09:38:43 +02:00
blotus
f3341c1382
Appsec: properly populate event (#2943) 2024-05-27 10:15:38 +02:00
mmetc
1a4ac9d239
replace log.Fatal with error return (#2996) 
* log.Fatal -> fmt.Errorf

* lint
 2024-05-17 14:26:10 +02:00
mmetc
3788610aff
cscli: avoid global vars (#2977) 
* cscli: avoid global usage

This is required to make it possible to split the package

* lint (fmt.Errorf)
 2024-05-02 10:25:04 +02:00
mmetc
c4473839c4
Refact pkg/parser/node (#2953) 
* extract method processFilter()

* extract method processWhitelist()

* lint (whitespace, errors)
 2024-04-25 17:53:10 +02:00
Christian Kampka
f6bb8412c5
Add patterns_dir configuration option (#2868) 
* Add patterns_dir configuration option

* Update config.yaml

---------

Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
 2024-03-25 16:20:16 +01:00
mmetc
e976614645
cscli metrics: rename buckets -> scenarios (#2848) 
* cscli metrics: rename buckets -> scenarios
* update lint configuration
* lint
 2024-02-15 14:34:12 +01:00
Thibault "bui" Koechlin
3208a40ef3
Dedicated whitelist metrics (#2813) 
* add proper whitelist metrics : both its own table and an extension to acquis metrics to track discarded/whitelisted lines
 2024-02-06 18:04:17 +01:00
mmetc
f75cdeb239
lint: enalble linter "wastedassign" (#2772) 2024-01-24 17:31:11 +01:00
Laurence Jones
4df4e5b3bf
[parser/scenarios] defer yaml file closure (#2689) 
* Defer close the fd's
* Convert fatals into return with errors
 2024-01-17 12:09:01 +01:00
Thibault "bui" Koechlin
6ca053ca67
fix #2720 #2719 (#2724) 
* fix order of display of parsers

* add a --no-clean opt
 2024-01-15 09:16:03 +01:00
mmetc
ca784b147b
test and log fixes (#2690) 
* cscli inspect: suggest --diff if an item is tainted
* appropriate warning, or error if context configuration file is empty
* fix user/group lookup unit test
* fix: allow hub upgrade --force with local items
* fix pkg/parser lookup for 8.8.8.8
* fix func test
* fix hubtests: machines add --force
 2024-01-03 09:33:52 +01:00
mmetc
08694adf1b
lint (errorlint) (#2644) 2023-12-18 09:35:28 +01:00
Thibault "bui" Koechlin
8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00
mmetc
ffcab0b2bc
Refactor hub management and cscli commands (#2545) 2023-11-24 15:57:32 +01:00
Thibault "bui" Koechlin
1dcf9d1ae1
Improved expr debugger (#2495) 
* new expr debugger

---------

Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
 2023-11-24 11:10:54 +01:00
Laurence Jones
19de3a8a77
Runtime whitelist parsing improvement (#2422) 
* Improve whitelist parsing

* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist

* No point passing clog as an argument since it is just a pointer to node we already know about

* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs

* reimplement early return if expr errors

* Fix lint and dont need to parse ip back to string just loop over sources

* Log error with node logger as it provides context

* Move getsource to a function cleanup some code

* Change func name

* Split out compile to a function so we can use in tests. Add a bunch of tests

* spell correction

* Use node logger so it has context

* alternative solution

* quick fixes

* Use containswls

* Change whitelist test to use parseipsource and only events

* Make it simpler

* Postoverflow tests, some basic ones to make sure it works

* Use official pkg

* Add @mmetc reco

* Add @mmetc reco

* Change if if to a switch to only evaluate once

* simplify assertions

---------

Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-10-16 10:08:57 +01:00
Laurence Jones
ff7acd3347
Reset grokky once all patterns are compiled as we do not need to hold them in memoory (#2420) 2023-10-13 12:53:42 +01:00
Laurence Jones
64deeab1ec
Fix PO expr whitelist (#2471) 2023-09-19 12:51:03 +01:00
mmetc
d45bec4047
minor log message improvements (#2455) 2023-09-12 11:04:56 +02:00
Laurence Jones
86d9384954
Whitelist reason (#2439) 
* Update node.go

Dont update whitelist reason if event is whitelisted

* oops
 2023-08-23 14:51:37 +01:00
Laurence Jones
0334a9afe8
Add method name to child logger so we can see which function is erroring when in enrichers (#2411) 2023-08-08 13:38:11 +01:00
mmetc
ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
mmetc
a01ce18b98
replace imports of path with path/filepath (#2330) 2023-07-26 10:29:58 +02:00