* make it possible to enable json log
* fix
* fix typo
* fix typo
* fix typo
* fix typo
* fix typo
* fix typo
* Add error handling
* Add log_format to default config
* Fix syntax error in if statement
* Fix typo
* Fix typo
* Fix some typos and change naming from native to text, makes more sense
* Set same timestamp format for json logging
* Fix formatting
* Move in if statement under previous
* Fix some formatting that got messed up
* Default to text formatter, if log_format is not configured.
* defining logFormatter outside if statement so that log.SetFormatter(logFormatter) is not undefined when function is called
* Add variables that were undefined
* Argument were missing when calling SetDefaultLoggerConfig function
* Fix order of arguments passed
* Fix order of arguments passed
* Fix typo
* Implicit log_format = "text"
* functional test
* ignore log_format in FatalHook
* make it possible to enable json log
* fix
* fix typo
* fix typo
* fix typo
* fix typo
* fix typo
* fix typo
* Add error handling
* Add log_format to default config
* Fix syntax error in if statement
* Fix typo
* Fix typo
* Fix some typos and change naming from native to text, makes more sense
* Set same timestamp format for json logging
* Fix formatting
* Move in if statement under previous
* Fix some formatting that got messed up
* Default to text formatter, if log_format is not configured.
* defining logFormatter outside if statement so that log.SetFormatter(logFormatter) is not undefined when function is called
* Add variables that were undefined
* Argument were missing when calling SetDefaultLoggerConfig function
* Fix order of arguments passed
* Fix order of arguments passed
* Fix typo
* Implicit log_format = "text"
* functional test
* ignore log_format in FatalHook
* lint
* fix func test
* lint
* remove < > characters from log
---------
Co-authored-by: Victor Edvardsson <victor.edvardsson@loopia.se>
Co-authored-by: marco <marco@crowdsec.net>
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
- reverse actual and expected values
- use assert.False, assert.True
- use assert.Len, assert.Emtpy
- use require.Error, require.NoError
- use assert.InDelta
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)
The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)
---------
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* Improve whitelist parsing
* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist
* No point passing clog as an argument since it is just a pointer to node we already know about
* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs
* reimplement early return if expr errors
* Fix lint and dont need to parse ip back to string just loop over sources
* Log error with node logger as it provides context
* Move getsource to a function cleanup some code
* Change func name
* Split out compile to a function so we can use in tests. Add a bunch of tests
* spell correction
* Use node logger so it has context
* alternative solution
* quick fixes
* Use containswls
* Change whitelist test to use parseipsource and only events
* Make it simpler
* Postoverflow tests, some basic ones to make sure it works
* Use official pkg
* Add @mmetc reco
* Add @mmetc reco
* Change if if to a switch to only evaluate once
* simplify assertions
---------
Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
The lumberjack package fixed the issue in natefinch/lumberjack#83 (tested with umask 002) and this code is now redundant since we updated the dependency to v2.2.1.
* properly update the time structure within event to ensure it works in time-machine
* move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
* v3 model generation
* v3 model generation
* comms
* fixes after master merge
* missing reader close
* use constants defined for types
---------
Co-authored-by: bui <thibault@crowdsec.net>
