move cti expr helper to pkg/cticlient (#3696)

* move cti expr helper to pkg/cticlient
* move cti expr helper to pkg/cticlient/ctiexpr

thus removing the extra dependency on pkg/database which made the plugin binaries double in size from 1.6.3 to 1.6.4

Author: mmetc

cmd/crowdsec-cli/clinotifications/notifications.go

@@ -30,6 +30,7 @@ import (
 	"github.com/crowdsecurity/crowdsec/pkg/csconfig"
 	"github.com/crowdsecurity/crowdsec/pkg/csplugin"
 	"github.com/crowdsecurity/crowdsec/pkg/csprofiles"
+	"github.com/crowdsecurity/crowdsec/pkg/cticlient/ctiexpr"
 	"github.com/crowdsecurity/crowdsec/pkg/database"
 	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
 	"github.com/crowdsecurity/crowdsec/pkg/models"
@@ -291,7 +292,7 @@ func (cli *cliNotifications) newTestCmd() *cobra.Command {
 
 			if cfg.API.CTI != nil && cfg.API.CTI.Enabled != nil && *cfg.API.CTI.Enabled {
 				log.Infof("Crowdsec CTI helper enabled")
-				if err := exprhelpers.InitCrowdsecCTI(cfg.API.CTI.Key, cfg.API.CTI.CacheTimeout, cfg.API.CTI.CacheSize, cfg.API.CTI.LogLevel); err != nil {
+				if err := ctiexpr.InitCrowdsecCTI(cfg.API.CTI.Key, cfg.API.CTI.CacheTimeout, cfg.API.CTI.CacheSize, cfg.API.CTI.LogLevel); err != nil {
 					log.Errorf("failed to init crowdsec cti: %s", err)
 				}
 			}
@@ -419,7 +420,7 @@ cscli notifications reinject <alert_id> -a '{"remediation": true,"scenario":"not
 
 			if cfg.API.CTI != nil && cfg.API.CTI.Enabled != nil && *cfg.API.CTI.Enabled {
 				log.Infof("Crowdsec CTI helper enabled")
-				if err := exprhelpers.InitCrowdsecCTI(cfg.API.CTI.Key, cfg.API.CTI.CacheTimeout, cfg.API.CTI.CacheSize, cfg.API.CTI.LogLevel); err != nil {
+				if err := ctiexpr.InitCrowdsecCTI(cfg.API.CTI.Key, cfg.API.CTI.CacheTimeout, cfg.API.CTI.CacheSize, cfg.API.CTI.LogLevel); err != nil {
 					log.Errorf("failed to init crowdsec cti: %s", err)
 				}
 			}

cmd/crowdsec/serve.go

@@ -17,6 +17,7 @@ import (
 
 	"github.com/crowdsecurity/crowdsec/pkg/apiclient"
 	"github.com/crowdsecurity/crowdsec/pkg/csconfig"
+	"github.com/crowdsecurity/crowdsec/pkg/cticlient/ctiexpr"
 	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
 	"github.com/crowdsecurity/crowdsec/pkg/database"
 	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
@@ -323,16 +324,20 @@ func HandleSignals(cConfig *csconfig.Config) error {
 	if err == nil {
 		log.Warning("Crowdsec service shutting down")
 	}
+
 	if cConfig.API != nil && cConfig.API.Client != nil && cConfig.API.Client.UnregisterOnExit {
 		log.Warning("Unregistering watcher")
+
 		lapiClient, err := apiclient.GetLAPIClient()
 		if err != nil {
 			return err
 		}
+
 		_, err = lapiClient.Auth.UnregisterWatcher(context.TODO())
 		if err != nil {
 			return fmt.Errorf("failed to unregister watcher: %w", err)
 		}
+
 		log.Warning("Watcher unregistered")
 	}
 
@@ -373,7 +378,7 @@ func Serve(cConfig *csconfig.Config, agentReady chan bool) error {
 	if cConfig.API.CTI != nil && cConfig.API.CTI.Enabled != nil && *cConfig.API.CTI.Enabled {
 		log.Infof("Crowdsec CTI helper enabled")
 
-		if err := exprhelpers.InitCrowdsecCTI(cConfig.API.CTI.Key, cConfig.API.CTI.CacheTimeout, cConfig.API.CTI.CacheSize, cConfig.API.CTI.LogLevel); err != nil {
+		if err := ctiexpr.InitCrowdsecCTI(cConfig.API.CTI.Key, cConfig.API.CTI.CacheTimeout, cConfig.API.CTI.CacheSize, cConfig.API.CTI.LogLevel); err != nil {
 			return fmt.Errorf("failed to init crowdsec cti: %w", err)
 		}
 	}

pkg/csplugin/helpers.go

@@ -7,7 +7,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
+	"github.com/crowdsecurity/crowdsec/pkg/cticlient/ctiexpr"
 	"github.com/crowdsecurity/crowdsec/pkg/models"
 )
 
@@ -24,7 +24,7 @@ var helpers = template.FuncMap{
 		return metaValues
 	},
 	"CrowdsecCTI": func(x string) any {
-		ret, err := exprhelpers.CrowdsecCTI(x)
+		ret, err := ctiexpr.CrowdsecCTI(x)
 		if err != nil {
 			log.Warningf("error while calling CrowdsecCTI : %s", err)
 		}

pkg/exprhelpers/crowdsec_cti.go renamed to pkg/cticlient/ctiexpr/expr.go

@@ -1,4 +1,4 @@
-package exprhelpers
+package ctiexpr
 
 import (
 	"errors"
@@ -34,30 +34,39 @@ func InitCrowdsecCTI(key *string, ttl *time.Duration, size *int, logLevel *log.L
 		log.Warningf("CTI API key not set or empty, CTI will not be available")
 		return cticlient.ErrDisabled
 	}
+
 	CTIApiKey = *key
+
 	if size == nil {
 		size = new(int)
 		*size = 1000
 	}
+
 	if ttl == nil {
 		ttl = new(time.Duration)
 		*ttl = 5 * time.Minute
 	}
+
 	clog := log.New()
 	if err := types.ConfigureLogger(clog, logLevel); err != nil {
 		return fmt.Errorf("while configuring datasource logger: %w", err)
 	}
+
 	subLogger := clog.WithField("type", "crowdsec-cti")
+
 	CrowdsecCTIInitCache(*size, *ttl)
+
 	ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(CTIApiKey), cticlient.WithLogger(subLogger))
 	CTIApiEnabled = true
+
 	return nil
 }
 
 func ShutdownCrowdsecCTI() {
 	if CTICache != nil {
 		CTICache.Purge()
 	}
+
 	CTIApiKey = ""
 	CTIApiEnabled = false
 }
@@ -76,31 +85,39 @@ func CrowdsecCTIInitCache(size int, ttl time.Duration) {
 // func CrowdsecCTI(ip string) (*cticlient.SmokeItem, error) {
 func CrowdsecCTI(params ...any) (any, error) {
 	var ip string
+
 	if !CTIApiEnabled {
 		return &cticlient.SmokeItem{}, cticlient.ErrDisabled
 	}
+
 	var ok bool
+
 	if ip, ok = params[0].(string); !ok {
 		return &cticlient.SmokeItem{}, fmt.Errorf("invalid type for ip : %T", params[0])
 	}
 
 	if val, err := CTICache.Get(ip); err == nil && val != nil {
 		ctiClient.Logger.Debugf("cti cache fetch for %s", ip)
+
 		ret, ok := val.(*cticlient.SmokeItem)
 		if ok {
 			return ret, nil
 		}
+
 		ctiClient.Logger.Warningf("CrowdsecCTI: invalid type in cache, removing")
+
 		CTICache.Remove(ip)
 	}
 
 	if !CTIBackOffUntil.IsZero() && time.Now().Before(CTIBackOffUntil) {
-		//ctiClient.Logger.Warningf("Crowdsec CTI client is in backoff mode, ending in %s", time.Until(CTIBackOffUntil))
+		// ctiClient.Logger.Warningf("Crowdsec CTI client is in backoff mode, ending in %s", time.Until(CTIBackOffUntil))
 		return &cticlient.SmokeItem{}, cticlient.ErrLimit
 	}
 
 	ctiClient.Logger.Infof("cti call for %s", ip)
+
 	before := time.Now()
+
 	ctiResp, err := ctiClient.GetIPInfo(ip)
 	ctiClient.Logger.Debugf("request for %s took %v", ip, time.Since(before))
 	if err != nil {

pkg/exprhelpers/crowdsec_cti_test.go renamed to pkg/cticlient/ctiexpr/expr_test.go

@@ -1,4 +1,4 @@
-package exprhelpers
+package ctiexpr
 
 import (
 	"bytes"
@@ -18,8 +18,18 @@ import (
 	"github.com/crowdsecurity/crowdsec/pkg/cticlient"
 )
 
+const validApiKey = "my-api-key"
+
+// RoundTripFunc .
+type RoundTripFunc func(req *http.Request) *http.Response
+
+// RoundTrip .
+func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
+	return f(req), nil
+}
+
 var sampledata = map[string]cticlient.SmokeItem{
-	//1.2.3.4 is a known false positive
+	// 1.2.3.4 is a known false positive
 	"1.2.3.4": {
 		Ip: "1.2.3.4",
 		Classifications: cticlient.CTIClassifications{
@@ -31,7 +41,7 @@ var sampledata = map[string]cticlient.SmokeItem{
 			},
 		},
 	},
-	//1.2.3.5 is a known bad-guy, and part of FIRE
+	// 1.2.3.5 is a known bad-guy, and part of FIRE
 	"1.2.3.5": {
 		Ip: "1.2.3.5",
 		Classifications: cticlient.CTIClassifications{
@@ -44,7 +54,7 @@ var sampledata = map[string]cticlient.SmokeItem{
 			},
 		},
 	},
-	//1.2.3.6 is a bad guy (high bg noise), but not in FIRE
+	// 1.2.3.6 is a bad guy (high bg noise), but not in FIRE
 	"1.2.3.6": {
 		Ip:                   "1.2.3.6",
 		BackgroundNoiseScore: new(int),
@@ -56,18 +66,10 @@ var sampledata = map[string]cticlient.SmokeItem{
 			{Name: "crowdsecurity/ssh-slow-bf", Label: "Example Attack"},
 		},
 	},
-	//1.2.3.7 is a ok guy, but part of a bad range
+	// 1.2.3.7 is a ok guy, but part of a bad range
 	"1.2.3.7": {},
 }
 
-const validApiKey = "my-api-key"
-
-type RoundTripFunc func(req *http.Request) *http.Response
-
-func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return f(req), nil
-}
-
 func smokeHandler(req *http.Request) *http.Response {
 	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
@@ -127,7 +129,7 @@ func TestInvalidAuth(t *testing.T) {
 	if err := InitCrowdsecCTI(ptr.Of("asdasd"), nil, nil, nil); err != nil {
 		t.Fatalf("failed to init CTI : %s", err)
 	}
-	//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
+	// Replace the client created by InitCrowdsecCTI with one that uses a custom transport
 	ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{
 		Transport: RoundTripFunc(smokeHandler),
 	}))
@@ -137,7 +139,7 @@ func TestInvalidAuth(t *testing.T) {
 	assert.False(t, CTIApiEnabled)
 	assert.Equal(t, err, cticlient.ErrUnauthorized)
 
-	//CTI is now disabled, all requests should return empty
+	// CTI is now disabled, all requests should return empty
 	ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{
 		Transport: RoundTripFunc(smokeHandler),
 	}))
@@ -153,7 +155,7 @@ func TestNoKey(t *testing.T) {
 
 	err := InitCrowdsecCTI(nil, nil, nil, nil)
 	require.ErrorIs(t, err, cticlient.ErrDisabled)
-	//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
+	// Replace the client created by InitCrowdsecCTI with one that uses a custom transport
 	ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey("asdasd"), cticlient.WithHTTPClient(&http.Client{
 		Transport: RoundTripFunc(smokeHandler),
 	}))
@@ -171,7 +173,7 @@ func TestCache(t *testing.T) {
 	if err := InitCrowdsecCTI(ptr.Of(validApiKey), &cacheDuration, nil, nil); err != nil {
 		t.Fatalf("failed to init CTI : %s", err)
 	}
-	//Replace the client created by InitCrowdsecCTI with one that uses a custom transport
+	// Replace the client created by InitCrowdsecCTI with one that uses a custom transport
 	ctiClient = cticlient.NewCrowdsecCTIClient(cticlient.WithAPIKey(validApiKey), cticlient.WithHTTPClient(&http.Client{
 		Transport: RoundTripFunc(smokeHandler),
 	}))