diff --git a/cmd/crowdsec/crowdsec.go b/cmd/crowdsec/crowdsec.go index 36d1fec9266..a723c34f818 100644 --- a/cmd/crowdsec/crowdsec.go +++ b/cmd/crowdsec/crowdsec.go @@ -61,7 +61,7 @@ func initCrowdsec(ctx context.Context, cConfig *csconfig.Config, hub *cwhub.Hub, } } - datasources, err := LoadAcquisition(ctx, cConfig) + datasources, err := LoadAcquisition(ctx, cConfig, hub) if err != nil { return nil, nil, fmt.Errorf("while loading acquisition config: %w", err) } diff --git a/cmd/crowdsec/main.go b/cmd/crowdsec/main.go index b6fcfb187cc..2522711c2d0 100644 --- a/cmd/crowdsec/main.go +++ b/cmd/crowdsec/main.go @@ -75,18 +75,18 @@ func LoadBuckets(cConfig *csconfig.Config, hub *cwhub.Hub) error { return nil } -func LoadAcquisition(ctx context.Context, cConfig *csconfig.Config) ([]acquisition.DataSource, error) { +func LoadAcquisition(ctx context.Context, cConfig *csconfig.Config, hub *cwhub.Hub) ([]acquisition.DataSource, error) { if flags.SingleFileType != "" && flags.OneShotDSN != "" { flags.Labels = additionalLabels flags.Labels["type"] = flags.SingleFileType - ds, err := acquisition.LoadAcquisitionFromDSN(ctx, flags.OneShotDSN, flags.Labels, flags.Transform) + ds, err := acquisition.LoadAcquisitionFromDSN(ctx, flags.OneShotDSN, flags.Labels, flags.Transform, hub) if err != nil { return nil, err } dataSources = append(dataSources, ds) } else { - dss, err := acquisition.LoadAcquisitionFromFiles(ctx, cConfig.Crowdsec, cConfig.Prometheus) + dss, err := acquisition.LoadAcquisitionFromFiles(ctx, cConfig.Crowdsec, cConfig.Prometheus, hub) if err != nil { return nil, err } diff --git a/pkg/acquisition/acquisition.go b/pkg/acquisition/acquisition.go index 636027acb4a..770e8a16dc7 100644 --- a/pkg/acquisition/acquisition.go +++ b/pkg/acquisition/acquisition.go @@ -27,6 +27,7 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/acquisition/configuration" "github.com/crowdsecurity/crowdsec/pkg/csconfig" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" "github.com/crowdsecurity/crowdsec/pkg/cwversion/component" "github.com/crowdsecurity/crowdsec/pkg/exprhelpers" "github.com/crowdsecurity/crowdsec/pkg/logging" @@ -115,6 +116,14 @@ type DSNConfigurer interface { ConfigureByDSN(ctx context.Context, dsn string, labels map[string]string, logger *log.Entry, uniqueID string) error } +type LAPIClientAware interface { + SetClientConfig(config *csconfig.LocalApiClientCfg) +} + +type HubAware interface { + SetHub(hub *cwhub.Hub) +} + var ( // We register the datasources at init time so we can tell if they are unsupported, or excluded from the build AcquisitionSources = map[string]func() DataSource{} @@ -157,7 +166,7 @@ func registerDataSource(dataSourceType string, dsGetter func() DataSource) { // if the configuration is not valid it returns an error. // If the datasource can't be run (eg. journalctl not available), it still returns an error which // can be checked for the appropriate action. -func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSourceCommonCfg, yamlConfig []byte, metricsLevel metrics.AcquisitionMetricsLevel) (DataSource, error) { +func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSourceCommonCfg, yamlConfig []byte, metricsLevel metrics.AcquisitionMetricsLevel, hub *cwhub.Hub) (DataSource, error) { dataSrc, err := GetDataSourceIface(commonConfig.Source) if err != nil { return nil, err @@ -177,6 +186,15 @@ func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSou subLogger.Info("Configuring datasource") + if hubAware, ok := dataSrc.(HubAware); ok { + hubAware.SetHub(hub) + } + + if lapiClientAware, ok := dataSrc.(LAPIClientAware); ok { + cConfig := csconfig.GetConfig() + lapiClientAware.SetClientConfig(cConfig.API.Client) + } + /* configure the actual datasource */ if err := dataSrc.Configure(ctx, yamlConfig, subLogger, metricsLevel); err != nil { return nil, err @@ -185,7 +203,7 @@ func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSou return dataSrc, nil } -func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]string, transformExpr string) (DataSource, error) { +func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]string, transformExpr string, hub *cwhub.Hub) (DataSource, error) { frags := strings.Split(dsn, ":") if len(frags) == 1 { return nil, fmt.Errorf("%s is not a valid dsn (no protocol)", dsn) @@ -207,6 +225,15 @@ func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]s transformRuntimes[uniqueID] = vm } + if hubAware, ok := dataSrc.(HubAware); ok { + hubAware.SetHub(hub) + } + + if lapiClientAware, ok := dataSrc.(LAPIClientAware); ok { + cConfig := csconfig.GetConfig() + lapiClientAware.SetClientConfig(cConfig.API.Client) + } + dsnConf, ok := dataSrc.(DSNConfigurer) if !ok { return nil, fmt.Errorf("%s datasource does not support command-line acquisition", frags[0]) @@ -272,7 +299,7 @@ func detectType(r io.Reader) (string, error) { } // sourcesFromFile reads and parses one acquisition file into DataSources. -func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metrics.AcquisitionMetricsLevel) ([]DataSource, error) { +func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metrics.AcquisitionMetricsLevel, hub *cwhub.Hub) ([]DataSource, error) { var sources []DataSource log.Infof("loading acquisition file : %s", acquisFile) @@ -356,7 +383,7 @@ func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metric uniqueID := uuid.NewString() sub.UniqueId = uniqueID - src, err := DataSourceConfigure(ctx, sub, yamlDoc, metricsLevel) + src, err := DataSourceConfigure(ctx, sub, yamlDoc, metricsLevel, hub) if err != nil { var dserr *DataSourceUnavailableError if errors.As(err, &dserr) { @@ -383,13 +410,13 @@ func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metric } // LoadAcquisitionFromFiles unmarshals the configuration item and checks its availability -func LoadAcquisitionFromFiles(ctx context.Context, config *csconfig.CrowdsecServiceCfg, prom *csconfig.PrometheusCfg) ([]DataSource, error) { +func LoadAcquisitionFromFiles(ctx context.Context, config *csconfig.CrowdsecServiceCfg, prom *csconfig.PrometheusCfg, hub *cwhub.Hub) ([]DataSource, error) { var allSources []DataSource metricsLevel := GetMetricsLevelFromPromCfg(prom) for _, acquisFile := range config.AcquisitionFiles { - sources, err := sourcesFromFile(ctx, acquisFile, metricsLevel) + sources, err := sourcesFromFile(ctx, acquisFile, metricsLevel, hub) if err != nil { return nil, err } diff --git a/pkg/acquisition/acquisition_test.go b/pkg/acquisition/acquisition_test.go index 4cb22de3652..2f782c7a39f 100644 --- a/pkg/acquisition/acquisition_test.go +++ b/pkg/acquisition/acquisition_test.go @@ -18,6 +18,7 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/acquisition/configuration" "github.com/crowdsecurity/crowdsec/pkg/csconfig" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" "github.com/crowdsecurity/crowdsec/pkg/metrics" "github.com/crowdsecurity/crowdsec/pkg/pipeline" ) @@ -181,7 +182,8 @@ filename: foo.log common := configuration.DataSourceCommonCfg{} err := yaml.Unmarshal([]byte(tc.String), &common) require.NoError(t, err) - ds, err := DataSourceConfigure(ctx, common, []byte(tc.String), metrics.AcquisitionMetricsLevelNone) + hub := cwhub.Hub{} + ds, err := DataSourceConfigure(ctx, common, []byte(tc.String), metrics.AcquisitionMetricsLevelNone, &hub) cstest.RequireErrorContains(t, err, tc.ExpectedError) if tc.ExpectedError != "" { @@ -292,7 +294,8 @@ func TestLoadAcquisitionFromFiles(t *testing.T) { } for _, tc := range tests { t.Run(tc.TestName, func(t *testing.T) { - dss, err := LoadAcquisitionFromFiles(ctx, &tc.Config, nil) + hub := cwhub.Hub{} + dss, err := LoadAcquisitionFromFiles(ctx, &tc.Config, nil, &hub) cstest.RequireErrorContains(t, err, tc.ExpectedError) if tc.ExpectedError != "" { @@ -552,7 +555,8 @@ func TestConfigureByDSN(t *testing.T) { for _, tc := range tests { t.Run(tc.dsn, func(t *testing.T) { - source, err := LoadAcquisitionFromDSN(ctx, tc.dsn, map[string]string{"type": "test_label"}, "") + hub := cwhub.Hub{} + source, err := LoadAcquisitionFromDSN(ctx, tc.dsn, map[string]string{"type": "test_label"}, "", &hub) cstest.RequireErrorContains(t, err, tc.ExpectedError) if tc.ExpectedError != "" { diff --git a/pkg/acquisition/appsec.go b/pkg/acquisition/appsec.go index 0f3edd4266c..f2f93aad264 100644 --- a/pkg/acquisition/appsec.go +++ b/pkg/acquisition/appsec.go @@ -11,6 +11,8 @@ var ( _ DataSource = (*appsecacquisition.Source)(nil) _ Tailer = (*appsecacquisition.Source)(nil) _ MetricsProvider = (*appsecacquisition.Source)(nil) + _ HubAware = (*appsecacquisition.Source)(nil) + _ LAPIClientAware = (*appsecacquisition.Source)(nil) ) //nolint:gochecknoinits diff --git a/pkg/acquisition/modules/appsec/appsec_hooks_test.go b/pkg/acquisition/modules/appsec/appsec_hooks_test.go index 5c131b02681..d64b0f10090 100644 --- a/pkg/acquisition/modules/appsec/appsec_hooks_test.go +++ b/pkg/acquisition/modules/appsec/appsec_hooks_test.go @@ -407,11 +407,8 @@ func TestAppsecOnMatchHooks(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } func TestAppsecPreEvalHooks(t *testing.T) { @@ -824,11 +821,7 @@ func TestAppsecPreEvalHooks(t *testing.T) { }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + runTests(t, tests) } func TestAppsecRemediationConfigHooks(t *testing.T) { @@ -917,11 +910,7 @@ func TestAppsecRemediationConfigHooks(t *testing.T) { }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + runTests(t, tests) } func TestOnMatchRemediationHooks(t *testing.T) { @@ -1090,9 +1079,6 @@ func TestOnMatchRemediationHooks(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/appsec_lnx_test.go b/pkg/acquisition/modules/appsec/appsec_lnx_test.go index a5707805df1..4ba15847b08 100644 --- a/pkg/acquisition/modules/appsec/appsec_lnx_test.go +++ b/pkg/acquisition/modules/appsec/appsec_lnx_test.go @@ -69,9 +69,6 @@ func TestAppsecRuleTransformsOthers(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/appsec_remediation_test.go b/pkg/acquisition/modules/appsec/appsec_remediation_test.go index 70831003f12..a5531b669fc 100644 --- a/pkg/acquisition/modules/appsec/appsec_remediation_test.go +++ b/pkg/acquisition/modules/appsec/appsec_remediation_test.go @@ -149,11 +149,8 @@ func TestAppsecDefaultPassRemediation(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } func TestAppsecDefaultRemediation(t *testing.T) { @@ -322,9 +319,5 @@ func TestAppsecDefaultRemediation(t *testing.T) { }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/appsec_rules_test.go b/pkg/acquisition/modules/appsec/appsec_rules_test.go index 1f3d7615922..04c1edc21d6 100644 --- a/pkg/acquisition/modules/appsec/appsec_rules_test.go +++ b/pkg/acquisition/modules/appsec/appsec_rules_test.go @@ -418,11 +418,7 @@ toto }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + runTests(t, tests) } func TestAppsecRuleTransforms(t *testing.T) { @@ -633,11 +629,8 @@ func TestAppsecRuleTransforms(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } func TestAppsecRuleZones(t *testing.T) { @@ -947,9 +940,6 @@ func TestAppsecRuleZones(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/appsec_runner_test.go b/pkg/acquisition/modules/appsec/appsec_runner_test.go index 38d8bbe431f..fd6a8fa010b 100644 --- a/pkg/acquisition/modules/appsec/appsec_runner_test.go +++ b/pkg/acquisition/modules/appsec/appsec_runner_test.go @@ -66,11 +66,8 @@ func TestAppsecConflictRuleLoad(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } func TestAppsecRuleLoad(t *testing.T) { @@ -200,9 +197,6 @@ func TestAppsecRuleLoad(t *testing.T) { }, }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/appsec_test.go b/pkg/acquisition/modules/appsec/appsec_test.go index e0bb9c9781d..bf77a2340be 100644 --- a/pkg/acquisition/modules/appsec/appsec_test.go +++ b/pkg/acquisition/modules/appsec/appsec_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" "github.com/crowdsecurity/crowdsec/pkg/apiclient" "github.com/crowdsecurity/crowdsec/pkg/appsec" "github.com/crowdsecurity/crowdsec/pkg/appsec/allowlists" @@ -58,7 +59,15 @@ func setupWithPrefix(urlPrefix string) (*http.ServeMux, string, func()) { return mux, server.URL, server.Close } -func loadAppSecEngine(test appsecRuleTest, t *testing.T) { +func runTests(t *testing.T, tests []appsecRuleTest) { + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + testAppSecEngine(t, test) + }) + } +} + +func testAppSecEngine(t *testing.T, test appsecRuleTest) { if testing.Verbose() { log.SetLevel(log.TraceLevel) } else { @@ -105,7 +114,9 @@ func loadAppSecEngine(test appsecRuleTest, t *testing.T) { DefaultRemediation: test.DefaultRemediation, DefaultPassAction: test.DefaultPassAction, } - AppsecRuntime, err := appsecCfg.Build() + + hub := cwhub.Hub{} + AppsecRuntime, err := appsecCfg.Build(&hub) if err != nil { t.Fatalf("unable to build appsec runtime : %s", err) } diff --git a/pkg/acquisition/modules/appsec/appsec_win_test.go b/pkg/acquisition/modules/appsec/appsec_win_test.go index 384db09d0ed..2967a572676 100644 --- a/pkg/acquisition/modules/appsec/appsec_win_test.go +++ b/pkg/acquisition/modules/appsec/appsec_win_test.go @@ -37,9 +37,6 @@ func TestAppsecRuleTransformsWindows(t *testing.T) { // }, // }, } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - loadAppSecEngine(test, t) - }) - } + + runTests(t, tests) } diff --git a/pkg/acquisition/modules/appsec/config.go b/pkg/acquisition/modules/appsec/config.go index daff5b09307..6669eaa8832 100644 --- a/pkg/acquisition/modules/appsec/config.go +++ b/pkg/acquisition/modules/appsec/config.go @@ -20,7 +20,6 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/apiclient/useragent" "github.com/crowdsecurity/crowdsec/pkg/appsec" "github.com/crowdsecurity/crowdsec/pkg/appsec/allowlists" - "github.com/crowdsecurity/crowdsec/pkg/csconfig" "github.com/crowdsecurity/crowdsec/pkg/metrics" ) @@ -91,10 +90,6 @@ func (w *Source) UnmarshalConfig(yamlConfig []byte) error { } } - csConfig := csconfig.GetConfig() - w.lapiURL = fmt.Sprintf("%sv1/decisions/stream", csConfig.API.Client.Credentials.URL) - w.AuthCache = NewAuthCache() - return nil } @@ -121,11 +116,21 @@ func loadCertPool(caCertPath string, logger log.FieldLogger) (*x509.CertPool, er } func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Entry, _ metrics.AcquisitionMetricsLevel) error { - err := w.UnmarshalConfig(yamlConfig) - if err != nil { + if w.hub == nil { + return errors.New("appsec datasource requires a hub. this is a bug, please report") + } + + if w.lapiClientConfig == nil { + return errors.New("appsec datasource requires a lapi client configuration. this is a bug, please report") + } + + if err := w.UnmarshalConfig(yamlConfig); err != nil { return fmt.Errorf("unable to parse appsec configuration: %w", err) } + w.lapiURL = fmt.Sprintf("%sv1/decisions/stream", w.lapiClientConfig.Credentials.URL) + w.AuthCache = NewAuthCache() + w.logger = logger w.logger.Tracef("Appsec configuration: %+v", w.config) @@ -154,16 +159,16 @@ func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Ent // let's load the associated appsec_config: if w.config.AppsecConfigPath != "" { - if err = appsecCfg.LoadByPath(w.config.AppsecConfigPath); err != nil { + if err := appsecCfg.LoadByPath(w.config.AppsecConfigPath); err != nil { return fmt.Errorf("unable to load appsec_config: %w", err) } } else if w.config.AppsecConfig != "" { - if err = appsecCfg.Load(w.config.AppsecConfig); err != nil { + if err := appsecCfg.Load(w.config.AppsecConfig, w.hub); err != nil { return fmt.Errorf("unable to load appsec_config: %w", err) } } else if len(w.config.AppsecConfigs) > 0 { for _, appsecConfig := range w.config.AppsecConfigs { - if err = appsecCfg.Load(appsecConfig); err != nil { + if err := appsecCfg.Load(appsecConfig, w.hub); err != nil { return fmt.Errorf("unable to load appsec_config: %w", err) } } @@ -174,11 +179,13 @@ func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Ent // Now we can set up the logger appsecCfg.SetUpLogger() - w.AppsecRuntime, err = appsecCfg.Build() + appsecRuntime, err := appsecCfg.Build(w.hub) if err != nil { return fmt.Errorf("unable to build appsec_config: %w", err) } + w.AppsecRuntime = appsecRuntime + err = w.AppsecRuntime.ProcessOnLoadRules() if err != nil { return fmt.Errorf("unable to process on load rules: %w", err) @@ -202,7 +209,7 @@ func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Ent appsecAllowlistsClient: w.appsecAllowlistClient, } - if err = runner.Init(appsecCfg.GetDataDir()); err != nil { + if err = runner.Init(w.hub.GetDataDir()); err != nil { return fmt.Errorf("unable to initialize runner: %w", err) } @@ -214,12 +221,10 @@ func (w *Source) Configure(_ context.Context, yamlConfig []byte, logger *log.Ent // We donĀ“t use the wrapper provided by coraza because we want to fully control what happens when a rule match to send the information in crowdsec w.mux.HandleFunc(w.config.Path, w.appsecHandler) - csConfig := csconfig.GetConfig() - caCertPath := "" - if csConfig.API.Client != nil && csConfig.API.Client.Credentials != nil { - caCertPath = csConfig.API.Client.Credentials.CACertPath + if w.lapiClientConfig != nil && w.lapiClientConfig.Credentials != nil { + caCertPath = w.lapiClientConfig.Credentials.CACertPath } w.lapiCACertPool, err = loadCertPool(caCertPath, w.logger) diff --git a/pkg/acquisition/modules/appsec/run.go b/pkg/acquisition/modules/appsec/run.go index c839538446e..653815085f2 100644 --- a/pkg/acquisition/modules/appsec/run.go +++ b/pkg/acquisition/modules/appsec/run.go @@ -120,12 +120,12 @@ func (w *Source) listenAndServe(ctx context.Context, t *tomb.Tomb) error { } func (w *Source) StreamingAcquisition(ctx context.Context, out chan pipeline.Event, t *tomb.Tomb) error { - apiClient, err := apiclient.GetLAPIClient() + lapiClient, err := apiclient.GetLAPIClient() if err != nil { return fmt.Errorf("unable to get authenticated LAPI client: %w", err) } - err = w.appsecAllowlistClient.Start(ctx, apiClient) + err = w.appsecAllowlistClient.Start(ctx, lapiClient) if err != nil { w.logger.Errorf("failed to fetch allowlists for appsec, disabling them: %s", err) } else { diff --git a/pkg/acquisition/modules/appsec/source.go b/pkg/acquisition/modules/appsec/source.go index 7deaab12f55..6262978cdcd 100644 --- a/pkg/acquisition/modules/appsec/source.go +++ b/pkg/acquisition/modules/appsec/source.go @@ -10,10 +10,14 @@ import ( "github.com/crowdsecurity/crowdsec/pkg/appsec" "github.com/crowdsecurity/crowdsec/pkg/appsec/allowlists" + "github.com/crowdsecurity/crowdsec/pkg/csconfig" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" ) type Source struct { config Configuration + hub *cwhub.Hub + lapiClientConfig *csconfig.LocalApiClientCfg logger *log.Entry mux *http.ServeMux server *http.Server @@ -61,6 +65,14 @@ func (ac *AuthCache) Delete(apiKey string) { ac.mu.Unlock() } +func (w *Source) SetClientConfig(config *csconfig.LocalApiClientCfg) { + w.lapiClientConfig = config +} + +func (w *Source) SetHub(hub *cwhub.Hub) { + w.hub = hub +} + func (w *Source) GetMode() string { return w.config.Mode } diff --git a/pkg/appsec/appsec.go b/pkg/appsec/appsec.go index 741b9893a2b..acb2d9ed65c 100644 --- a/pkg/appsec/appsec.go +++ b/pkg/appsec/appsec.go @@ -348,7 +348,7 @@ func (wc *AppsecConfig) LoadByPath(file string) error { return nil } -func (wc *AppsecConfig) Load(configName string) error { +func (wc *AppsecConfig) Load(configName string, hub *cwhub.Hub) error { item := hub.GetItem(cwhub.APPSEC_CONFIGS, configName) if item != nil && item.State.IsInstalled() { @@ -365,11 +365,7 @@ func (wc *AppsecConfig) Load(configName string) error { return fmt.Errorf("no appsec-config found for %s", configName) } -func (*AppsecConfig) GetDataDir() string { - return hub.GetDataDir() -} - -func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) { +func (wc *AppsecConfig) Build(hub *cwhub.Hub) (*AppsecRuntimeConfig, error) { ret := &AppsecRuntimeConfig{Logger: wc.Logger.WithField("component", "appsec_runtime_config")} if wc.BouncerBlockedHTTPCode == 0 { @@ -413,7 +409,7 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) { for _, rule := range wc.OutOfBandRules { wc.Logger.Infof("loading outofband rule %s", rule) - collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader")) + collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"), hub) if err != nil { return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err) } @@ -426,7 +422,7 @@ func (wc *AppsecConfig) Build() (*AppsecRuntimeConfig, error) { for _, rule := range wc.InBandRules { wc.Logger.Infof("loading inband rule %s", rule) - collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader")) + collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"), hub) if err != nil { return nil, fmt.Errorf("unable to load inband rule %s : %s", rule, err) } diff --git a/pkg/appsec/appsec_rules_collection.go b/pkg/appsec/appsec_rules_collection.go index dccbdd506b6..41c0b122982 100644 --- a/pkg/appsec/appsec_rules_collection.go +++ b/pkg/appsec/appsec_rules_collection.go @@ -9,6 +9,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/crowdsecurity/crowdsec/pkg/appsec/appsec_rule" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" "github.com/crowdsecurity/crowdsec/pkg/exprhelpers" ) @@ -48,7 +49,7 @@ type RulesDetails struct { // Is using the id is a good idea ? might be too specific to coraza and not easily reusable var AppsecRulesDetails = make(map[int]RulesDetails) -func LoadCollection(pattern string, logger *log.Entry) ([]AppsecCollection, error) { +func LoadCollection(pattern string, logger *log.Entry, hub *cwhub.Hub) ([]AppsecCollection, error) { ret := make([]AppsecCollection, 0) for _, appsecRule := range appsecRules { diff --git a/pkg/appsec/loader.go b/pkg/appsec/loader.go index e83cab17b5a..3a4e2ffaead 100644 --- a/pkg/appsec/loader.go +++ b/pkg/appsec/loader.go @@ -12,10 +12,7 @@ import ( var appsecRules = make(map[string]AppsecCollectionConfig) // FIXME: would probably be better to have a struct for this -var hub *cwhub.Hub // FIXME: this is a temporary hack to make the hub available in the package - -func LoadAppsecRules(hubInstance *cwhub.Hub) error { - hub = hubInstance +func LoadAppsecRules(hub *cwhub.Hub) error { appsecRules = make(map[string]AppsecCollectionConfig) for _, hubAppsecRuleItem := range hub.GetInstalledByType(cwhub.APPSEC_RULES, false) { diff --git a/test/bats/crowdsec-acquisition.bats b/test/bats/crowdsec-acquisition.bats index d30971c68de..5874821231b 100644 --- a/test/bats/crowdsec-acquisition.bats +++ b/test/bats/crowdsec-acquisition.bats @@ -138,7 +138,7 @@ teardown() { type: appsec EOT - config_set '.common.log_level="debug" | .common.log_media="stdout"' + config_set '.common.log_media="stdout"' rune -0 "$CROWDSEC" -t --trace