appsec: inject dependencies, avoid globals

cmd/crowdsec/crowdsec.go

@@ -61,7 +61,7 @@ func initCrowdsec(ctx context.Context, cConfig *csconfig.Config, hub *cwhub.Hub,
 		}
 	}
 
-	datasources, err := LoadAcquisition(ctx, cConfig)
+	datasources, err := LoadAcquisition(ctx, cConfig, hub)
 	if err != nil {
 		return nil, nil, fmt.Errorf("while loading acquisition config: %w", err)
 	}

cmd/crowdsec/main.go

@@ -75,18 +75,18 @@ func LoadBuckets(cConfig *csconfig.Config, hub *cwhub.Hub) error {
 	return nil
 }
 
-func LoadAcquisition(ctx context.Context, cConfig *csconfig.Config) ([]acquisition.DataSource, error) {
+func LoadAcquisition(ctx context.Context, cConfig *csconfig.Config, hub *cwhub.Hub) ([]acquisition.DataSource, error) {
 	if flags.SingleFileType != "" && flags.OneShotDSN != "" {
 		flags.Labels = additionalLabels
 		flags.Labels["type"] = flags.SingleFileType
 
-		ds, err := acquisition.LoadAcquisitionFromDSN(ctx, flags.OneShotDSN, flags.Labels, flags.Transform)
+		ds, err := acquisition.LoadAcquisitionFromDSN(ctx, flags.OneShotDSN, flags.Labels, flags.Transform, hub)
 		if err != nil {
 			return nil, err
 		}
 		dataSources = append(dataSources, ds)
 	} else {
-		dss, err := acquisition.LoadAcquisitionFromFiles(ctx, cConfig.Crowdsec, cConfig.Prometheus)
+		dss, err := acquisition.LoadAcquisitionFromFiles(ctx, cConfig.Crowdsec, cConfig.Prometheus, hub)
 		if err != nil {
 			return nil, err
 		}

pkg/acquisition/acquisition.go

@@ -27,6 +27,7 @@ import (
 
 	"github.com/crowdsecurity/crowdsec/pkg/acquisition/configuration"
 	"github.com/crowdsecurity/crowdsec/pkg/csconfig"
+	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
 	"github.com/crowdsecurity/crowdsec/pkg/cwversion/component"
 	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
 	"github.com/crowdsecurity/crowdsec/pkg/logging"
@@ -115,6 +116,14 @@ type DSNConfigurer interface {
 	ConfigureByDSN(ctx context.Context, dsn string, labels map[string]string, logger *log.Entry, uniqueID string) error
 }
 
+type LAPIClientAware interface {
+	SetClientConfig(config *csconfig.LocalApiClientCfg)
+}
+
+type HubAware interface {
+	SetHub(hub *cwhub.Hub)
+}
+
 var (
 	// We register the datasources at init time so we can tell if they are unsupported, or excluded from the build
 	AcquisitionSources = map[string]func() DataSource{}
@@ -157,7 +166,7 @@ func registerDataSource(dataSourceType string, dsGetter func() DataSource) {
 // if the configuration is not valid it returns an error.
 // If the datasource can't be run (eg. journalctl not available), it still returns an error which
 // can be checked for the appropriate action.
-func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSourceCommonCfg, yamlConfig []byte, metricsLevel metrics.AcquisitionMetricsLevel) (DataSource, error) {
+func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSourceCommonCfg, yamlConfig []byte, metricsLevel metrics.AcquisitionMetricsLevel, hub *cwhub.Hub) (DataSource, error) {
 	dataSrc, err := GetDataSourceIface(commonConfig.Source)
 	if err != nil {
 		return nil, err
@@ -177,6 +186,15 @@ func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSou
 
 	subLogger.Info("Configuring datasource")
 
+	if hubAware, ok := dataSrc.(HubAware); ok {
+		hubAware.SetHub(hub)
+	}
+
+	if lapiClientAware, ok := dataSrc.(LAPIClientAware); ok {
+		cConfig := csconfig.GetConfig()
+		lapiClientAware.SetClientConfig(cConfig.API.Client)
+	}
+
 	/* configure the actual datasource */
 	if err := dataSrc.Configure(ctx, yamlConfig, subLogger, metricsLevel); err != nil {
 		return nil, err
@@ -185,7 +203,7 @@ func DataSourceConfigure(ctx context.Context, commonConfig configuration.DataSou
 	return dataSrc, nil
 }
 
-func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]string, transformExpr string) (DataSource, error) {
+func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]string, transformExpr string, hub *cwhub.Hub) (DataSource, error) {
 	frags := strings.Split(dsn, ":")
 	if len(frags) == 1 {
 		return nil, fmt.Errorf("%s is not a valid dsn (no protocol)", dsn)
@@ -207,6 +225,15 @@ func LoadAcquisitionFromDSN(ctx context.Context, dsn string, labels map[string]s
 		transformRuntimes[uniqueID] = vm
 	}
 
+	if hubAware, ok := dataSrc.(HubAware); ok {
+		hubAware.SetHub(hub)
+	}
+
+	if lapiClientAware, ok := dataSrc.(LAPIClientAware); ok {
+		cConfig := csconfig.GetConfig()
+		lapiClientAware.SetClientConfig(cConfig.API.Client)
+	}
+
 	dsnConf, ok := dataSrc.(DSNConfigurer)
 	if !ok {
 		return nil, fmt.Errorf("%s datasource does not support command-line acquisition", frags[0])
@@ -272,7 +299,7 @@ func detectType(r io.Reader) (string, error) {
 }
 
 // sourcesFromFile reads and parses one acquisition file into DataSources.
-func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metrics.AcquisitionMetricsLevel) ([]DataSource, error) {
+func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metrics.AcquisitionMetricsLevel, hub *cwhub.Hub) ([]DataSource, error) {
 	var sources []DataSource
 
 	log.Infof("loading acquisition file : %s", acquisFile)
@@ -356,7 +383,7 @@ func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metric
 		uniqueID := uuid.NewString()
 		sub.UniqueId = uniqueID
 
-		src, err := DataSourceConfigure(ctx, sub, yamlDoc, metricsLevel)
+		src, err := DataSourceConfigure(ctx, sub, yamlDoc, metricsLevel, hub)
 		if err != nil {
 			var dserr *DataSourceUnavailableError
 			if errors.As(err, &dserr) {
@@ -383,13 +410,13 @@ func sourcesFromFile(ctx context.Context, acquisFile string, metricsLevel metric
 }
 
 // LoadAcquisitionFromFiles unmarshals the configuration item and checks its availability
-func LoadAcquisitionFromFiles(ctx context.Context, config *csconfig.CrowdsecServiceCfg, prom *csconfig.PrometheusCfg) ([]DataSource, error) {
+func LoadAcquisitionFromFiles(ctx context.Context, config *csconfig.CrowdsecServiceCfg, prom *csconfig.PrometheusCfg, hub *cwhub.Hub) ([]DataSource, error) {
 	var allSources []DataSource
 
 	metricsLevel := GetMetricsLevelFromPromCfg(prom)
 
 	for _, acquisFile := range config.AcquisitionFiles {
-		sources, err := sourcesFromFile(ctx, acquisFile, metricsLevel)
+		sources, err := sourcesFromFile(ctx, acquisFile, metricsLevel, hub)
 		if err != nil {
 			return nil, err
 		}

pkg/acquisition/acquisition_test.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/crowdsecurity/crowdsec/pkg/acquisition/configuration"
 	"github.com/crowdsecurity/crowdsec/pkg/csconfig"
+	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
 	"github.com/crowdsecurity/crowdsec/pkg/metrics"
 	"github.com/crowdsecurity/crowdsec/pkg/pipeline"
 )
@@ -181,7 +182,8 @@ filename: foo.log
 			common := configuration.DataSourceCommonCfg{}
 			err := yaml.Unmarshal([]byte(tc.String), &common)
 			require.NoError(t, err)
-			ds, err := DataSourceConfigure(ctx, common, []byte(tc.String), metrics.AcquisitionMetricsLevelNone)
+			hub := cwhub.Hub{}
+			ds, err := DataSourceConfigure(ctx, common, []byte(tc.String), metrics.AcquisitionMetricsLevelNone, &hub)
 			cstest.RequireErrorContains(t, err, tc.ExpectedError)
 
 			if tc.ExpectedError != "" {
@@ -292,7 +294,8 @@ func TestLoadAcquisitionFromFiles(t *testing.T) {
 	}
 	for _, tc := range tests {
 		t.Run(tc.TestName, func(t *testing.T) {
-			dss, err := LoadAcquisitionFromFiles(ctx, &tc.Config, nil)
+			hub := cwhub.Hub{}
+			dss, err := LoadAcquisitionFromFiles(ctx, &tc.Config, nil, &hub)
 			cstest.RequireErrorContains(t, err, tc.ExpectedError)
 
 			if tc.ExpectedError != "" {
@@ -552,7 +555,8 @@ func TestConfigureByDSN(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.dsn, func(t *testing.T) {
-			source, err := LoadAcquisitionFromDSN(ctx, tc.dsn, map[string]string{"type": "test_label"}, "")
+			hub := cwhub.Hub{}
+			source, err := LoadAcquisitionFromDSN(ctx, tc.dsn, map[string]string{"type": "test_label"}, "", &hub)
 			cstest.RequireErrorContains(t, err, tc.ExpectedError)
 
 			if tc.ExpectedError != "" {

pkg/acquisition/appsec.go

@@ -11,6 +11,8 @@ var (
 	_ DataSource      = (*appsecacquisition.Source)(nil)
 	_ Tailer          = (*appsecacquisition.Source)(nil)
 	_ MetricsProvider = (*appsecacquisition.Source)(nil)
+	_ HubAware        = (*appsecacquisition.Source)(nil)
+	_ LAPIClientAware = (*appsecacquisition.Source)(nil)
 )
 
 //nolint:gochecknoinits

pkg/acquisition/modules/appsec/appsec_hooks_test.go

@@ -407,11 +407,8 @@ func TestAppsecOnMatchHooks(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }
 
 func TestAppsecPreEvalHooks(t *testing.T) {
@@ -824,11 +821,7 @@ func TestAppsecPreEvalHooks(t *testing.T) {
 		},
 	}
 
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+	runTests(t, tests)
 }
 
 func TestAppsecRemediationConfigHooks(t *testing.T) {
@@ -917,11 +910,7 @@ func TestAppsecRemediationConfigHooks(t *testing.T) {
 		},
 	}
 
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+	runTests(t, tests)
 }
 
 func TestOnMatchRemediationHooks(t *testing.T) {
@@ -1090,9 +1079,6 @@ func TestOnMatchRemediationHooks(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }

pkg/acquisition/modules/appsec/appsec_lnx_test.go

@@ -69,9 +69,6 @@ func TestAppsecRuleTransformsOthers(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }

pkg/acquisition/modules/appsec/appsec_remediation_test.go

@@ -149,11 +149,8 @@ func TestAppsecDefaultPassRemediation(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }
 
 func TestAppsecDefaultRemediation(t *testing.T) {
@@ -322,9 +319,5 @@ func TestAppsecDefaultRemediation(t *testing.T) {
 		},
 	}
 
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+	runTests(t, tests)
 }

pkg/acquisition/modules/appsec/appsec_rules_test.go

@@ -418,11 +418,7 @@ toto
 		},
 	}
 
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+	runTests(t, tests)
 }
 
 func TestAppsecRuleTransforms(t *testing.T) {
@@ -633,11 +629,8 @@ func TestAppsecRuleTransforms(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }
 
 func TestAppsecRuleZones(t *testing.T) {
@@ -947,9 +940,6 @@ func TestAppsecRuleZones(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }

pkg/acquisition/modules/appsec/appsec_runner_test.go

@@ -66,11 +66,8 @@ func TestAppsecConflictRuleLoad(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }
 
 func TestAppsecRuleLoad(t *testing.T) {
@@ -200,9 +197,6 @@ func TestAppsecRuleLoad(t *testing.T) {
 			},
 		},
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }

pkg/acquisition/modules/appsec/appsec_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/crowdsecurity/crowdsec/pkg/cwhub"
 	"github.com/crowdsecurity/crowdsec/pkg/apiclient"
 	"github.com/crowdsecurity/crowdsec/pkg/appsec"
 	"github.com/crowdsecurity/crowdsec/pkg/appsec/allowlists"
@@ -58,7 +59,15 @@ func setupWithPrefix(urlPrefix string) (*http.ServeMux, string, func()) {
 	return mux, server.URL, server.Close
 }
 
-func loadAppSecEngine(test appsecRuleTest, t *testing.T) {
+func runTests(t *testing.T, tests []appsecRuleTest) {
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			testAppSecEngine(t, test)
+		})
+	}
+}
+
+func testAppSecEngine(t *testing.T, test appsecRuleTest) {
 	if testing.Verbose() {
 		log.SetLevel(log.TraceLevel)
 	} else {
@@ -105,7 +114,9 @@ func loadAppSecEngine(test appsecRuleTest, t *testing.T) {
 		DefaultRemediation:     test.DefaultRemediation,
 		DefaultPassAction:      test.DefaultPassAction,
 	}
-	AppsecRuntime, err := appsecCfg.Build()
+
+	hub := cwhub.Hub{}
+	AppsecRuntime, err := appsecCfg.Build(&hub)
 	if err != nil {
 		t.Fatalf("unable to build appsec runtime : %s", err)
 	}

pkg/acquisition/modules/appsec/appsec_win_test.go

@@ -37,9 +37,6 @@ func TestAppsecRuleTransformsWindows(t *testing.T) {
 		// 	},
 		// },
 	}
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			loadAppSecEngine(test, t)
-		})
-	}
+
+	runTests(t, tests)
 }