Merge branch 'main' into listen_socket

.github/workflows/build-binary-package.yml

@@ -20,14 +20,14 @@ jobs:
     steps:
 
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.21.5
+        go-version: 1.21.7
 
     - name: Build all platforms
       run: |

.github/workflows/lint.yml

@@ -18,17 +18,17 @@ jobs:
     steps:
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.21.5
+        go-version: 1.21.7
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: go, python
 
@@ -37,9 +37,9 @@ jobs:
         make build
 
     - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v4
       with:
-        version: v1.55
+        version: v1.56
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here
@@ -48,4 +48,4 @@ jobs:
         skip-build-cache: true
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/publish-docker-doc.yaml

@@ -17,7 +17,7 @@ jobs:
     steps:
       -
         name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Update docker hub README
         uses: ms-jpq/sync-dockerhub-readme@v1

.github/workflows/release-drafter.yml

@@ -21,7 +21,7 @@ jobs:
     name: Update the release draft
     steps:
       # Drafts your next Release notes as Pull Requests are merged into "main"
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@v6
         with:
           config-name: release-drafter.yml
           # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml

.github/workflows/release_publish_docker-image.yml

@@ -17,7 +17,7 @@ jobs:
     steps:
       -
         name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       -
@@ -43,27 +43,27 @@ jobs:
           echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Login to DockerHub
         if: github.event_name == 'release'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1.12.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile

.github/workflows/tests.yml

@@ -17,14 +17,14 @@ jobs:
     steps:
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.21.5
+        go-version: 1.21.7
 
     - name: Build
       run: |
@@ -40,7 +40,7 @@ jobs:
 
     - name: Cache virtualenvs
       id: cache-pipenv
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ~/.local/share/virtualenvs
         key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}

.github/workflows/tests_deb.yml

@@ -17,18 +17,18 @@ jobs:
     steps:
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.21.5
+        go-version: 1.21.7
 
     - name: Cache virtualenvs
       id: cache-pipenv
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: ~/.local/share/virtualenvs
         key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}

Dockerfile

@@ -1,4 +1,4 @@
-ARG GOVERSION=1.21.5
+ARG GOVERSION=1.21.7
 
 FROM golang:${GOVERSION}-alpine AS build
 

cmd/root.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"bytes"
 	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"os"
@@ -33,9 +34,9 @@ func HandleSignals(ctx context.Context) error {
 	case s := <-signalChan:
 		switch s {
 		case syscall.SIGTERM:
-			return fmt.Errorf("received SIGTERM")
+			return errors.New("received SIGTERM")
 		case os.Interrupt: // cross-platform SIGINT
-			return fmt.Errorf("received interrupt")
+			return errors.New("received interrupt")
 		}
 	case <-ctx.Done():
 		return ctx.Err()
@@ -60,7 +61,7 @@ func Execute() error {
 	}
 
 	if configPath == nil || *configPath == "" {
-		return fmt.Errorf("configuration file is required")
+		return errors.New("configuration file is required")
 	}
 
 	configBytes, err := cfg.MergedConfig(*configPath)
@@ -100,8 +101,9 @@ func Execute() error {
 			ScenariosContaining:    strings.Join(config.CrowdsecConfig.IncludeScenariosContaining, ","),
 			ScenariosNotContaining: strings.Join(config.CrowdsecConfig.ExcludeScenariosContaining, ","),
 			Origins:                strings.Join(config.CrowdsecConfig.OnlyIncludeDecisionsFrom, ","),
+			Scopes:                 strings.Join(config.CrowdsecConfig.Scopes, ","),
 		},
-		UserAgent:          fmt.Sprintf("crowdsec-blocklist-mirror/%s", version.String()),
+		UserAgent:          "crowdsec-blocklist-mirror/" + version.String(),
 		CertPath:           config.CrowdsecConfig.CertPath,
 		KeyPath:            config.CrowdsecConfig.KeyPath,
 		CAPath:             config.CrowdsecConfig.CAPath,
@@ -121,7 +123,7 @@ func Execute() error {
 
 	g.Go(func() error {
 		decisionStreamer.Run(ctx)
-		return fmt.Errorf("bouncer stream halted")
+		return errors.New("bouncer stream halted")
 	})
 
 	g.Go(func() error {
@@ -148,10 +150,12 @@ func Execute() error {
 				if decisions == nil {
 					continue
 				}
+
 				if len(decisions.New) > 0 {
 					log.Infof("received %d new decisions", len(decisions.New))
 					registry.GlobalDecisionRegistry.AddDecisions(decisions.New)
 				}
+
 				if len(decisions.Deleted) > 0 {
 					log.Infof("received %d expired decisions", len(decisions.Deleted))
 					registry.GlobalDecisionRegistry.DeleteDecisions(decisions.Deleted)

pkg/cfg/config.go

@@ -1,6 +1,7 @@
 package cfg
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -30,6 +31,7 @@ type CrowdsecConfig struct {
 	IncludeScenariosContaining []string `yaml:"include_scenarios_containing"`
 	ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"`
 	OnlyIncludeDecisionsFrom   []string `yaml:"only_include_decisions_from"`
+	Scopes                     []string `yaml:"scopes,omitempty"`
 }
 
 type BlockListConfig struct {
@@ -71,11 +73,11 @@ type Config struct {
 
 func (cfg *Config) ValidateAndSetDefaults() error {
 	if cfg.CrowdsecConfig.LapiKey == "" && cfg.CrowdsecConfig.CertPath == "" {
-		return fmt.Errorf("one of lapi_key or cert_path is required")
+		return errors.New("one of lapi_key or cert_path is required")
 	}
 
 	if cfg.CrowdsecConfig.LapiURL == "" {
-		return fmt.Errorf("lapi_url is required")
+		return errors.New("lapi_url is required")
 	}
 
 	if !strings.HasSuffix(cfg.CrowdsecConfig.LapiURL, "/") {

pkg/cfg/logging.go

@@ -1,7 +1,7 @@
 package cfg
 
 import (
-	"fmt"
+	"errors"
 	"io"
 	"os"
 	"path/filepath"
@@ -75,7 +75,7 @@ func (c *LoggingConfig) setDefaults() {
 
 func (c *LoggingConfig) validate() error {
 	if c.LogMedia != "stdout" && c.LogMedia != "file" {
-		return fmt.Errorf("log_media should be either 'stdout' or 'file'")
+		return errors.New("log_media should be either 'stdout' or 'file'")
 	}
 
 	return nil

pkg/server/logging.go

@@ -138,12 +138,14 @@ func appendQuoted(buf []byte, s string) []byte {
 		if r == rune('"') || r == '\\' { // always backslashed
 			buf = append(buf, '\\')
 			buf = append(buf, byte(r))
+
 			continue
 		}
 
 		if strconv.IsPrint(r) {
 			n := utf8.EncodeRune(runeTmp[:], r)
 			buf = append(buf, runeTmp[:n]...)
+
 			continue
 		}
 

pkg/server/server.go

@@ -172,7 +172,7 @@ func satisfiesBasicAuth(r *http.Request, user, password string) bool {
 		return false
 	}
 
-	expectedVal := fmt.Sprintf("Basic %s", basicAuth(user, password))
+	expectedVal := "Basic " + basicAuth(user, password)
 	foundVal := r.Header[http.CanonicalHeaderKey("Authorization")][0]
 	log.WithFields(log.Fields{
 		"expected": expectedVal,