From 2077c6c3b5f308efbcf879eb0dc6f66653c0cf14 Mon Sep 17 00:00:00 2001 From: Manuel Sabban Date: Wed, 13 Mar 2024 16:22:23 +0100 Subject: [PATCH 1/5] static build require not to build at package creation time (#89) --- debian/rules | 2 +- rpm/SPECS/crowdsec-blocklist-mirror.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index b60bb23..e55ae3e 100755 --- a/debian/rules +++ b/debian/rules @@ -12,7 +12,7 @@ override_dh_auto_clean: override_dh_auto_test: override_dh_auto_build: override_dh_auto_install: - @make build +# @make build @BOUNCER=crowdsec-blocklist-mirror; \ PKG="$$BOUNCER"; \ diff --git a/rpm/SPECS/crowdsec-blocklist-mirror.spec b/rpm/SPECS/crowdsec-blocklist-mirror.spec index 4e348fc..4700ed0 100644 --- a/rpm/SPECS/crowdsec-blocklist-mirror.spec +++ b/rpm/SPECS/crowdsec-blocklist-mirror.spec @@ -27,7 +27,7 @@ Requires: gettext %setup -n %{name}-%{version} %build -BUILD_VERSION=%{local_version} make +#BUILD_VERSION=%{local_version} make %install rm -rf %{buildroot} From bd05c89e200bcc08f3cea3ee97229ec55a2e651c Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:49:51 +0100 Subject: [PATCH 2/5] use go 1.21.7 and bump actions (#87) --- .github/workflows/build-binary-package.yml | 6 +++--- .github/workflows/lint.yml | 12 ++++++------ .github/workflows/publish-docker-doc.yaml | 2 +- .github/workflows/release-drafter.yml | 2 +- .github/workflows/release_publish_docker-image.yml | 12 ++++++------ .github/workflows/tests.yml | 8 ++++---- .github/workflows/tests_deb.yml | 8 ++++---- Dockerfile | 2 +- 8 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build-binary-package.yml b/.github/workflows/build-binary-package.yml index 95dcbbe..3272d61 100644 --- a/.github/workflows/build-binary-package.yml +++ b/.github/workflows/build-binary-package.yml @@ -20,14 +20,14 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: - go-version: 1.21.5 + go-version: 1.21.7 - name: Build all platforms run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f723912..78a358e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,17 +18,17 @@ jobs: steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: - go-version: 1.21.5 + go-version: 1.21.7 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: go, python @@ -37,7 +37,7 @@ jobs: make build - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@v4 with: version: v1.55 args: --issues-exit-code=1 --timeout 10m @@ -48,4 +48,4 @@ jobs: skip-build-cache: true - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/publish-docker-doc.yaml b/.github/workflows/publish-docker-doc.yaml index 8537f1c..4e84785 100644 --- a/.github/workflows/publish-docker-doc.yaml +++ b/.github/workflows/publish-docker-doc.yaml @@ -17,7 +17,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Update docker hub README uses: ms-jpq/sync-dockerhub-readme@v1 diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 0e8de80..3eb1539 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -21,7 +21,7 @@ jobs: name: Update the release draft steps: # Drafts your next Release notes as Pull Requests are merged into "main" - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@v6 with: config-name: release-drafter.yml # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml diff --git a/.github/workflows/release_publish_docker-image.yml b/.github/workflows/release_publish_docker-image.yml index 6c3c6d0..4473b38 100644 --- a/.github/workflows/release_publish_docker-image.yml +++ b/.github/workflows/release_publish_docker-image.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - @@ -43,27 +43,27 @@ jobs: echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub if: github.event_name == 'release' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1.12.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 80b721c..d1f8839 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,14 +17,14 @@ jobs: steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: - go-version: 1.21.5 + go-version: 1.21.7 - name: Build run: | @@ -40,7 +40,7 @@ jobs: - name: Cache virtualenvs id: cache-pipenv - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} diff --git a/.github/workflows/tests_deb.yml b/.github/workflows/tests_deb.yml index 396e8f2..831f657 100644 --- a/.github/workflows/tests_deb.yml +++ b/.github/workflows/tests_deb.yml @@ -17,18 +17,18 @@ jobs: steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: - go-version: 1.21.5 + go-version: 1.21.7 - name: Cache virtualenvs id: cache-pipenv - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} diff --git a/Dockerfile b/Dockerfile index 9bb7727..86de60a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GOVERSION=1.21.5 +ARG GOVERSION=1.21.7 FROM golang:${GOVERSION}-alpine AS build From 0ef82b987d18cc78b2c07af10aef7c708e071262 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Mon, 18 Mar 2024 09:58:45 +0100 Subject: [PATCH 3/5] lint (#90) --- .github/workflows/lint.yml | 2 +- cmd/root.go | 13 ++++++++----- pkg/cfg/config.go | 5 +++-- pkg/cfg/logging.go | 4 ++-- pkg/server/logging.go | 2 ++ pkg/server/server.go | 2 +- 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 78a358e..61ee46c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -39,7 +39,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v4 with: - version: v1.55 + version: v1.56 args: --issues-exit-code=1 --timeout 10m only-new-issues: false # the cache is already managed above, enabling it here diff --git a/cmd/root.go b/cmd/root.go index 3120941..dd13701 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -3,6 +3,7 @@ package cmd import ( "bytes" "context" + "errors" "flag" "fmt" "os" @@ -33,9 +34,9 @@ func HandleSignals(ctx context.Context) error { case s := <-signalChan: switch s { case syscall.SIGTERM: - return fmt.Errorf("received SIGTERM") + return errors.New("received SIGTERM") case os.Interrupt: // cross-platform SIGINT - return fmt.Errorf("received interrupt") + return errors.New("received interrupt") } case <-ctx.Done(): return ctx.Err() @@ -60,7 +61,7 @@ func Execute() error { } if configPath == nil || *configPath == "" { - return fmt.Errorf("configuration file is required") + return errors.New("configuration file is required") } configBytes, err := cfg.MergedConfig(*configPath) @@ -101,7 +102,7 @@ func Execute() error { ScenariosNotContaining: strings.Join(config.CrowdsecConfig.ExcludeScenariosContaining, ","), Origins: strings.Join(config.CrowdsecConfig.OnlyIncludeDecisionsFrom, ","), }, - UserAgent: fmt.Sprintf("crowdsec-blocklist-mirror/%s", version.String()), + UserAgent: "crowdsec-blocklist-mirror/" + version.String(), CertPath: config.CrowdsecConfig.CertPath, KeyPath: config.CrowdsecConfig.KeyPath, CAPath: config.CrowdsecConfig.CAPath, @@ -121,7 +122,7 @@ func Execute() error { g.Go(func() error { decisionStreamer.Run(ctx) - return fmt.Errorf("bouncer stream halted") + return errors.New("bouncer stream halted") }) g.Go(func() error { @@ -148,10 +149,12 @@ func Execute() error { if decisions == nil { continue } + if len(decisions.New) > 0 { log.Infof("received %d new decisions", len(decisions.New)) registry.GlobalDecisionRegistry.AddDecisions(decisions.New) } + if len(decisions.Deleted) > 0 { log.Infof("received %d expired decisions", len(decisions.Deleted)) registry.GlobalDecisionRegistry.DeleteDecisions(decisions.Deleted) diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go index ece5652..4ba3e32 100644 --- a/pkg/cfg/config.go +++ b/pkg/cfg/config.go @@ -1,6 +1,7 @@ package cfg import ( + "errors" "fmt" "io" "os" @@ -66,11 +67,11 @@ type Config struct { func (cfg *Config) ValidateAndSetDefaults() error { if cfg.CrowdsecConfig.LapiKey == "" && cfg.CrowdsecConfig.CertPath == "" { - return fmt.Errorf("one of lapi_key or cert_path is required") + return errors.New("one of lapi_key or cert_path is required") } if cfg.CrowdsecConfig.LapiURL == "" { - return fmt.Errorf("lapi_url is required") + return errors.New("lapi_url is required") } if !strings.HasSuffix(cfg.CrowdsecConfig.LapiURL, "/") { diff --git a/pkg/cfg/logging.go b/pkg/cfg/logging.go index 496d656..942cc8c 100644 --- a/pkg/cfg/logging.go +++ b/pkg/cfg/logging.go @@ -1,7 +1,7 @@ package cfg import ( - "fmt" + "errors" "io" "os" "path/filepath" @@ -75,7 +75,7 @@ func (c *LoggingConfig) setDefaults() { func (c *LoggingConfig) validate() error { if c.LogMedia != "stdout" && c.LogMedia != "file" { - return fmt.Errorf("log_media should be either 'stdout' or 'file'") + return errors.New("log_media should be either 'stdout' or 'file'") } return nil diff --git a/pkg/server/logging.go b/pkg/server/logging.go index c16d641..ab76b21 100644 --- a/pkg/server/logging.go +++ b/pkg/server/logging.go @@ -138,12 +138,14 @@ func appendQuoted(buf []byte, s string) []byte { if r == rune('"') || r == '\\' { // always backslashed buf = append(buf, '\\') buf = append(buf, byte(r)) + continue } if strconv.IsPrint(r) { n := utf8.EncodeRune(runeTmp[:], r) buf = append(buf, runeTmp[:n]...) + continue } diff --git a/pkg/server/server.go b/pkg/server/server.go index 2cf1f2c..1c5e808 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -109,7 +109,7 @@ func satisfiesBasicAuth(r *http.Request, user, password string) bool { return false } - expectedVal := fmt.Sprintf("Basic %s", basicAuth(user, password)) + expectedVal := "Basic " + basicAuth(user, password) foundVal := r.Header[http.CanonicalHeaderKey("Authorization")][0] log.WithFields(log.Fields{ "expected": expectedVal, From a7871e6ee43d1abba496cf00b0f4e6ce37ea2b9a Mon Sep 17 00:00:00 2001 From: Manuel Sabban Date: Mon, 18 Mar 2024 18:13:39 +0100 Subject: [PATCH 4/5] revert preventing the build. This will be done pipeline side. (#92) --- debian/rules | 2 +- rpm/SPECS/crowdsec-blocklist-mirror.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index e55ae3e..b60bb23 100755 --- a/debian/rules +++ b/debian/rules @@ -12,7 +12,7 @@ override_dh_auto_clean: override_dh_auto_test: override_dh_auto_build: override_dh_auto_install: -# @make build + @make build @BOUNCER=crowdsec-blocklist-mirror; \ PKG="$$BOUNCER"; \ diff --git a/rpm/SPECS/crowdsec-blocklist-mirror.spec b/rpm/SPECS/crowdsec-blocklist-mirror.spec index 4700ed0..4e348fc 100644 --- a/rpm/SPECS/crowdsec-blocklist-mirror.spec +++ b/rpm/SPECS/crowdsec-blocklist-mirror.spec @@ -27,7 +27,7 @@ Requires: gettext %setup -n %{name}-%{version} %build -#BUILD_VERSION=%{local_version} make +BUILD_VERSION=%{local_version} make %install rm -rf %{buildroot} From 83ff2b5b0813d9c8321c21e295525a36182a3442 Mon Sep 17 00:00:00 2001 From: "Thibault \"bui\" Koechlin" Date: Wed, 20 Mar 2024 16:47:33 +0100 Subject: [PATCH 5/5] allow to specify 'scopes' in the configuration. By default bouncer was restricting itself to IP scoped decisions (#93) --- cmd/root.go | 1 + pkg/cfg/config.go | 1 + 2 files changed, 2 insertions(+) diff --git a/cmd/root.go b/cmd/root.go index dd13701..a282595 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -101,6 +101,7 @@ func Execute() error { ScenariosContaining: strings.Join(config.CrowdsecConfig.IncludeScenariosContaining, ","), ScenariosNotContaining: strings.Join(config.CrowdsecConfig.ExcludeScenariosContaining, ","), Origins: strings.Join(config.CrowdsecConfig.OnlyIncludeDecisionsFrom, ","), + Scopes: strings.Join(config.CrowdsecConfig.Scopes, ","), }, UserAgent: "crowdsec-blocklist-mirror/" + version.String(), CertPath: config.CrowdsecConfig.CertPath, diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go index 4ba3e32..6a20585 100644 --- a/pkg/cfg/config.go +++ b/pkg/cfg/config.go @@ -30,6 +30,7 @@ type CrowdsecConfig struct { IncludeScenariosContaining []string `yaml:"include_scenarios_containing"` ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"` OnlyIncludeDecisionsFrom []string `yaml:"only_include_decisions_from"` + Scopes []string `yaml:"scopes,omitempty"` } type BlockListConfig struct {