MCPcopy
hub / github.com/crowdsecurity/crowdsec / Build

Method Build

pkg/appsec/appsec.go:585–694  ·  view source on GitHub ↗
(ctx context.Context, hub *cwhub.Hub)

Source from the content-addressed store, hash-verified

583}
584
585func (wc *AppsecConfig) Build(ctx context.Context, hub *cwhub.Hub) (*AppsecRuntimeConfig, error) {
586 ret := &AppsecRuntimeConfig{Logger: wc.Logger.WithField("component", "appsec_runtime_config")}
587
588 ret.RequestValidator = apivalidation.NewRequestValidator(wc.Logger.WithField("component", "api_validator"))
589
590 if wc.BouncerBlockedHTTPCode == 0 {
591 wc.BouncerBlockedHTTPCode = http.StatusForbidden
592 }
593
594 if wc.BouncerPassedHTTPCode == 0 {
595 wc.BouncerPassedHTTPCode = http.StatusOK
596 }
597
598 if wc.UserBlockedHTTPCode == 0 {
599 wc.UserBlockedHTTPCode = http.StatusForbidden
600 }
601
602 if wc.UserPassedHTTPCode == 0 {
603 wc.UserPassedHTTPCode = http.StatusOK
604 }
605
606 if wc.DefaultPassAction == "" {
607 wc.DefaultPassAction = AllowRemediation
608 }
609
610 if wc.DefaultRemediation == "" {
611 wc.DefaultRemediation = BanRemediation
612 }
613
614 // set the defaults
615 switch wc.DefaultRemediation {
616 case BanRemediation, CaptchaRemediation, AllowRemediation:
617 // those are the officially supported remediation(s)
618 default:
619 wc.Logger.Warningf("default '%s' remediation of %s is none of [%s,%s,%s] ensure bouncer compatbility!", wc.DefaultRemediation, wc.Name, BanRemediation, CaptchaRemediation, AllowRemediation)
620 }
621
622 ret.Name = wc.Name
623 ret.Config = wc
624 ret.DefaultRemediation = wc.DefaultRemediation
625 ret.BodySettings = BodySettings{
626 MaxSize: DefaultMaxBodySize,
627 Action: BodySizeActionDrop,
628 }
629
630 wc.Logger.Tracef("Loading config %+v", wc)
631 // load rules
632 for _, rule := range wc.OutOfBandRules {
633 wc.Logger.Infof("loading outofband rule %s", rule)
634
635 collections, err := LoadCollection(rule, wc.Logger.WithField("component", "appsec_collection_loader"), hub)
636 if err != nil {
637 return nil, fmt.Errorf("unable to load outofband rule %s : %s", rule, err)
638 }
639
640 ret.OutOfBandRules = append(ret.OutOfBandRules, collections...)
641 }
642

Callers 5

ConfigureMethod · 0.95
testAppSecEngineFunction · 0.95
TestBuildNilPhaseConfigFunction · 0.95

Calls 5

LoadCollectionFunction · 0.85
buildHookListFunction · 0.85
buildPhaseHooksFunction · 0.85
TracefMethod · 0.80
CompileMethod · 0.45

Tested by 4

testAppSecEngineFunction · 0.76
TestBuildNilPhaseConfigFunction · 0.76