propose an alternative, cleaner configuration for appsec-config#4397
propose an alternative, cleaner configuration for appsec-config#4397
Conversation
|
@buixor: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
@buixor: There are no area labels on this PR. You can add as many areas as you see fit.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
/area appsec |
github-actions
bot
added
kind/enhancement
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4397 +/- ##
==========================================
+ Coverage 63.31% 63.55% +0.24%
==========================================
Files 476 476
Lines 33796 33799 +3
==========================================
+ Hits 21398 21482 +84
+ Misses 10262 10182 -80
+ Partials 2136 2135 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR introduces a cleaner YAML configuration format for appsec-config by allowing phase-scoped sections (inband: / outofband:) that contain rules and hooks which are automatically dispatched only in the corresponding phase, reducing the need for users to manually add IsInBand / IsOutBand conditions.
Changes:
- Added phase-scoped configuration support (
inband/outofband) with normalization into existing flat rule/option fields. - Refactored hook compilation/execution to support common hooks + per-phase hooks (in-band vs out-of-band).
- Added/updated tests to validate new config parsing and phase-scoped hook dispatch behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/appsec/appsec.go | Adds phase-scoped config structs, normalizes new YAML format, and compiles/dispatches hooks by phase. |
| pkg/appsec/appsec_config_test.go | New unit tests validating LoadByPath behavior for new/old/mixed formats. |
| pkg/acquisition/modules/appsec/appsec_test.go | Extends test harness to inject phase-scoped hooks into AppsecConfig. |
| pkg/acquisition/modules/appsec/appsec_runner.go | Updates early-return logic to reference new compiled hook locations. |
| pkg/acquisition/modules/appsec/appsec_hooks_test.go | Adds integration-style tests ensuring phase-scoped hooks execute as expected. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…Rules and ProcessOutOfBandRules Agent-Logs-Url: https://github.com/crowdsecurity/crowdsec/sessions/d48208fb-cd17-47ce-b881-3e04d596990f Co-authored-by: buixor <990714+buixor@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Allow this format of configuration:
The goal is to avoid the user to have to prepand all their filter by
IsInBandorOutBandconditions