pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code

crowdsecurity · Mar 4, 2024 · c5254da · c5254da
1 parent 41b4373
commit c5254da
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 14 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -72,6 +72,55 @@ linters-settings:
         deny:
           - pkg: "github.com/pkg/errors"
             desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()"
+      yaml:
+        files:
+          - "!**/cmd/crowdsec-cli/alerts.go"
+          - "!**/cmd/crowdsec-cli/capi.go"
+          - "!**/cmd/crowdsec-cli/config_show.go"
+          - "!**/cmd/crowdsec-cli/hubtest.go"
+          - "!**/cmd/crowdsec-cli/lapi.go"
+          - "!**/cmd/crowdsec-cli/simulation.go"
+          - "!**/cmd/crowdsec/crowdsec.go"
+          - "!**/cmd/notification-dummy/main.go"
+          - "!**/cmd/notification-email/main.go"
+          - "!**/cmd/notification-http/main.go"
+          - "!**/cmd/notification-slack/main.go"
+          - "!**/cmd/notification-splunk/main.go"
+          - "!**/pkg/acquisition/acquisition.go"
+          - "!**/pkg/acquisition/acquisition_test.go"
+          - "!**/pkg/acquisition/modules/appsec/appsec.go"
+          - "!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go"
+          - "!**/pkg/acquisition/modules/docker/docker.go"
+          - "!**/pkg/acquisition/modules/file/file.go"
+          - "!**/pkg/acquisition/modules/journalctl/journalctl.go"
+          - "!**/pkg/acquisition/modules/kafka/kafka.go"
+          - "!**/pkg/acquisition/modules/kinesis/kinesis.go"
+          - "!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go"
+          - "!**/pkg/acquisition/modules/loki/loki.go"
+          - "!**/pkg/acquisition/modules/loki/timestamp_test.go"
+          - "!**/pkg/acquisition/modules/s3/s3.go"
+          - "!**/pkg/acquisition/modules/syslog/syslog.go"
+          - "!**/pkg/appsec/appsec.go"
+          - "!**/pkg/appsec/loader.go"
+          - "!**/pkg/csplugin/broker.go"
+          - "!**/pkg/csplugin/broker_test.go"
+          - "!**/pkg/dumps/bucker_dump.go"
+          - "!**/pkg/dumps/bucket_dump.go"
+          - "!**/pkg/dumps/parser_dump.go"
+          - "!**/pkg/hubtest/coverage.go"
+          - "!**/pkg/hubtest/hubtest_item.go"
+          - "!**/pkg/hubtest/parser_assert.go"
+          - "!**/pkg/hubtest/scenario_assert.go"
+          - "!**/pkg/leakybucket/buckets_test.go"
+          - "!**/pkg/leakybucket/manager_load.go"
+          - "!**/pkg/metabase/metabase.go"
+          - "!**/pkg/parser/node.go"
+          - "!**/pkg/parser/node_test.go"
+          - "!**/pkg/parser/parsing_test.go"
+          - "!**/pkg/parser/stage.go"
+        deny:
+          - pkg: "gopkg.in/yaml.v2"
+            desc: "yaml.v2 is deprecated for new code in favor of yaml.v3"
 
   wsl:
     # Allow blocks to end with comments

diff --git a/pkg/csconfig/api.go b/pkg/csconfig/api.go
@@ -1,6 +1,7 @@
 package csconfig
 
 import (
+	"bytes"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -12,7 +13,7 @@ import (
 	"time"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
@@ -92,7 +93,10 @@ func (o *OnlineApiClientCfg) Load() error {
 		return err
 	}
 
-	err = yaml.UnmarshalStrict(fcontent, o.Credentials)
+	dec := yaml.NewDecoder(bytes.NewReader(fcontent))
+	dec.KnownFields(true)
+
+	err = dec.Decode(o.Credentials)
 	if err != nil {
 		return fmt.Errorf("failed unmarshaling api server credentials configuration file '%s': %w", o.CredentialsFilePath, err)
 	}
@@ -120,7 +124,10 @@ func (l *LocalApiClientCfg) Load() error {
 		return err
 	}
 
-	err = yaml.UnmarshalStrict(fcontent, &l.Credentials)
+	dec := yaml.NewDecoder(bytes.NewReader(fcontent))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&l.Credentials)
 	if err != nil {
 		return fmt.Errorf("failed unmarshaling api client credential configuration file '%s': %w", l.CredentialsFilePath, err)
 	}

diff --git a/pkg/csconfig/api_test.go b/pkg/csconfig/api_test.go
@@ -9,7 +9,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/cstest"
 	"github.com/crowdsecurity/go-cs-lib/ptr"
@@ -147,7 +147,11 @@ func TestLoadAPIServer(t *testing.T) {
 	require.NoError(t, err)
 
 	configData := os.ExpandEnv(string(fcontent))
-	err = yaml.UnmarshalStrict([]byte(configData), &config)
+
+	dec := yaml.NewDecoder(strings.NewReader(configData))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&config)
 	require.NoError(t, err)
 
 	tests := []struct {

diff --git a/pkg/csconfig/config.go b/pkg/csconfig/config.go
@@ -6,9 +6,10 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/csstring"
 	"github.com/crowdsecurity/go-cs-lib/ptr"
@@ -57,7 +58,10 @@ func NewConfig(configFile string, disableAgent bool, disableAPI bool, inCli bool
 		DisableAPI:   disableAPI,
 	}
 
-	err = yaml.UnmarshalStrict([]byte(configData), &cfg)
+	dec := yaml.NewDecoder(strings.NewReader(configData))
+	dec.KnownFields(true)
+
+	err = dec.Decode(&cfg)
 	if err != nil {
 		// this is actually the "merged" yaml
 		return nil, "", fmt.Errorf("%s: %w", configFile, err)

diff --git a/pkg/csconfig/config_test.go b/pkg/csconfig/config_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/cstest"
 )

diff --git a/pkg/csconfig/console.go b/pkg/csconfig/console.go
@@ -5,7 +5,7 @@ import (
 	"os"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 )

diff --git a/pkg/csconfig/crowdsec_service.go b/pkg/csconfig/crowdsec_service.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/ptr"
 )

diff --git a/pkg/csconfig/database.go b/pkg/csconfig/database.go
@@ -45,6 +45,7 @@ type AuthGCCfg struct {
 
 type FlushDBCfg struct {
 	MaxItems   *int       `yaml:"max_items,omitempty"`
+	// We could unmarshal as time.Duration, but alert filters right now are a map of strings
 	MaxAge     *string    `yaml:"max_age,omitempty"`
 	BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"`
 	AgentsGC   *AuthGCCfg `yaml:"agents_autodelete,omitempty"`

diff --git a/pkg/csconfig/profiles.go b/pkg/csconfig/profiles.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"io"
 
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
 
@@ -45,7 +45,7 @@ func (c *LocalApiServerCfg) LoadProfiles() error {
 	reader := bytes.NewReader(fcontent)
 
 	dec := yaml.NewDecoder(reader)
-	dec.SetStrict(true)
+	dec.KnownFields(true)
 	for {
 		t := ProfileCfg{}
 		err = dec.Decode(&t)

diff --git a/pkg/csconfig/simulation.go b/pkg/csconfig/simulation.go
@@ -1,10 +1,11 @@
 package csconfig
 
 import (
+	"bytes"
 	"fmt"
 	"path/filepath"
 
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/yamlpatch"
 )
@@ -40,7 +41,9 @@ func (c *Config) LoadSimulation() error {
 	if err != nil {
 		return err
 	}
-	if err := yaml.UnmarshalStrict(rcfg, &simCfg); err != nil {
+	dec := yaml.NewDecoder(bytes.NewReader(rcfg))
+	dec.KnownFields(true)
+	if err := dec.Decode(&simCfg); err != nil {
 		return fmt.Errorf("while unmarshaling simulation file '%s' : %s", c.ConfigPaths.SimulationFilePath, err)
 	}
 	if simCfg.Simulation == nil {