diff --git a/.golangci.yml b/.golangci.yml index 29332447b612..08abd51316d0 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -72,6 +72,55 @@ linters-settings: deny: - pkg: "github.com/pkg/errors" desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()" + yaml: + files: + - "!**/cmd/crowdsec-cli/alerts.go" + - "!**/cmd/crowdsec-cli/capi.go" + - "!**/cmd/crowdsec-cli/config_show.go" + - "!**/cmd/crowdsec-cli/hubtest.go" + - "!**/cmd/crowdsec-cli/lapi.go" + - "!**/cmd/crowdsec-cli/simulation.go" + - "!**/cmd/crowdsec/crowdsec.go" + - "!**/cmd/notification-dummy/main.go" + - "!**/cmd/notification-email/main.go" + - "!**/cmd/notification-http/main.go" + - "!**/cmd/notification-slack/main.go" + - "!**/cmd/notification-splunk/main.go" + - "!**/pkg/acquisition/acquisition.go" + - "!**/pkg/acquisition/acquisition_test.go" + - "!**/pkg/acquisition/modules/appsec/appsec.go" + - "!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go" + - "!**/pkg/acquisition/modules/docker/docker.go" + - "!**/pkg/acquisition/modules/file/file.go" + - "!**/pkg/acquisition/modules/journalctl/journalctl.go" + - "!**/pkg/acquisition/modules/kafka/kafka.go" + - "!**/pkg/acquisition/modules/kinesis/kinesis.go" + - "!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go" + - "!**/pkg/acquisition/modules/loki/loki.go" + - "!**/pkg/acquisition/modules/loki/timestamp_test.go" + - "!**/pkg/acquisition/modules/s3/s3.go" + - "!**/pkg/acquisition/modules/syslog/syslog.go" + - "!**/pkg/appsec/appsec.go" + - "!**/pkg/appsec/loader.go" + - "!**/pkg/csplugin/broker.go" + - "!**/pkg/csplugin/broker_test.go" + - "!**/pkg/dumps/bucker_dump.go" + - "!**/pkg/dumps/bucket_dump.go" + - "!**/pkg/dumps/parser_dump.go" + - "!**/pkg/hubtest/coverage.go" + - "!**/pkg/hubtest/hubtest_item.go" + - "!**/pkg/hubtest/parser_assert.go" + - "!**/pkg/hubtest/scenario_assert.go" + - "!**/pkg/leakybucket/buckets_test.go" + - "!**/pkg/leakybucket/manager_load.go" + - "!**/pkg/metabase/metabase.go" + - "!**/pkg/parser/node.go" + - "!**/pkg/parser/node_test.go" + - "!**/pkg/parser/parsing_test.go" + - "!**/pkg/parser/stage.go" + deny: + - pkg: "gopkg.in/yaml.v2" + desc: "yaml.v2 is deprecated for new code in favor of yaml.v3" wsl: # Allow blocks to end with comments diff --git a/pkg/csconfig/api.go b/pkg/csconfig/api.go index de8ee4934a70..1d7fe6450ead 100644 --- a/pkg/csconfig/api.go +++ b/pkg/csconfig/api.go @@ -1,6 +1,7 @@ package csconfig import ( + "bytes" "crypto/tls" "crypto/x509" "errors" @@ -12,7 +13,7 @@ import ( "time" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/ptr" "github.com/crowdsecurity/go-cs-lib/yamlpatch" @@ -92,7 +93,10 @@ func (o *OnlineApiClientCfg) Load() error { return err } - err = yaml.UnmarshalStrict(fcontent, o.Credentials) + dec := yaml.NewDecoder(bytes.NewReader(fcontent)) + dec.KnownFields(true) + + err = dec.Decode(o.Credentials) if err != nil { return fmt.Errorf("failed unmarshaling api server credentials configuration file '%s': %w", o.CredentialsFilePath, err) } @@ -120,7 +124,10 @@ func (l *LocalApiClientCfg) Load() error { return err } - err = yaml.UnmarshalStrict(fcontent, &l.Credentials) + dec := yaml.NewDecoder(bytes.NewReader(fcontent)) + dec.KnownFields(true) + + err = dec.Decode(&l.Credentials) if err != nil { return fmt.Errorf("failed unmarshaling api client credential configuration file '%s': %w", l.CredentialsFilePath, err) } diff --git a/pkg/csconfig/api_test.go b/pkg/csconfig/api_test.go index e22c78204e7c..653610a37c66 100644 --- a/pkg/csconfig/api_test.go +++ b/pkg/csconfig/api_test.go @@ -9,7 +9,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/cstest" "github.com/crowdsecurity/go-cs-lib/ptr" @@ -147,7 +147,11 @@ func TestLoadAPIServer(t *testing.T) { require.NoError(t, err) configData := os.ExpandEnv(string(fcontent)) - err = yaml.UnmarshalStrict([]byte(configData), &config) + + dec := yaml.NewDecoder(strings.NewReader(configData)) + dec.KnownFields(true) + + err = dec.Decode(&config) require.NoError(t, err) tests := []struct { diff --git a/pkg/csconfig/config.go b/pkg/csconfig/config.go index 2dc7ecc7d536..ed9274d2b669 100644 --- a/pkg/csconfig/config.go +++ b/pkg/csconfig/config.go @@ -6,9 +6,10 @@ import ( "fmt" "os" "path/filepath" + "strings" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/csstring" "github.com/crowdsecurity/go-cs-lib/ptr" @@ -57,7 +58,10 @@ func NewConfig(configFile string, disableAgent bool, disableAPI bool, inCli bool DisableAPI: disableAPI, } - err = yaml.UnmarshalStrict([]byte(configData), &cfg) + dec := yaml.NewDecoder(strings.NewReader(configData)) + dec.KnownFields(true) + + err = dec.Decode(&cfg) if err != nil { // this is actually the "merged" yaml return nil, "", fmt.Errorf("%s: %w", configFile, err) diff --git a/pkg/csconfig/config_test.go b/pkg/csconfig/config_test.go index 4843c2f70f9b..56ecc2023733 100644 --- a/pkg/csconfig/config_test.go +++ b/pkg/csconfig/config_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/cstest" ) diff --git a/pkg/csconfig/console.go b/pkg/csconfig/console.go index 1e8974154eca..c9731ba5a939 100644 --- a/pkg/csconfig/console.go +++ b/pkg/csconfig/console.go @@ -5,7 +5,7 @@ import ( "os" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/ptr" ) diff --git a/pkg/csconfig/crowdsec_service.go b/pkg/csconfig/crowdsec_service.go index 36d38cf7481f..1ba27257ec43 100644 --- a/pkg/csconfig/crowdsec_service.go +++ b/pkg/csconfig/crowdsec_service.go @@ -6,7 +6,7 @@ import ( "path/filepath" log "github.com/sirupsen/logrus" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/ptr" ) diff --git a/pkg/csconfig/database.go b/pkg/csconfig/database.go index 5149b4ae39ea..9486be867bf4 100644 --- a/pkg/csconfig/database.go +++ b/pkg/csconfig/database.go @@ -45,6 +45,7 @@ type AuthGCCfg struct { type FlushDBCfg struct { MaxItems *int `yaml:"max_items,omitempty"` + // We could unmarshal as time.Duration, but alert filters right now are a map of strings MaxAge *string `yaml:"max_age,omitempty"` BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"` AgentsGC *AuthGCCfg `yaml:"agents_autodelete,omitempty"` diff --git a/pkg/csconfig/profiles.go b/pkg/csconfig/profiles.go index ad3779ed12f2..e21abca37ef2 100644 --- a/pkg/csconfig/profiles.go +++ b/pkg/csconfig/profiles.go @@ -6,7 +6,7 @@ import ( "fmt" "io" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/yamlpatch" @@ -45,7 +45,7 @@ func (c *LocalApiServerCfg) LoadProfiles() error { reader := bytes.NewReader(fcontent) dec := yaml.NewDecoder(reader) - dec.SetStrict(true) + dec.KnownFields(true) for { t := ProfileCfg{} err = dec.Decode(&t) diff --git a/pkg/csconfig/simulation.go b/pkg/csconfig/simulation.go index 0d09aa478ffa..03d26ffb60c3 100644 --- a/pkg/csconfig/simulation.go +++ b/pkg/csconfig/simulation.go @@ -1,10 +1,11 @@ package csconfig import ( + "bytes" "fmt" "path/filepath" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/yamlpatch" ) @@ -40,7 +41,9 @@ func (c *Config) LoadSimulation() error { if err != nil { return err } - if err := yaml.UnmarshalStrict(rcfg, &simCfg); err != nil { + dec := yaml.NewDecoder(bytes.NewReader(rcfg)) + dec.KnownFields(true) + if err := dec.Decode(&simCfg); err != nil { return fmt.Errorf("while unmarshaling simulation file '%s' : %s", c.ConfigPaths.SimulationFilePath, err) } if simCfg.Simulation == nil {