Commit graph

483 commits

Author SHA1 Message Date
Adnan Hajdarević
3e18a060ae
Merge pull request #479 from moorereason/iss312-http-request
Add request source
2020-11-21 18:58:19 +01:00
Cameron Moore
6f5962f8f2 Use strings.ToLower on source name parameters 2020-11-21 10:00:03 -06:00
Cameron Moore
346c761ef6 Add request source
Add "request" source with support for "method" and "remote-addr"
parameters.  Both values are taken from the raw http.Request object.

Fixes #312
2020-11-20 16:32:55 -06:00
Adnan Hajdarević
e513eb4bf4
Merge pull request #477 from moorereason/refactor-req-parsing
Move some request parsing into hook package
2020-11-19 19:44:33 +01:00
Cameron Moore
22c8a1670b Move some request parsing into hook package
Trying to simplify hookHandler.  No functional changes introduced.
2020-11-17 15:00:58 -06:00
Adnan Hajdarević
4fadb1171f
Merge pull request #472 from moorereason/iss471-sc
Fix OrRule logic on parameter lookup failures
2020-10-26 14:09:19 +01:00
Cameron Moore
dc184d2737 Fix OrRule logic on parameter lookup failures
Fixes #471
2020-10-24 11:40:27 -05:00
Adnan Hajdarević
67c317e741
Merge pull request #465 from moorereason/gh-action-tests
Add Github Action to build & run tests
2020-10-02 07:52:06 +02:00
Adnan Hajdarević
ab3ff0343e
Merge pull request #463 from moorereason/iss400
Document YAML support
2020-09-29 09:11:41 +02:00
Cameron Moore
f007fa5280 Simplify build workflow 2020-09-28 21:18:38 -05:00
Cameron Moore
a904537367 Add build badge to README.md 2020-09-28 20:48:39 -05:00
Cameron Moore
0814b10a16 Add Github Action to build & run tests 2020-09-28 17:20:22 -05:00
Cameron Moore
d279505930 Document YAML support
Fixes #400
Updates #288
2020-09-28 14:44:21 -05:00
Adnan Hajdarević
0f4bbfac9f
Merge pull request #461 from moorereason/iss289-hmac-cleanup
Transition payload hash option names to hmac
2020-09-28 04:47:24 +02:00
Cameron Moore
6bbf14f7d9 Transition payload hash option names to hmac
The payload-hash-* options are imprecisely named. Clarify their function
as HMAC validations by renaming them. The existing options will continue
to work but are deprecated.  Log a warning if the old options are used.

All tests, examples, and documentation are updated.

Fixes #289
2020-09-27 20:24:36 -05:00
Adnan Hajdarević
6797bf7cf7
Merge pull request #462 from moorereason/req-context
Add Request object to hook package to simplify API
2020-09-26 15:20:32 +02:00
Cameron Moore
c6603894c1 Add Request object to hook package to simplify API
To avoid having to pass around so many parameters to the hook package,
create a Request object to store all request-specific data.  Update APIs
accordingly.
2020-09-25 19:46:06 -05:00
Adnan Hajdarević
b8498c564d
Merge pull request #460 from moorereason/iss456-log-exec-err
Log stdlib error on failed exec.LookPath
2020-09-25 07:13:35 +02:00
Cameron Moore
dd5fa20415 Log stdlib error on failed exec.LookPath
The error returned by exec.LookPath was never surfaced to the user.
Without that detail, the user can't tell the difference between a
non-existent path and a permissions issue.

Additionally, when ExecuteCommand is an absolute path, we were still
attempting to prepend the CommandWorkingDirectory if the ExecuteCommand
was not found, which made it difficult to know which path the user
intended to execute.

This commit simplifies the logic to avoid multiple attempts with
ExecuteCommand is an absolute path and changes the error message from:

  error locating command: '/path/to/file'

to:

  error in exec: "/path/to/file": stat /path/to/file: no such file or directory
  error in exec: "/path/to/file": permission denied

Fixes #457
2020-09-24 21:02:07 -05:00
Adnan Hajdarević
c7a8fbc929
Merge pull request #449 from moorereason/feature/448-return-json
Update ExtractParameterAsString to return JSON on complex types
2020-08-03 08:08:38 +02:00
Adnan Hajdarević
04ca211531
Merge pull request #446 from moorereason/feature/json-array
Add support for top-level JSON array in payload
2020-08-03 08:07:09 +02:00
Cameron Moore
ae5e9e7894 Update ExtractParameterAsString to return JSON on complex types
Fixes #448
2020-07-31 11:58:12 -05:00
Adnan Hajdarević
47e5ae5527
Merge pull request #447 from moorereason/feature/docs-toc
Add a table of contents to some of the docs
2020-07-31 14:47:49 +02:00
Cameron Moore
534e99bf13 Add a table of contents to some of the docs 2020-07-29 17:23:23 -05:00
Cameron Moore
0e90ccb441 Add support for top-level JSON array in payload
Detect if leading character in JSON payload is an array bracket.  If
found, decode payload into an interface{} and then save the results into
payload["root"].  References to payload values would need to reference
the leading, "virtual" root node (i.e. "root.0.name").

Fixes #215
2020-07-29 16:56:25 -05:00
Adnan Hajdarević
f692da2465
Merge pull request #445 from moorereason/bugfix/require-go14
Bugfix/require go14
2020-07-29 08:53:51 +02:00
Gabe Gałązka
fb9b22a118 Change minimum golang version to 1.14 in README 2020-07-27 13:18:35 -05:00
Cameron Moore
eefcd7f7d5 Require Go 1.14
When go.mod specifies go 1.14 or higher, the go tools now verify that
vendor/modules.txt is consistent with go.mod.  Fixed by running `go mod
vendor`.
2020-07-27 13:18:18 -05:00
Adnan Hajdarević
c4f29b5d8b
Merge pull request #432 from moorereason/bugfix/logging-gocritic
Fix issues in logging middleware
2020-05-29 09:43:32 +02:00
Adnan Hajdarević
dd84a68483
Merge pull request #431 from moorereason/bugfix/pidfile-tighten
Tighten file permissions on pidfile creation
2020-05-29 09:42:55 +02:00
Cameron Moore
c9199d62e4 Tighten file permissions on pidfile creation
Fixes report from gosec: "G306: Expect WriteFile permissions to be 0600
or less."  Also, use new octal number formatting.
2020-05-28 18:23:02 -05:00
Cameron Moore
3d824b47b7 Rename var to avoid shadowing bytes package
importShadow: shadow of imported package 'bytes' (gocritic)
2020-05-28 18:20:07 -05:00
Cameron Moore
cc98de88ce Fix godoc comment on LogEntry.Panic 2020-05-28 18:17:41 -05:00
Adnan Hajdarević
e71b45b28f
Merge pull request #427 from moorereason/feature/empty-payload-signature
Warn on failed validate of empty payload signature
2020-05-23 09:28:09 +02:00
Cameron Moore
41ac427a89 Warn on failed validate of empty payload signature
If signature validation fails on an empty payload, append a note to the
end of the error message.

Updates #423
2020-05-22 14:02:12 -05:00
Adnan Hajdarević
7b3c5fd028
Merge pull request #426 from moorereason/bugfix/issue425
Fix request dumper
2020-05-22 07:15:43 +02:00
Cameron Moore
526c9a20ac Fix request dumper
The existing code had a bug in printing request params.  Simplify the
request logger by using httputil.DumpRequest.

Also print the request before handing it downstream.

Fixes #425
2020-05-21 17:47:55 -05:00
Adnan Hajdarević
a75ab4f92f
Merge pull request #420 from adnanh/master
Update README.md
2020-05-14 14:22:48 +02:00
Adnan Hajdarević
345bf3d409
Update README.md 2020-05-14 14:22:24 +02:00
Adnan Hajdarevic
e6e324235d Bump version to v2.7.0 2020-05-12 19:14:25 +02:00
Adnan Hajdarevic
6c8d2e6b6d Merge branch 'master' into development 2020-05-12 19:13:27 +02:00
Adnan Hajdarević
c8ea86f6ce
Merge pull request #417 from moorereason/bugfix/error-locating-command-test
Fix missing command test
2020-05-12 13:52:37 +02:00
Cameron Moore
4f437e4642 Fix missing command test 2020-05-11 20:21:37 -05:00
Adnan Hajdarević
7267733aa8
Merge pull request #351 from dexpota/master
Add help target to Makefile
2020-04-27 21:46:23 +02:00
Adnan Hajdarević
95bd1b3072
Merge pull request #413 from moorereason/feature/go1.14ciphers
Use Go 1.14 cipher suites
2020-04-25 17:04:59 +02:00
Adnan Hajdarević
9cb199c8b3
Merge pull request #415 from moorereason/bugfix/missing-rid-on-missing-cmd
Add request ID logging on missing command
2020-04-25 16:59:21 +02:00
Cameron Moore
4407c0190b Add request ID logging on missing command 2020-04-24 15:32:33 -05:00
Cameron Moore
4897bea79f Use Go 1.14 cipher suites
Now that Go 1.14 is out, we can remove cipher_suites.go and use the
stdlib.
2020-04-24 09:13:11 -05:00
Adnan Hajdarević
38294cd0c6
Merge pull request #383 from moorereason/feature/pidfile
Add pidfile support
2020-02-14 19:35:18 +01:00
Adnan Hajdarević
dc4f42bb26
Merge pull request #384 from moorereason/feature/value-walk
Show failed parameter node lookups
2020-02-14 19:13:36 +01:00