MidnightBSD Magussecurity/crowdsec
CrowdSec lightweight and collaborative security engine
| Flavor | Version | Run | OSVersion | Arch | License | Restricted | Status | |
|---|---|---|---|---|---|---|---|---|
| 1.6.3 | 594 | 3.2 | i386 | mit | 0 | fail |
License Permissions:
Events
| Machine | Type | Time | Message |
|---|---|---|---|
| m3232 | info | 2024-12-19 07:24:58.062134 | Test Started |
| m3232 | fail | 2024-12-19 07:29:34.464225 | make test returned non-zero: 1 |
| m3232 | fail | 2024-12-19 07:29:34.82152 | Test complete. |
Log
[1m===> Testing for crowdsec-1.6.3[0m
(cd /magus/work/usr/mports/security/crowdsec/work/github.com/crowdsecurity/crowdsec@v1.6.3; for t in ./...; do echo "===> Testing ${t}"; /usr/bin/env -i HOME=/magus/work/usr/mports/security/crowdsec/work PWD="${PWD}" __MAKE_CONF=/nonexistent OSVERSION=302002 PATH=/magus/work/usr/mports/security/crowdsec/work/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin TERM=vt100 TMPDIR=/tmp XDG_DATA_HOME=/magus/work/usr/mports/security/crowdsec/work XDG_CONFIG_HOME=/magus/work/usr/mports/security/crowdsec/work HOME=/magus/work/usr/mports/security/crowdsec/work TMPDIR="/tmp" PATH=/magus/work/usr/mports/security/crowdsec/work/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin PKG_CONFIG_LIBDIR=/magus/work/usr/mports/security/crowdsec/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig MK_DEBUG_FILES=no MK_KERNEL_SYMBOLS=no SHELL=/bin/sh NO_LINT=YES TARGETDIR=/usr/local DESTDIR= PREFIX=/usr/local LOCALBASE=/usr/local CC="cc" CFLAGS="-O2 -pipe -fstack-protector-strong -fno-strict-aliasing" CPP="cpp" CPPFLAGS="" LDFLAGS=" -fstack-protector-strong " LIBS="" CXX="c++" CXXFLAGS="-O2 -pipe -fstack-protector-strong -fno-strict-aliasing" BSD_INSTALL_PROGRAM="install -s -o root -g wheel -m 555" BSD_INSTALL_LIB="install -s -o root -g wheel -m 444" BSD_INSTALL_SCRIPT="install -o root -g wheel -m 555" BSD_INSTALL_DATA="install -o root -g wheel -m 444" BSD_INSTALL_MAN="install -o root -g wheel -m 444" CGO_ENABLED=1 CGO_CFLAGS="-I/usr/local/include" CGO_LDFLAGS="-L/usr/local/lib" GOAMD64= GOARM= GOTMPDIR="/magus/work/usr/mports/security/crowdsec/work" GOPATH="/magus/distfiles/go/security_crowdsec" GOBIN="/magus/work/usr/mports/security/crowdsec/work/bin" GO111MODULE=on GOFLAGS=-modcacherw GOSUMDB=sum.golang.org GOPROXY=off /usr/local/bin/go122 test -v -buildvcs=false -mod=vendor ${t}; done)
===> Testing ./...
? github.com/crowdsecurity/crowdsec/cmd/crowdsec [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/ask [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clialert [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clibouncer [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clicapi [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/cliconsole [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clidecision [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/cliexplain [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clihub [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clihubtest [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/cliitem [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clientinfo [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/climachine [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clinotifications [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clipapi [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clisetup [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clisimulation [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clisupport [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/cstable [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/idgen [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/climetrics [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/reload [no test files]
? github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-dummy [no test files]
=== RUN TestPrepareAPIURL_NoProtocol
--- PASS: TestPrepareAPIURL_NoProtocol (0.00s)
=== RUN TestPrepareAPIURL_Http
--- PASS: TestPrepareAPIURL_Http (0.00s)
=== RUN TestPrepareAPIURL_Https
--- PASS: TestPrepareAPIURL_Https (0.00s)
=== RUN TestPrepareAPIURL_UnixSocket
--- PASS: TestPrepareAPIURL_UnixSocket (0.00s)
=== RUN TestPrepareAPIURL_Empty
--- PASS: TestPrepareAPIURL_Empty (0.00s)
=== RUN TestPrepareAPIURL_Empty_ConfigOverride
--- PASS: TestPrepareAPIURL_Empty_ConfigOverride (0.00s)
PASS
ok github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clilapi 0.141s
? github.com/crowdsecurity/crowdsec/cmd/notification-email [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-file [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-http [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-sentinel [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-slack [no test files]
? github.com/crowdsecurity/crowdsec/cmd/notification-splunk [no test files]
? github.com/crowdsecurity/crowdsec/pkg/acquisition/configuration [no test files]
? github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/appsec/bodyprocessors [no test files]
? github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/loki/internal/lokiclient [no test files]
=== RUN TestDataSourceConfigure
=== RUN TestDataSourceConfigure/basic_valid_config
=== RUN TestDataSourceConfigure/basic_debug_config
=== RUN TestDataSourceConfigure/basic_tailmode_config
=== RUN TestDataSourceConfigure/bad_mode_config
=== RUN TestDataSourceConfigure/bad_type_config
=== RUN TestDataSourceConfigure/mismatch_config
=== RUN TestDataSourceConfigure/cant_run_error
--- PASS: TestDataSourceConfigure (0.00s)
--- PASS: TestDataSourceConfigure/basic_valid_config (0.00s)
--- PASS: TestDataSourceConfigure/basic_debug_config (0.00s)
--- PASS: TestDataSourceConfigure/basic_tailmode_config (0.00s)
--- PASS: TestDataSourceConfigure/bad_mode_config (0.00s)
--- PASS: TestDataSourceConfigure/bad_type_config (0.00s)
--- PASS: TestDataSourceConfigure/mismatch_config (0.00s)
--- PASS: TestDataSourceConfigure/cant_run_error (0.00s)
=== RUN TestLoadAcquisitionFromFile
=== RUN TestLoadAcquisitionFromFile/non_existent_file
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : does_not_exist"
=== RUN TestLoadAcquisitionFromFile/invalid_yaml_file
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/badyaml.yaml"
=== RUN TestLoadAcquisitionFromFile/invalid_empty_yaml
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/emptyitem.yaml"
=== RUN TestLoadAcquisitionFromFile/basic_valid
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/basic_filemode.yaml"
=== RUN TestLoadAcquisitionFromFile/missing_labels
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/missing_labels.yaml"
=== RUN TestLoadAcquisitionFromFile/backward_compat
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/backward_compat.yaml"
=== RUN TestLoadAcquisitionFromFile/bad_type
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/bad_source.yaml"
=== RUN TestLoadAcquisitionFromFile/invalid_filetype_config
time="2024-12-19T07:28:59-05:00" level=info msg="loading acquisition file : test_files/bad_filetype.yaml"
--- PASS: TestLoadAcquisitionFromFile (0.00s)
--- PASS: TestLoadAcquisitionFromFile/non_existent_file (0.00s)
--- PASS: TestLoadAcquisitionFromFile/invalid_yaml_file (0.00s)
--- PASS: TestLoadAcquisitionFromFile/invalid_empty_yaml (0.00s)
--- PASS: TestLoadAcquisitionFromFile/basic_valid (0.00s)
--- PASS: TestLoadAcquisitionFromFile/missing_labels (0.00s)
--- PASS: TestLoadAcquisitionFromFile/backward_compat (0.00s)
--- PASS: TestLoadAcquisitionFromFile/bad_type (0.00s)
--- PASS: TestLoadAcquisitionFromFile/invalid_filetype_config (0.00s)
=== RUN TestStartAcquisitionCat
--- PASS: TestStartAcquisitionCat (1.00s)
=== RUN TestStartAcquisitionTail
--- PASS: TestStartAcquisitionTail (2.02s)
=== RUN TestStartAcquisitionTailError
--- PASS: TestStartAcquisitionTailError (2.06s)
=== RUN TestConfigureByDSN
=== RUN TestConfigureByDSN/baddsn
=== RUN TestConfigureByDSN/foobar://toto
=== RUN TestConfigureByDSN/mockdsn://test_expect
=== RUN TestConfigureByDSN/mockdsn://bad
--- PASS: TestConfigureByDSN (0.00s)
--- PASS: TestConfigureByDSN/baddsn (0.00s)
--- PASS: TestConfigureByDSN/foobar://toto (0.00s)
--- PASS: TestConfigureByDSN/mockdsn://test_expect (0.00s)
--- PASS: TestConfigureByDSN/mockdsn://bad (0.00s)
PASS
ok github.com/crowdsecurity/crowdsec/pkg/acquisition 5.262s
=== RUN TestAppsecOnMatchHooks
=== RUN TestAppsecOnMatchHooks/no_rule_:_check_return_code
time="2024-12-19T07:28:59-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22a97b00}" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 outofband rules" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 inband rules" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x22a1f200 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded outband rules: []" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Request received in runner" request_uuid= test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=1 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN variable=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN variable_name=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=t band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=2 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="rules matched for body : 756992091" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=5 test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="no rule : check return code" tx_id=gWjgCYseNboUJcEnGFN
time="2024-12-19T07:28:59-05:00" level=debug msg="inband rules matched : 756992091" test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="no rule : check return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=outband test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=1 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=2 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=5 test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="no rule : check return code" tx_id=wINBfcDmicuvPEkFPCR
time="2024-12-19T07:28:59-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d03880)({\n Capacity: (*int32)(0x23cfd42c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228131f0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22813200)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22813210)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22813220)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22813240)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22813250)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22813260)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22b2c728)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x23cfd4cc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22b2c7e0)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22b2c800)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228132a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228132c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x228132e0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22813310)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22813330)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22813350)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22b2c7e8)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22b2c7f0)(\"\"),\n ScenarioVersion: (*string)(0x22b2c7f8)(\"\"),\n Simulated: (*bool)(0x23cfd4f0)(false),\n Source: (*models.Source)(0x22a9fa40)(ip ),\n StartAt: (*string)(0x22b2c810)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22b2c818)((len=20) \"2024-12-19T12:28:59Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x23cfd42c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228131f0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22813200)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22813210)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22813220)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22813240)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22813250)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22813260)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22b2c728)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x23cfd4cc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22b2c7e0)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22b2c800)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228132a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228132c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x228132e0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22813310)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22813330)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22813350)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22b2c7e8)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22b2c7f0)(\"\"),\n ScenarioVersion: (*string)(0x22b2c7f8)(\"\"),\n Simulated: (*bool)(0x23cfd4f0)(false),\n Source: (*models.Source)(0x22a9fa40)(ip ),\n StartAt: (*string)(0x22b2c810)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22b2c818)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:28:59.866948549 -0500 EST m=+0.120859555,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"gWjgCYseNboUJcEnGFN\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\"\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\",\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\"\n }\n }\n}\n"
time="2024-12-19T07:28:59-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_return_code
time="2024-12-19T07:28:59-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetReturnCode(413)] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22abc100}" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23488ee0 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH variable=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH variable_name=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change return code" tx_id=uyQchdcZSjWghsYxugH
time="2024-12-19T07:28:59-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="setting http code to 413" request_uuid= test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change return code"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=outband test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change return code" tx_id=gBDGryYknTNWAExjABm
time="2024-12-19T07:28:59-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x234aa200)({\n Capacity: (*int32)(0x22be2f9c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22afe970)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22afe980)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22afe990)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22afe9a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22afe9c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22afe9d0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22afe9e0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22a4f1d0)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x22be303c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22a4f228)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22a4f248)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22afea00)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea70)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea90)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22afeab0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22a4f230)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22a4f238)(\"\"),\n ScenarioVersion: (*string)(0x22a4f240)(\"\"),\n Simulated: (*bool)(0x22be3070)(false),\n Source: (*models.Source)(0x22abdd80)(ip ),\n StartAt: (*string)(0x22a4f258)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22a4f260)((len=20) \"2024-12-19T12:28:59Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x22be2f9c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22afe970)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22afe980)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22afe990)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22afe9a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22afe9c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22afe9d0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22afe9e0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22a4f1d0)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x22be303c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22a4f228)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22a4f248)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22afea00)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea70)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22afea90)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22afeab0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22a4f230)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22a4f238)(\"\"),\n ScenarioVersion: (*string)(0x22a4f240)(\"\"),\n Simulated: (*bool)(0x22be3070)(false),\n Source: (*models.Source)(0x22abdd80)(ip ),\n StartAt: (*string)(0x22a4f258)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22a4f260)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:28:59.925262572 -0500 EST m=+0.179173458,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\",\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"uyQchdcZSjWghsYxugH\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\"\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\",\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\"\n }\n }\n}\n"
time="2024-12-19T07:28:59-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 413,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_action_to_a_non_standard_one_(log)
time="2024-12-19T07:28:59-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('log')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22ae0680}" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x234b6f00 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ variable=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ variable_name=ARGS_GET
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change action to a non standard one (log)" tx_id=gyIigCqvuDkcdJpVIuJ
time="2024-12-19T07:28:59-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="setting action to log" request_uuid= test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change action to a non standard one (log)"
time="2024-12-19T07:28:59-05:00" level=debug msg="New transaction created" band=outband test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:28:59-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change action to a non standard one (log)" tx_id=UoFqxvAQlqqRZEtARGV
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x234aa400)({\n Capacity: (*int32)(0x234c6038)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228be470)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228be480)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x228be490)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x228be4a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x228be4c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x228be4d0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x228be4e0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22ad7c58)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x234c60dc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22ad7ca8)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22ad7cc8)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228be500)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228be520)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228be540)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228be570)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x228be590)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x228be5b0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22ad7cb0)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22ad7cb8)(\"\"),\n ScenarioVersion: (*string)(0x22ad7cc0)(\"\"),\n Simulated: (*bool)(0x234c60e0)(false),\n Source: (*models.Source)(0x22af84c0)(ip ),\n StartAt: (*string)(0x22ad7cd8)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22ad7ce0)((len=20) \"2024-12-19T12:28:59Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x234c6038)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228be470)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228be480)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x228be490)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x228be4a0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x228be4c0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x228be4d0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x228be4e0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22ad7c58)((len=20) \"2024-12-19T12:28:59Z\")\n })\n },\n EventsCount: (*int32)(0x234c60dc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22ad7ca8)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22ad7cc8)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228be500)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228be520)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228be540)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228be570)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x228be590)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x228be5b0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22ad7cb0)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22ad7cb8)(\"\"),\n ScenarioVersion: (*string)(0x22ad7cc0)(\"\"),\n Simulated: (*bool)(0x234c60e0)(false),\n Source: (*models.Source)(0x22af84c0)(ip ),\n StartAt: (*string)(0x22ad7cd8)((len=20) \"2024-12-19T12:28:59Z\"),\n StopAt: (*string)(0x22ad7ce0)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:28:59.978323404 -0500 EST m=+0.232234469,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"gyIigCqvuDkcdJpVIuJ\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\"\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"log\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(allow)
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('allow')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22af8dc0}" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x234c4f60 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change action to another standard one (allow)" tx_id=DLDoLacdLioPkmUDpjf
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="setting action to allow" request_uuid= test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change action to another standard one (allow)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change action to another standard one (allow)" tx_id=YMDkibvlfLqgFvYYjLm
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x234aa600)({\n Capacity: (*int32)(0x234cd3d8)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228bfb30)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228bfb40)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x228bfb50)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x228bfb60)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x228bfb80)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x228bfb90)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x228bfba0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x234c9658)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x234cd47c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x234c96a8)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x234c96c8)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228bfbc0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfbe0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfc00)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfef0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22ab22f0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22ab23d0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x234c96b0)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x234c96b8)(\"\"),\n ScenarioVersion: (*string)(0x234c96c0)(\"\"),\n Simulated: (*bool)(0x234cd480)(false),\n Source: (*models.Source)(0x22afcdc0)(ip ),\n StartAt: (*string)(0x234c96d8)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x234c96e0)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x234cd3d8)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x228bfb30)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228bfb40)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x228bfb50)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x228bfb60)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x228bfb80)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x228bfb90)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x228bfba0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x234c9658)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x234cd47c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x234c96a8)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x234c96c8)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x228bfbc0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfbe0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfc00)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x228bfef0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22ab22f0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22ab23d0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x234c96b0)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x234c96b8)(\"\"),\n ScenarioVersion: (*string)(0x234c96c0)(\"\"),\n Simulated: (*bool)(0x234cd480)(false),\n Source: (*models.Source)(0x22afcdc0)(ip ),\n StartAt: (*string)(0x234c96d8)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x234c96e0)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:29:00.042514438 -0500 EST m=+0.296425146,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"DLDoLacdLioPkmUDpjf\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=9) \"file_line\": (int) 1\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=5) \"allow\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(ban)
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('ban')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22afd640}" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x234fcf80 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change action to another standard one (ban)" tx_id=LNyJFxVVWMjtVDMcahc
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="setting action to ban" request_uuid= test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change action to another standard one (ban)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change action to another standard one (ban)" tx_id=hssRxMBRHhzXsKBZbkB
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x234aa800)({\n Capacity: (*int32)(0x22f0876c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22f8a3b0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22f8a3c0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22f8a3d0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22f8a3e0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22f8a400)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22f8a410)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22f8a420)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22f83060)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x22f087ec)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22f830b0)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22f830d0)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22f8a440)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a460)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a480)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4b0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4d0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4f0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22f830b8)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22f830c0)(\"\"),\n ScenarioVersion: (*string)(0x22f830c8)(\"\"),\n Simulated: (*bool)(0x22f08810)(false),\n Source: (*models.Source)(0x22b11280)(ip ),\n StartAt: (*string)(0x22f830e0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x22f830e8)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x22f0876c)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22f8a3b0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22f8a3c0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22f8a3d0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22f8a3e0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22f8a400)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22f8a410)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22f8a420)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x22f83060)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x22f087ec)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x22f830b0)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x22f830d0)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22f8a440)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a460)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a480)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4b0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4d0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22f8a4f0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x22f830b8)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x22f830c0)(\"\"),\n ScenarioVersion: (*string)(0x22f830c8)(\"\"),\n Simulated: (*bool)(0x22f08810)(false),\n Source: (*models.Source)(0x22b11280)(ip ),\n StartAt: (*string)(0x22f830e0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x22f830e8)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:29:00.098424489 -0500 EST m=+0.352335316,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=8) \"req_uuid\": (string) (len=19) \"LNyJFxVVWMjtVDMcahc\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\",\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=8) \"revision\": (string) \"\"\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(captcha)
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('captcha')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22ab0640}" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x2354ed20 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change action to another standard one (captcha)" tx_id=jqBVAcHYhtmrTZHIodg
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="setting action to captcha" request_uuid= test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change action to another standard one (captcha)"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change action to another standard one (captcha)" tx_id=mRJphoPthpLESRATELE
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d03c00)({\n Capacity: (*int32)(0x23559d58)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x2302e230)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x2302e240)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x2302e250)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x2302e260)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x2302e280)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x2302e290)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x2302e2a0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x230322d8)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23559dfc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23032328)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23032348)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x2302e2c0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e2e0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e300)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e330)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e350)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e370)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23032330)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x23032338)(\"\"),\n ScenarioVersion: (*string)(0x23032340)(\"\"),\n Simulated: (*bool)(0x23559e00)(false),\n Source: (*models.Source)(0x22b18240)(ip ),\n StartAt: (*string)(0x23032358)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23032360)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x23559d58)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x2302e230)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x2302e240)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x2302e250)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x2302e260)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x2302e280)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x2302e290)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x2302e2a0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x230322d8)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23559dfc)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23032328)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23032348)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x2302e2c0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e2e0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e300)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e330)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e350)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x2302e370)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23032330)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x23032338)(\"\"),\n ScenarioVersion: (*string)(0x23032340)(\"\"),\n Simulated: (*bool)(0x23559e00)(false),\n Source: (*models.Source)(0x22b18240)(ip ),\n StartAt: (*string)(0x23032358)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23032360)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:29:00.154102439 -0500 EST m=+0.408013207,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"jqBVAcHYhtmrTZHIodg\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=8) \"accuracy\": (int) 0\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=7) \"captcha\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_change_action_to_a_non_standard_one
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('foobar')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22adc940}" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x2291cdc0 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=756992091 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 756992091" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: change action to a non standard one" tx_id=ydYLEDCgHqDwLeMEEXX
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 756992091" test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="setting action to foobar" request_uuid= test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: change action to a non standard one"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: change action to a non standard one" tx_id=cgcoExDqWNEyiuchXiE
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=2 cap=2) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d0e100)({\n Capacity: (*int32)(0x229412ec)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22920d70)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22920d80)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22920d90)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22920da0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22920dc0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22920dd0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22920de0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x2291f840)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x2294136c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x2291f890)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x2291f8b0)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22920e00)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e70)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e90)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22920eb0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x2291f898)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x2291f8a0)(\"\"),\n ScenarioVersion: (*string)(0x2291f8a8)(\"\"),\n Simulated: (*bool)(0x22941390)(false),\n Source: (*models.Source)(0x22b26380)(ip ),\n StartAt: (*string)(0x2291f8c0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x2291f8c8)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x229412ec)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x22920d70)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22920d80)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=9) \"756992091\"\n }),\n (*models.MetaItems0)(0x22920d90)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=21) \"native_rule:756992091\"\n }),\n (*models.MetaItems0)(0x22920da0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x22920dc0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x22920dd0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x22920de0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=5) \"rule1\"\n })\n },\n Timestamp: (*string)(0x2291f840)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x2294136c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x2291f890)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x2291f8b0)((len=44) \"AppSec block: native_rule:756992091 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x22920e00)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=25) \"[\\\"native_rule:756992091\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e70)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x22920e90)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=9) \"[\\\"rule1\\\"]\"\n }),\n (*models.MetaItems0)(0x22920eb0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=13) \"[\\\"756992091\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x2291f898)((len=21) \"native_rule:756992091\"),\n ScenarioHash: (*string)(0x2291f8a0)(\"\"),\n ScenarioVersion: (*string)(0x2291f8a8)(\"\"),\n Simulated: (*bool)(0x22941390)(false),\n Source: (*models.Source)(0x22b26380)(ip ),\n StartAt: (*string)(0x2291f8c0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x2291f8c8)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n },\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:29:00.214008918 -0500 EST m=+0.467919685,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"ydYLEDCgHqDwLeMEEXX\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\",\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=11) \"target_host\": (string) \"\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=14) \"crowdsec-rule1\"\n },\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=2) \"id\": (int) 756992091,\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=8) \"revision\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=5) \"rule1\",\n (string) (len=4) \"name\": (string) (len=21) \"native_rule:756992091\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n }\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=6) \"foobar\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_cancel_alert
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true && LogInfo('XX -> %s', evt.Appsec.MatchedRules.GetName()) FilterExpr: OnSuccess: Apply:[CancelAlert()] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b26ec0}" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\"" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:1376422392 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule42] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23d1cee0 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule42 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=1376422392 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 1376422392" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: cancel alert" tx_id=vXsfrmspZcEevqyZrAu
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 1376422392" test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=info msg="XX -> native_rule:1376422392"
time="2024-12-19T07:29:00-05:00" level=debug msg="canceling alert" request_uuid= test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: cancel alert"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: cancel alert" tx_id=fxsXBwwYtnmMORfkLjI
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=1 cap=1) {\n (types.Event) {\n Type: (int) 0,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) (len=7) \"s00-raw\",\n Line: (types.Line) {\n Raw: (string) (len=17) \"dummy-appsec-data\",\n Src: (string) (len=6) \"appsec\",\n Time: (time.Time) 2024-12-19 07:29:00.268594793 -0500 EST m=+0.522505739,\n Labels: (map[string]string) (len=1) {\n (string) (len=3) \"foo\": (string) (len=3) \"bar\"\n },\n Process: (bool) true,\n Module: (string) (len=6) \"appsec\"\n },\n Parsed: (map[string]string) (len=9) {\n (string) (len=6) \"source\": (string) (len=15) \"crowdsec-appsec\",\n (string) (len=9) \"source_ip\": (string) \"\",\n (string) (len=10) \"target_uri\": (string) (len=7) \"/urllll\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=18) \"inband_interrupted\": (string) (len=4) \"true\",\n (string) (len=11) \"target_host\": (string) \"\",\n (string) (len=8) \"req_uuid\": (string) (len=19) \"vXsfrmspZcEevqyZrAu\",\n (string) (len=19) \"remediation_cmpt_ip\": (string) \"\",\n (string) (len=13) \"inband_action\": (string) (len=4) \"deny\"\n },\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) ,\n Alert: (*models.Alert)(),\n APIAlerts: ([]models.Alert) \n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) true,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) (len=1 cap=2) {\n (map[string]interface {}) (len=17) {\n (string) (len=7) \"secmark\": (string) \"\",\n (string) (len=3) \"msg\": (string) (len=6) \"rule42\",\n (string) (len=10) \"disruptive\": (bool) true,\n (string) (len=4) \"tags\": ([]string) (len=1 cap=1) {\n (string) (len=15) \"crowdsec-rule42\"\n },\n (string) (len=9) \"file_line\": (int) 1,\n (string) (len=8) \"severity\": (string) (len=9) \"emergency\",\n (string) (len=4) \"hash\": (string) \"\",\n (string) (len=13) \"matched_zones\": ([]string) (len=1 cap=1) {\n (string) (len=12) \"ARGS_GET.foo\"\n },\n (string) (len=2) \"id\": (int) 1376422392,\n (string) (len=4) \"file\": (string) \"\",\n (string) (len=3) \"uri\": (string) (len=7) \"/urllll\",\n (string) (len=9) \"rule_type\": (string) (len=6) \"inband\",\n (string) (len=8) \"accuracy\": (int) 0,\n (string) (len=4) \"name\": (string) (len=22) \"native_rule:1376422392\",\n (string) (len=7) \"version\": (string) \"\",\n (string) (len=6) \"method\": (string) (len=3) \"GET\",\n (string) (len=8) \"revision\": (string) \"\"\n }\n },\n Vars: (map[string]string) {\n }\n },\n Meta: (map[string]string) (len=2) {\n (string) (len=18) \"appsec_interrupted\": (string) (len=4) \"true\",\n (string) (len=13) \"appsec_action\": (string) (len=4) \"deny\"\n }\n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) true,\n SendAlert: (bool) false\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_cancel_event
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[CancelEvent()] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b2f040}" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\"" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:1376422392 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule42] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23d45040 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule42 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=1376422392 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 1376422392" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: cancel event" tx_id=yJrZlmQVZCgwbWOzWrZ
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 1376422392" test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="canceling event" request_uuid= test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: cancel event"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: cancel event" tx_id=TfqmpoKVzQEsAkKPSfD
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=1 cap=1) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d0e400)({\n Capacity: (*int32)(0x23d37fcc)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d46bf0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d46c00)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d46c10)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d46c20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d46c40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d46c50)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d46c60)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23d58de8)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23d7006c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23d58e38)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23d58e58)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d46c80)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46ca0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46cc0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46cf0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46d10)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46d30)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23d58e40)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23d58e48)(\"\"),\n ScenarioVersion: (*string)(0x23d58e50)(\"\"),\n Simulated: (*bool)(0x23d70070)(false),\n Source: (*models.Source)(0x22b5b300)(ip ),\n StartAt: (*string)(0x23d58e68)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23d58e70)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x23d37fcc)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d46bf0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d46c00)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d46c10)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d46c20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d46c40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d46c50)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d46c60)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23d58de8)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23d7006c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23d58e38)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23d58e58)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d46c80)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46ca0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46cc0)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46cf0)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46d10)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d46d30)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23d58e40)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23d58e48)(\"\"),\n ScenarioVersion: (*string)(0x23d58e50)(\"\"),\n Simulated: (*bool)(0x23d70070)(false),\n Source: (*models.Source)(0x22b5b300)(ip ),\n StartAt: (*string)(0x23d58e68)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23d58e70)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) false,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_on_success_break
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess:break Apply:[CancelEvent()] ApplyExpr:[]} {Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('captcha')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b5bd00}" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\"" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:1376422392 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule42] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23d692e0 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule42 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=1376422392 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 1376422392" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: on_success break" tx_id=eLvAtDUZBAXKsvEXrSz
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 1376422392" test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="canceling event" request_uuid= test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: on_success break"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: on_success break" tx_id=RwPZHGuCYFzJjWEDxXz
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=1 cap=1) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d0e600)({\n Capacity: (*int32)(0x23d866a8)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d47b40)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d47b50)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d47b60)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d47b70)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d47b90)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d47ba0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d47bb0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23d8ec30)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23d8674c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23d8ec80)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23d8eca0)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d47bd0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47bf0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c10)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c60)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c80)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23d8ec88)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23d8ec90)(\"\"),\n ScenarioVersion: (*string)(0x23d8ec98)(\"\"),\n Simulated: (*bool)(0x23d86750)(false),\n Source: (*models.Source)(0x22b60080)(ip ),\n StartAt: (*string)(0x23d8ecb0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23d8ecb8)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x23d866a8)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d47b40)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d47b50)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d47b60)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d47b70)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d47b90)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d47ba0)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d47bb0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23d8ec30)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23d8674c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23d8ec80)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23d8eca0)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d47bd0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47bf0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c10)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c60)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d47c80)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23d8ec88)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23d8ec90)(\"\"),\n ScenarioVersion: (*string)(0x23d8ec98)(\"\"),\n Simulated: (*bool)(0x23d86750)(false),\n Source: (*models.Source)(0x22b60080)(ip ),\n StartAt: (*string)(0x23d8ecb0)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23d8ecb8)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=3) \"ban\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) false,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecOnMatchHooks/on_match:_on_success_continue
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[] PostEval:[] OnMatch:[{Filter:IsInBand == true FilterExpr: OnSuccess:continue Apply:[CancelEvent()] ApplyExpr:[]} {Filter:IsInBand == true FilterExpr: OnSuccess: Apply:[SetRemediation('captcha')] ApplyExpr:[]}] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b60b40}" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\"" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:1376422392 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule42] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:1376422392,phase:2,deny,log,msg:'rule42',tag:'crowdsec-rule42',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23d99580 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule42 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating rule" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Expanding arguments for rule" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy variable=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Transforming argument for rule" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Arguments transformed for rule" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Matching rule" band=inband key=foo rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy variable_name=ARGS_GET
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=auditlog band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=log band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating action" action=t band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating operator: MATCH" arg=toto band=inband operator_data=^toto operator_function=@rx rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Executing disruptive action for rule" action=deny band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Rule matched" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Finish evaluating rule" band=inband rule_id=1376422392 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="rules matched for body : 1376422392" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="on_match: on_success continue" tx_id=IYYhaRuAmsfRlsIzkIy
time="2024-12-19T07:29:00-05:00" level=debug msg="inband rules matched : 1376422392" test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="canceling event" request_uuid= test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="setting action to captcha" request_uuid= test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="on_match: on_success continue"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="on_match: on_success continue" tx_id=xPMKMHfQFJMTqjxpqTh
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) (len=1 cap=1) {\n (types.Event) {\n Type: (int) 2,\n ExpectMode: (int) 0,\n Whitelisted: (bool) false,\n WhitelistReason: (string) \"\",\n Stage: (string) \"\",\n Line: (types.Line) {\n Raw: (string) \"\",\n Src: (string) \"\",\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n Labels: (map[string]string) ,\n Process: (bool) false,\n Module: (string) \"\"\n },\n Parsed: (map[string]string) ,\n Enriched: (map[string]string) ,\n Unmarshaled: (map[string]interface {}) ,\n Overflow: (types.RuntimeAlert) {\n Mapkey: (string) \"\",\n BucketId: (string) \"\",\n Whitelisted: (bool) false,\n Reprocess: (bool) false,\n Sources: (map[string]models.Source) (len=1) {\n (string) \"\": (models.Source) ip \n },\n Alert: (*models.Alert)(0x23d0e800)({\n Capacity: (*int32)(0x23da4d98)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d9cbf0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d9cc00)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d9cc10)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d9cc20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d9cc40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d9cc50)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d9cc60)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23dbeb28)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23da4e3c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23dbeb78)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23dbeb98)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d9cc80)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cca0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9ccc0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9ccf0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cd10)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cd30)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23dbeb80)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23dbeb88)(\"\"),\n ScenarioVersion: (*string)(0x23dbeb90)(\"\"),\n Simulated: (*bool)(0x23da4e40)(false),\n Source: (*models.Source)(0x22b66640)(ip ),\n StartAt: (*string)(0x23dbeba8)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23dbebb0)((len=20) \"2024-12-19T12:29:00Z\"),\n UUID: (string) \"\"\n }),\n APIAlerts: ([]models.Alert) (len=1 cap=1) {\n (models.Alert) {\n Capacity: (*int32)(0x23da4d98)(1),\n CreatedAt: (string) \"\",\n Decisions: ([]*models.Decision) ,\n Events: ([]*models.Event) (len=1 cap=2) {\n (*models.Event)(0x23d9cbf0)({\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d9cc00)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=10) \"1376422392\"\n }),\n (*models.MetaItems0)(0x23d9cc10)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=22) \"native_rule:1376422392\"\n }),\n (*models.MetaItems0)(0x23d9cc20)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=3) \"GET\"\n }),\n (*models.MetaItems0)(0x23d9cc40)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=7) \"/urllll\"\n }),\n (*models.MetaItems0)(0x23d9cc50)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=12) \"ARGS_GET.foo\"\n }),\n (*models.MetaItems0)(0x23d9cc60)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=6) \"rule42\"\n })\n },\n Timestamp: (*string)(0x23dbeb28)((len=20) \"2024-12-19T12:29:00Z\")\n })\n },\n EventsCount: (*int32)(0x23da4e3c)(1),\n ID: (int64) 0,\n Labels: ([]string) ,\n Leakspeed: (*string)(0x23dbeb78)(\"\"),\n MachineID: (string) \"\",\n Message: (*string)(0x23dbeb98)((len=45) \"AppSec block: native_rule:1376422392 from ()\"),\n Meta: (models.Meta) (len=6 cap=8) {\n (*models.MetaItems0)(0x23d9cc80)({\n Key: (string) (len=13) \"matched_zones\",\n Value: (string) (len=16) \"[\\\"ARGS_GET.foo\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cca0)({\n Key: (string) (len=3) \"msg\",\n Value: (string) (len=10) \"[\\\"rule42\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9ccc0)({\n Key: (string) (len=2) \"id\",\n Value: (string) (len=14) \"[\\\"1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9ccf0)({\n Key: (string) (len=4) \"name\",\n Value: (string) (len=26) \"[\\\"native_rule:1376422392\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cd10)({\n Key: (string) (len=6) \"method\",\n Value: (string) (len=7) \"[\\\"GET\\\"]\"\n }),\n (*models.MetaItems0)(0x23d9cd30)({\n Key: (string) (len=3) \"uri\",\n Value: (string) (len=11) \"[\\\"/urllll\\\"]\"\n })\n },\n Remediation: (bool) false,\n Scenario: (*string)(0x23dbeb80)((len=22) \"native_rule:1376422392\"),\n ScenarioHash: (*string)(0x23dbeb88)(\"\"),\n ScenarioVersion: (*string)(0x23dbeb90)(\"\"),\n Simulated: (*bool)(0x23da4e40)(false),\n Source: (*models.Source)(0x22b66640)(ip ),\n StartAt: (*string)(0x23dbeba8)((len=20) \"2024-12-19T12:29:00Z\"),\n StopAt: (*string)(0x23dbebb0)(),\n UUID: (string) \"\"\n }\n }\n },\n Time: (time.Time) 0001-01-01 00:00:00 +0000 UTC,\n StrTime: (string) \"\",\n StrTimeFormat: (string) \"\",\n MarshaledTime: (string) \"\",\n Process: (bool) true,\n Appsec: (types.AppsecEvent) {\n HasInBandMatches: (bool) false,\n HasOutBandMatches: (bool) false,\n MatchedRules: (types.MatchedRules) ,\n Vars: (map[string]string) \n },\n Meta: (map[string]string) \n }\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) true,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=7) \"captcha\",\n UserHTTPResponseCode: (int) 403,\n BouncerHTTPResponseCode: (int) 403,\n SendEvent: (bool) false,\n SendAlert: (bool) true\n }\n}\n"
--- PASS: TestAppsecOnMatchHooks (0.62s)
--- PASS: TestAppsecOnMatchHooks/no_rule_:_check_return_code (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_return_code (0.05s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_action_to_a_non_standard_one_(log) (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(allow) (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(ban) (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_action_to_another_standard_one_(captcha) (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_change_action_to_a_non_standard_one (0.05s)
--- PASS: TestAppsecOnMatchHooks/on_match:_cancel_alert (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_cancel_event (0.05s)
--- PASS: TestAppsecOnMatchHooks/on_match:_on_success_break (0.06s)
--- PASS: TestAppsecOnMatchHooks/on_match:_on_success_continue (0.05s)
=== RUN TestAppsecPreEvalHooks
=== RUN TestAppsecPreEvalHooks/Basic_pre_eval_hook_to_disable_inband_rule
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[{Filter:1 == 1 FilterExpr: OnSuccess: Apply:[RemoveInBandRuleByName('rule1')] ApplyExpr:[]}] PostEval:[] OnMatch:[] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b66e80}" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: KeyStr:foo Exceptions:[]}] operator:0x23dc5760 transformations:[{Function:0x1bfddc0}] transformationsID:1 actions:[{Name:log Function:0x20d0fe0} {Name:auditlog Function:0x20d0fe0} {Name:deny Function:0x20d0fe0} {Name:log Function:0x20d0fe0} {Name:t Function:0x20d0fe0}] ParentID_:0 Capture:false Chain: DisruptiveStatus:0 Msg:rule1 LogData: Log:true Audit:true MultiMatch:false HasChain:false inferredPhases:6 chainMinPhase:0 withPhaseUnknownVariable:false}]" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded outband rules: []" test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="Request received in runner" request_uuid= test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=inband test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=inband test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="removing inband rule crowdsec-rule1" request_uuid= test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=1 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=1 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=2 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Skipping rule" band=inband rule_id=756992091 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=2 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=inband phase=5 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=inband phase=5 test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=inband test="Basic pre_eval hook to disable inband rule" tx_id=vGiwJpgWWmSRMfhKGsY
time="2024-12-19T07:29:00-05:00" level=warning msg="Empty ID passed for new transaction" band=outband test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="New transaction created" band=outband test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="removing inband rule crowdsec-rule1" request_uuid= test="Basic pre_eval hook to disable inband rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=1 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=1 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=2 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=2 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Evaluating phase" band=outband phase=5 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Finished phase" band=outband phase=5 test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=debug msg="Transaction marked for audit logging" band=outband test="Basic pre_eval hook to disable inband rule" tx_id=aRUCHKCbtpKHcvGUZzS
time="2024-12-19T07:29:00-05:00" level=info msg="events : ([]types.Event) {\n}\n"
time="2024-12-19T07:29:00-05:00" level=info msg="responses : ([]appsec.AppsecTempResponse) (len=1 cap=1) {\n (appsec.AppsecTempResponse) {\n InBandInterrupt: (bool) false,\n OutOfBandInterrupt: (bool) false,\n Action: (string) (len=5) \"allow\",\n UserHTTPResponseCode: (int) 200,\n BouncerHTTPResponseCode: (int) 200,\n SendEvent: (bool) true,\n SendAlert: (bool) true\n }\n}\n"
=== RUN TestAppsecPreEvalHooks/Basic_pre_eval_fails_to_disable_rule
time="2024-12-19T07:29:00-05:00" level=trace msg="Loading config &{Name: OutOfBandRules:[] InBandRules:[] DefaultRemediation:ban DefaultPassAction:allow BouncerBlockedHTTPCode:403 BouncerPassedHTTPCode:200 UserBlockedHTTPCode:403 UserPassedHTTPCode:200 OnLoad:[] PreEval:[{Filter:1 ==2 FilterExpr: OnSuccess: Apply:[RemoveInBandRuleByName('rule1')] ApplyExpr:[]}] PostEval:[] OnMatch:[] VariablesTracking:[] InbandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} OutOfBandOptions:{DisableBodyInspection:false RequestBodyInMemoryLimit:} LogLevel: Logger:0x22b7ed40}" test="Basic pre_eval fails to disable rule"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 outofband rules" test="Basic pre_eval fails to disable rule"
time="2024-12-19T07:29:00-05:00" level=info msg="Loaded 0 inband rules" test="Basic pre_eval fails to disable rule"
time="2024-12-19T07:29:00-05:00" level=debug msg="Parsing directive" band=inband line="SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\"" test="Basic pre_eval fails to disable rule"
time="2024-12-19T07:29:00-05:00" level=trace msg="Loaded inband rules: [{RuleMetadata:{ID_:756992091 File_: Line_:1 Rev_: Severity_:emergency Version_: Tags_:[crowdsec-rule1] Maturity_:0 Accuracy_:0 Operator_: Phase_:2 Raw_:SecRule ARGS_GET:foo \"@rx ^toto\" \"id:756992091,phase:2,deny,log,msg:'rule1',tag:'crowdsec-rule1',t:lowercase\" SecMark_:} variables:[{Count:false Variable:42 KeyRx: