crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard
verified publisher icon crowdsecurity

GET /v1/decisions does not filter by scope or type

Open blind-oracle opened this issue 2 years ago • 3 comments

What happened?

It seems that the API endpoint ignores the filter.

GET /v1/decisions?scope=ip
...

[{"duration":"3h59m49.745654257s","id":81,"origin":"cscli","scenario":"manual 'ban' from 'local'","scope":"test","type":"ban","value":"1.2.3.4"}]

What did you expect to happen?

I would expect it to return only the decisions with ip scope, but it returns the one with test also.

How can we reproduce it (as minimally and precisely as possible)?

# cscli decisions add --scope test --value 1.2.3.4
# curl -H "X-Api-Key: foobar" http://localhost:8193/v1/decisions?scope=ip

[{"duration":"3h59m58.015854316s","id":82,"origin":"cscli","scenario":"manual 'ban' from 'local'","scope":"test","type":"ban","value":"1.2.3.4"}]

Anything else we need to know?

No response

Crowdsec version

2024/01/17 19:45:45 version: v1.5.5-debian-pragmatic-amd64-d2d788c5dc0a9e387635276623c6781774a9dfd4
2024/01/17 19:45:45 Codename: alphaga
2024/01/17 19:45:45 BuildDate: 2023-10-24_08:03:17
2024/01/17 19:45:45 GoVersion: 1.21.3
2024/01/17 19:45:45 Platform: linux
2024/01/17 19:45:45 libre2: C++
2024/01/17 19:45:45 Constraint_parser: >= 1.0, <= 2.0
2024/01/17 19:45:45 Constraint_scenario: >= 1.0, < 3.0
2024/01/17 19:45:45 Constraint_api: v1
2024/01/17 19:45:45 Constraint_acquis: >= 1.0, < 2.0

OS version

Ubuntu 20

Enabled collections and parsers

$ cscli hub list -o raw
# paste output here

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* # paste output here

On Windows:

C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml

paste output here

Config show

$ cscli config show
# paste output here

Prometheus metrics

$ cscli metrics
# paste output here

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

blind-oracle avatar Jan 17 '24 19:01 blind-oracle

@blind-oracle: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Jan 17 '24 19:01 github-actions[bot]

Hello,

It might be a documentation bug; where did you find the scope parameter?

For this endpoint, the parameter to use is scopes (note the s at the end):

root@crowdsec:~# curl -s -H 'x-api-key: foobar' localhost:8080/v1/decisions | jq 'length'
101252
root@crowdsec:~# curl -s -H 'x-api-key: foobar' localhost:8080/v1/decisions?scopes=foobar | jq 'length'
0
root@crowdsec:~# cscli decisions add --value test --scope my_scope -d 10m
root@crowdsec:~# curl -s -H 'x-api-key: foobar' localhost:8080/v1/decisions?scopes=my_scope | jq 'length'
1

You can pass a comma-delimited list of scopes if you want to filter on multiple ones.

blotus avatar Jan 17 '24 19:01 blotus

@blotus Here in the Swagger docs: https://crowdsecurity.github.io/api_doc/lapi/ The link to it is in the LAPI page: https://docs.crowdsec.net/docs/local_api/intro/

Also the Go API client issues the request with scope arg: https://github.com/crowdsecurity/crowdsec/blob/5d0d5ac9c999e71d6a75b75ae9e63f1d38e2d528/pkg/apiclient/decisions_service.go#L50

blind-oracle avatar Jan 17 '24 21:01 blind-oracle