enhance: Add supported decisions type (#113)

LaurenceJJones · mmetc · web-flow · commit 756ce6b53855 · 2025-10-21T12:54:05.000+01:00
* enhance: Add supported decisions type and update deps/goversion

* enhance: Add ban as the default

* enhance: Remove all

* enhance: Fix CI

* enhance: More CI

---------

Co-authored-by: marco &lt;marco@crowdsec.net&gt;
diff --git a/.golangci.yml b/.golangci.yml
@@ -130,8 +130,8 @@ linters:
         - name: function-length
           arguments:
             # lower this after refactoring
-            - 43
-            - 123
+            - 44
+            - 126
         - name: import-shadowing
           disabled: true
         - name: line-length-limit
diff --git a/cmd/root.go b/cmd/root.go
@@ -85,6 +85,9 @@ func Execute() error {
 		return err
 	}
 
+	// propagate supported decision types to the registry for runtime filtering
+	registry.GlobalDecisionRegistry.SupportedDecisionTypes = config.CrowdsecConfig.SupportedDecisionsTypes
+
 	if debugMode != nil && *debugMode {
 		log.SetLevel(log.DebugLevel)
 	}
diff --git a/config/crowdsec-blocklist-mirror.yaml b/config/crowdsec-blocklist-mirror.yaml
@@ -7,6 +7,8 @@ crowdsec_config:
   exclude_scenarios_containing: []
   only_include_decisions_from: []
   insecure_skip_verify: false
+  supported_decisions_types:
+    - ban
 
 blocklists:
   - format: plain_text # Supported formats are either "plain_text" or "mikrotik"
diff --git a/go.mod b/go.mod
@@ -9,7 +9,6 @@ require (
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/prometheus/client_golang v1.23.2
 	github.com/sirupsen/logrus v1.9.3
-	golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b
 	golang.org/x/sync v0.17.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
@@ -120,8 +120,6 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
-golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b h1:18qgiDvlvH7kk8Ioa8Ov+K6xCi0GMvmGfGW0sgd/SYA=
-golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
 golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
 golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go
@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"slices"
 	"strings"
 
 	"github.com/sirupsen/logrus"
-	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v3"
 
 	"github.com/crowdsecurity/go-cs-lib/csstring"
@@ -31,6 +31,7 @@ type CrowdsecConfig struct {
 	ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"`
 	OnlyIncludeDecisionsFrom   []string `yaml:"only_include_decisions_from"`
 	Scopes                     []string `yaml:"scopes,omitempty"`
+	SupportedDecisionsTypes    []string `yaml:"supported_decisions_types"`
 }
 
 type BlockListConfig struct {
diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go
@@ -2,6 +2,7 @@ package registry
 
 import (
 	"net/url"
+	"slices"
 	"sort"
 	"strings"
 
@@ -21,6 +22,7 @@ type Key int
 type DecisionRegistry struct {
 	ActiveDecisionsByValue map[string]*models.Decision
 	Key                    Key
+	SupportedDecisionTypes []string
 }
 
 func (dr *DecisionRegistry) AddDecisions(decisions []*models.Decision) {
@@ -33,10 +35,48 @@ func (dr *DecisionRegistry) AddDecisions(decisions []*models.Decision) {
 	}
 }
 
+func (dr *DecisionRegistry) GetSupportedDecisionTypesWithFilter(filter url.Values) []string {
+	// determine allowed types: per-request override or registry default
+	allowedTypes := make([]string, 0)
+	if filter.Has("supported_decisions_types") {
+		for _, v := range filter["supported_decisions_types"] {
+			for _, t := range strings.Split(v, ",") {
+				tt := strings.TrimSpace(strings.ToLower(t))
+				if tt == "" {
+					continue
+				}
+				allowedTypes = append(allowedTypes, tt)
+			}
+		}
+	} else {
+		for _, t := range dr.SupportedDecisionTypes {
+			tt := strings.TrimSpace(strings.ToLower(t))
+			if tt == "" {
+				continue
+			}
+			allowedTypes = append(allowedTypes, tt)
+		}
+	}
+
+	return allowedTypes
+}
+
 func (dr *DecisionRegistry) GetActiveDecisions(filter url.Values) []*models.Decision {
 	ret := make([]*models.Decision, 0, len(dr.ActiveDecisionsByValue))
 
+	allowedTypes := dr.GetSupportedDecisionTypesWithFilter(filter)
+
 	for _, v := range dr.ActiveDecisionsByValue {
+		// filter by type if allowedTypes is non-empty
+		if len(allowedTypes) > 0 {
+			dType := ""
+			if v.Type != nil {
+				dType = strings.ToLower(*v.Type)
+			}
+			if !slices.Contains(allowedTypes, dType) {
+				continue
+			}
+		}
 		if filter.Has("ipv6only") && strings.Contains(*v.Value, ".") {
 			continue
 		}

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,9 @@ func Execute() error {`
`85`	`85`	`return err`
`86`	`86`	`}`
`87`	`87`
	`88`	`+ // propagate supported decision types to the registry for runtime filtering`
	`89`	`+ registry.GlobalDecisionRegistry.SupportedDecisionTypes = config.CrowdsecConfig.SupportedDecisionsTypes`
	`90`	`+`
`88`	`91`	`if debugMode != nil && *debugMode {`
`89`	`92`	`log.SetLevel(log.DebugLevel)`
`90`	`93`	`}`
-Original file line number
+Diff line change
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/prometheus/client_golang v1.23.2
 	github.com/sirupsen/logrus v1.9.3
 -	golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b
 	golang.org/x/sync v0.17.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1