sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions

jane remover
Some checks failed
Docker image builds / build (push) Waiting to run
Details
Asset Build Verification / asset_verification (push) Has been cancelled
Details
Docs deploy / build (push) Has been cancelled
Details
Go Mod Tidy Check / go_mod_tidy_check (push) Has been cancelled
Details
Go / go_tests (push) Has been cancelled
Details
Package builds (unstable) / package_builds (push) Has been cancelled
Details
Smoke tests / smoke-test (default-config-macro) (push) Has been cancelled
Details
Smoke tests / smoke-test (docker-registry) (push) Has been cancelled
Details
Smoke tests / smoke-test (double_slash) (push) Has been cancelled
Details
Smoke tests / smoke-test (forced-language) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-clone) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-push) (push) Has been cancelled
Details
Smoke tests / smoke-test (healthcheck) (push) Has been cancelled
Details
Smoke tests / smoke-test (i18n) (push) Has been cancelled
Details
Smoke tests / smoke-test (log-file) (push) Has been cancelled
Details
Smoke tests / smoke-test (nginx) (push) Has been cancelled
Details
Smoke tests / smoke-test (palemoon/amd64) (push) Has been cancelled
Details
Smoke tests / smoke-test (robots_txt) (push) Has been cancelled
Details
Check Spelling / Check Spelling (push) Has been cancelled
Details
SSH CI / ssh (aarch64-16k) (push) Has been cancelled
Details
SSH CI / ssh (aarch64-4k) (push) Has been cancelled
Details
SSH CI / ssh (ppc64le) (push) Has been cancelled
Details
SSH CI / ssh (riscv64) (push) Has been cancelled
Details
zizmor / zizmor latest via PyPI (push) Has been cancelled
Details

Browse source
This commit is contained in:
Soph :3 2026-02-07 13:08:47 +02:00
parent d2205b11a7
commit 896858e027
332 changed files with 1482 additions and 33742 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/policy/bot.go
View file

@ -3,9 +3,9 @@ package policy
import (
"fmt"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/checker"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/policy/checker"
)
type Bot struct {

8
lib/policy/celchecker.go
View file

@ -4,10 +4,10 @@ import (
"fmt"
"net/http"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/internal/dns"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/expressions"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/internal/dns"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/policy/expressions"
"github.com/google/cel-go/cel"
"github.com/google/cel-go/common/types"
)

4
lib/policy/checker.go
View file

@ -8,8 +8,8 @@ import (
"regexp"
"strings"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/lib/policy/checker"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/lib/policy/checker"
"github.com/gaissmai/bart"
)

2
lib/policy/checker/checker.go
View file

@ -6,7 +6,7 @@ import (
"net/http"
"strings"
"github.com/TecharoHQ/anubis/internal"
"git.sad.ovh/sophie/nuke/internal"
)
type Impl interface {

2
lib/policy/checkresult.go
View file

@ -3,7 +3,7 @@ package policy
import (
"log/slog"
"github.com/TecharoHQ/anubis/lib/config"
"git.sad.ovh/sophie/nuke/lib/config"
)
type CheckResult struct {

2
lib/policy/expressions/environment.go
View file

@ -4,7 +4,7 @@ import (
"math/rand/v2"
"strings"
"github.com/TecharoHQ/anubis/internal/dns"
"git.sad.ovh/sophie/nuke/internal/dns"
"github.com/google/cel-go/cel"
"github.com/google/cel-go/common/types"
"github.com/google/cel-go/common/types/ref"

4
lib/policy/expressions/environment_test.go
View file

@ -7,8 +7,8 @@ import (
"strings"
"testing"
"github.com/TecharoHQ/anubis/internal/dns"
"github.com/TecharoHQ/anubis/lib/store/memory"
"git.sad.ovh/sophie/nuke/internal/dns"
"git.sad.ovh/sophie/nuke/lib/store/memory"
"github.com/google/cel-go/common/types"
"github.com/google/cel-go/common/types/ref"
)

37
lib/policy/policy.go
View file

@ -10,22 +10,21 @@ import (
"sync/atomic"
"time"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/internal/dns"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/checker"
"github.com/TecharoHQ/anubis/lib/store"
"github.com/TecharoHQ/anubis/lib/thoth"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/internal/dns"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/policy/checker"
"git.sad.ovh/sophie/nuke/lib/store"
"github.com/fahedouch/go-logrotate"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
_ "github.com/TecharoHQ/anubis/lib/store/all"
_ "git.sad.ovh/sophie/nuke/lib/store/all"
)
var (
Applications = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "anubis_policy_results",
Name: "nuke_policy_results",
Help: "The results of each policy rule",
}, []string{"rule", "action"})
@ -64,8 +63,6 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
var validationErrs []error
tc, hasThothClient := thoth.FromContext(ctx)
result := newParsedConfig(c)
result.DefaultDifficulty = defaultDifficulty
@ -166,24 +163,6 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
}
}
if b.ASNs != nil {
if !hasThothClient {
lg.Warn("You have specified a Thoth specific check but you have no Thoth client configured. Please read https://anubis.techaro.lol/docs/admin/thoth for more information", "check", "asn", "settings", b.ASNs)
continue
}
cl = append(cl, tc.ASNCheckerFor(b.ASNs.Match))
}
if b.GeoIP != nil {
if !hasThothClient {
lg.Warn("You have specified a Thoth specific check but you have no Thoth client configured. Please read https://anubis.techaro.lol/docs/admin/thoth for more information", "check", "geoip", "settings", b.GeoIP)
continue
}
cl = append(cl, tc.GeoIPCheckerFor(b.GeoIP.Countries))
}
if b.Challenge == nil {
parsedBot.Challenge = &config.ChallengeRules{
Difficulty: defaultDifficulty,
@ -220,7 +199,7 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
lg.Warn("use of deprecated report_as setting detected, please remove this from your policy file when possible", "name", t.Name)
}
if t.Name == "legacy-anubis-behaviour" && t.Expression.String() == "true" {
if t.Name == "legacy-nuke-behaviour" && t.Expression.String() == "true" {
if !warnedAboutThresholds.Load() {
lg.Warn("configuration file does not contain thresholds, see docs for details on how to upgrade", "fname", fname, "docs_url", "https://anubis.techaro.lol/docs/admin/configuration/thresholds/")
warnedAboutThresholds.Store(true)

25
lib/policy/policy_test.go
View file

@ -5,13 +5,11 @@ import (
"path/filepath"
"testing"
"github.com/TecharoHQ/anubis"
"github.com/TecharoHQ/anubis/data"
"github.com/TecharoHQ/anubis/lib/thoth/thothmock"
"git.sad.ovh/sophie/nuke"
"git.sad.ovh/sophie/nuke/data"
)
func TestDefaultPolicyMustParse(t *testing.T) {
ctx := thothmock.WithMockThoth(t)
fin, err := data.BotPolicies.Open("botPolicies.yaml")
if err != nil {
@ -19,7 +17,7 @@ func TestDefaultPolicyMustParse(t *testing.T) {
}
defer fin.Close()
if _, err := ParseConfig(ctx, fin, "botPolicies.yaml", anubis.DefaultDifficulty, "info"); err != nil {
if _, err := ParseConfig(ctx, fin, "botPolicies.yaml", nuke.DefaultDifficulty, "info"); err != nil {
t.Fatalf("can't parse config: %v", err)
}
}
@ -34,18 +32,6 @@ func TestGoodConfigs(t *testing.T) {
for _, st := range finfos {
st := st
t.Run(st.Name(), func(t *testing.T) {
t.Run("with-thoth", func(t *testing.T) {
fin, err := os.Open(filepath.Join("..", "config", "testdata", "good", st.Name()))
if err != nil {
t.Fatal(err)
}
defer fin.Close()
ctx := thothmock.WithMockThoth(t)
if _, err := ParseConfig(ctx, fin, fin.Name(), anubis.DefaultDifficulty, "info"); err != nil {
t.Fatal(err)
}
})
t.Run("without-thoth", func(t *testing.T) {
fin, err := os.Open(filepath.Join("..", "config", "testdata", "good", st.Name()))
@ -54,7 +40,7 @@ func TestGoodConfigs(t *testing.T) {
}
defer fin.Close()
if _, err := ParseConfig(t.Context(), fin, fin.Name(), anubis.DefaultDifficulty, "info"); err != nil {
if _, err := ParseConfig(t.Context(), fin, fin.Name(), nuke.DefaultDifficulty, "info"); err != nil {
t.Fatal(err)
}
})
@ -63,7 +49,6 @@ func TestGoodConfigs(t *testing.T) {
}
func TestBadConfigs(t *testing.T) {
ctx := thothmock.WithMockThoth(t)
finfos, err := os.ReadDir("../config/testdata/bad")
if err != nil {
@ -79,7 +64,7 @@ func TestBadConfigs(t *testing.T) {
}
defer fin.Close()
if _, err := ParseConfig(ctx, fin, fin.Name(), anubis.DefaultDifficulty, "info"); err == nil {
if _, err := ParseConfig(ctx, fin, fin.Name(), nuke.DefaultDifficulty, "info"); err == nil {
t.Fatal(err)
} else {
t.Log(err)

4
lib/policy/thresholds.go
View file

@ -1,8 +1,8 @@
package policy
import (
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/expressions"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/policy/expressions"
"github.com/google/cel-go/cel"
)