sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions

jane remover
Some checks failed
Docker image builds / build (push) Waiting to run
Details
Asset Build Verification / asset_verification (push) Has been cancelled
Details
Docs deploy / build (push) Has been cancelled
Details
Go Mod Tidy Check / go_mod_tidy_check (push) Has been cancelled
Details
Go / go_tests (push) Has been cancelled
Details
Package builds (unstable) / package_builds (push) Has been cancelled
Details
Smoke tests / smoke-test (default-config-macro) (push) Has been cancelled
Details
Smoke tests / smoke-test (docker-registry) (push) Has been cancelled
Details
Smoke tests / smoke-test (double_slash) (push) Has been cancelled
Details
Smoke tests / smoke-test (forced-language) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-clone) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-push) (push) Has been cancelled
Details
Smoke tests / smoke-test (healthcheck) (push) Has been cancelled
Details
Smoke tests / smoke-test (i18n) (push) Has been cancelled
Details
Smoke tests / smoke-test (log-file) (push) Has been cancelled
Details
Smoke tests / smoke-test (nginx) (push) Has been cancelled
Details
Smoke tests / smoke-test (palemoon/amd64) (push) Has been cancelled
Details
Smoke tests / smoke-test (robots_txt) (push) Has been cancelled
Details
Check Spelling / Check Spelling (push) Has been cancelled
Details
SSH CI / ssh (aarch64-16k) (push) Has been cancelled
Details
SSH CI / ssh (aarch64-4k) (push) Has been cancelled
Details
SSH CI / ssh (ppc64le) (push) Has been cancelled
Details
SSH CI / ssh (riscv64) (push) Has been cancelled
Details
zizmor / zizmor latest via PyPI (push) Has been cancelled
Details

Browse source
This commit is contained in:
Soph :3 2026-02-07 13:08:47 +02:00
parent d2205b11a7
commit 896858e027
332 changed files with 1482 additions and 33742 deletions
Download patch file Download diff file Expand all files Collapse all files

37
lib/policy/policy.go
View file

@ -10,22 +10,21 @@ import (
"sync/atomic"
"time"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/internal/dns"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/policy/checker"
"github.com/TecharoHQ/anubis/lib/store"
"github.com/TecharoHQ/anubis/lib/thoth"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/internal/dns"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/policy/checker"
"git.sad.ovh/sophie/nuke/lib/store"
"github.com/fahedouch/go-logrotate"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
_ "github.com/TecharoHQ/anubis/lib/store/all"
_ "git.sad.ovh/sophie/nuke/lib/store/all"
)
var (
Applications = promauto.NewCounterVec(prometheus.CounterOpts{
Name: "anubis_policy_results",
Name: "nuke_policy_results",
Help: "The results of each policy rule",
}, []string{"rule", "action"})
@ -64,8 +63,6 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
var validationErrs []error
tc, hasThothClient := thoth.FromContext(ctx)
result := newParsedConfig(c)
result.DefaultDifficulty = defaultDifficulty
@ -166,24 +163,6 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
}
}
if b.ASNs != nil {
if !hasThothClient {
lg.Warn("You have specified a Thoth specific check but you have no Thoth client configured. Please read https://anubis.techaro.lol/docs/admin/thoth for more information", "check", "asn", "settings", b.ASNs)
continue
}
cl = append(cl, tc.ASNCheckerFor(b.ASNs.Match))
}
if b.GeoIP != nil {
if !hasThothClient {
lg.Warn("You have specified a Thoth specific check but you have no Thoth client configured. Please read https://anubis.techaro.lol/docs/admin/thoth for more information", "check", "geoip", "settings", b.GeoIP)
continue
}
cl = append(cl, tc.GeoIPCheckerFor(b.GeoIP.Countries))
}
if b.Challenge == nil {
parsedBot.Challenge = &config.ChallengeRules{
Difficulty: defaultDifficulty,
@ -220,7 +199,7 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
lg.Warn("use of deprecated report_as setting detected, please remove this from your policy file when possible", "name", t.Name)
}
if t.Name == "legacy-anubis-behaviour" && t.Expression.String() == "true" {
if t.Name == "legacy-nuke-behaviour" && t.Expression.String() == "true" {
if !warnedAboutThresholds.Load() {
lg.Warn("configuration file does not contain thresholds, see docs for details on how to upgrade", "fname", fname, "docs_url", "https://anubis.techaro.lol/docs/admin/configuration/thresholds/")
warnedAboutThresholds.Store(true)