feat(*): init project

Author: julienloizelet

.github/workflows/doc-links.yml

@@ -0,0 +1,37 @@
+name: Documentation links
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  markdown-test:
+    name: Markdown files test
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Clone sources
+        uses: actions/checkout@v4
+        with:
+          path: extension
+
+      - name: Launch localhost server
+        run: |
+          sudo npm install --global http-server
+          http-server ./extension &
+
+      - name: Set up Ruby 2.6
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+
+      - name: Check links in Markdown files
+        run: |
+          gem install awesome_bot
+          cd extension
+          awesome_bot --files README.md --allow-dupe --allow-redirect --allow 401 --skip-save-results --base-url http://localhost:8080/
+          awesome_bot docs/*.md --allow-dupe --allow-redirect --allow 401 --white-list http://localhost:80 --skip-save-results --base-url http://localhost:8080/docs/

.github/workflows/release.yml

@@ -0,0 +1,140 @@
+name: Create release
+# example: gh workflow run release.yml -f tag_name=v1.1.4
+on:
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        type: string
+        required: true
+        description: Tag name
+      first-release:
+        type: boolean
+        description: First release
+        default: false
+
+jobs:
+  create-release:
+    name: Create release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      EXTENSION_ZIP_NAME: "crowdsec-misp-module"
+      INPUT_TAG_NAME: ${{ github.event.inputs.tag_name }}
+
+    steps:
+      - name: Check naming convention
+        run: |
+          VERIF=$(echo ${{ env.INPUT_TAG_NAME }} | grep -E "^v([0-9]{1,}\.)([0-9]{1,}\.)([0-9]{1,})(-(alpha|beta)\.[0-9]{1,})?$")
+          if [ ! ${VERIF} ]
+          then
+            echo "Tag name does not comply with naming convention vX.Y.Z"
+            exit 1
+          fi
+
+      - name: Set version number env variables
+        run: |
+          # Set version number without v
+          echo "VERSION_NUMBER=$(echo ${{ env.INPUT_TAG_NAME }} | sed 's/v//g')" >> $GITHUB_ENV
+          # Set version with only major and minor
+          echo "VERSION_MAJOR_MINOR=$(echo ${{ env.INPUT_TAG_NAME }} | sed 's/v//g' | cut -d. -f1,2)" >> $GITHUB_ENV
+          # version with only major and minor and _ as separator
+          echo "VERSION_MAJOR_MINOR_UNDERSCORE=$(echo ${{ env.INPUT_TAG_NAME }} | sed 's/v//g' | cut -d. -f1,2 | sed 's/\./_/g')" >> $GITHUB_ENV
+
+      - name: Set version sources
+        run: |
+          echo "VERSION_SOURCES=$(echo ${{ env.EXTENSION_ZIP_NAME }}-${{ env.VERSION_NUMBER }} )" >> $GITHUB_ENV    
+
+      - name: Clone sources
+        uses: actions/checkout@v4
+        with:
+          path: ${{ env.VERSION_SOURCES }}
+
+      - name: Check version ${{ env.VERSION_NUMBER }} consistency in files and folder
+        # CHANGELOG.md, src/misp_modules/modules/expansion/crowdsec.py
+        run: |
+          cd ${{ env.VERSION_SOURCES }}
+          # Check top ## [VERSION_NUMBER](GITHUB_URL/releases/tag/vVERSION_NUMBER) - yyyy-mm-dd in CHANGELOG.md
+          # Example: ## [0.0.2](https://github.com/crowdsecurity/cs-thehive-cortex-analyzer/releases/tag/v0.0.2) - 2024-02-07
+          CURRENT_DATE=$(date +'%Y-%m-%d')
+          echo $CURRENT_DATE
+          CHANGELOG_VERSION=$(grep -o -E "## \[(.*)\].* - $CURRENT_DATE"  CHANGELOG.md | head -1 | sed 's/ //g')
+          echo $CHANGELOG_VERSION
+          if [[ $CHANGELOG_VERSION == "##[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})-$CURRENT_DATE" ]]
+          then
+              echo "CHANGELOG VERSION OK"
+          else
+              echo "CHANGELOG VERSION KO"
+              echo $CHANGELOG_VERSION
+              exit 1
+          fi
+          # Check top [_Compare with previous release_](GITHUB_URL/compare/vLAST_TAG...vVERSION_NUMBER) in CHANGELOG.md
+          # Example: [_Compare with previous release_](https://github.com/crowdsecurity/python-capi-sdk/compare/v0.0.1...v0.0.2)
+          if [[ ${{ github.event.inputs.first-release }} != "true" ]]
+          then
+            COMPARISON=$(grep -oP "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/compare/\K(.*)$" CHANGELOG.md | head -1)
+            LAST_TAG=$(curl -Ls -o /dev/null -w %{url_effective} $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/latest | grep -oP "\/tag\/\K(.*)$")
+            if [[ $COMPARISON == "$LAST_TAG...v${{ env.VERSION_NUMBER }})" ]]
+            then
+              echo "VERSION COMPARISON OK"
+            else
+              echo "VERSION COMPARISON KO"
+              echo $COMPARISON
+              echo "$LAST_TAG...v${{ env.VERSION_NUMBER }})"
+              exit 1
+            fi
+          fi
+          # Check "User-Agent": "crowdsec-misp/vVERSION_NUMBER", in src/misp_modules/modules/expansion/crowdsec.py
+          if [[ ${{ github.event.inputs.first-release }} != "true" ]]
+          # First release has incorrect User-Agent (should be 2.0.0 as the moduleinfo version is 2.0)
+          then
+            UA_VERSION=$(grep -E "\"User-Agent\": \"crowdsec-misp\/v(.*)\""  src/misp_modules/modules/expansion/crowdsec.py | sed 's/ //g' | sed 's/"//g')
+            if [[ $UA_VERSION == "User-Agent:crowdsec-misp/v${{ env.VERSION_NUMBER }}," ]]
+            then
+                echo "USER AGENT VERSION OK"
+            else
+                echo "USER AGENT VERSION KO"
+                echo $UA_VERSION 
+                exit 1
+            fi
+          fi
+          # Check "version": "VERSION_MAJOR_MINOR", in src/misp_modules/modules/expansion/crowdsec.py
+          INFO_VERSION=$(grep -E "\"version\": \"${{ env.VERSION_MAJOR_MINOR }}\""  src/misp_modules/modules/expansion/crowdsec.py | sed 's/ //g' | sed 's/"//g')
+          if [[ $INFO_VERSION == "version:${{ env.VERSION_MAJOR_MINOR }}," ]]
+          then
+              echo "INFO VERSION OK"
+          else
+              echo "INFO VERSION KO"
+              echo $INFO_VERSION 
+              exit 1
+          fi
+
+      - name: Create zip for MISP modules pull request
+        run: |
+          zip -r ${{ env.VERSION_SOURCES }}.zip ${{ env.VERSION_SOURCES }}/src
+
+      - name: Create Tag ${{ github.event.inputs.tag_name }}
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            github.rest.git.createRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: "refs/tags/${{ github.event.inputs.tag_name }}",
+              sha: context.sha
+            })
+
+      - name: Prepare release notes
+        run: |
+          # Retrieve release body and remove ---
+          VERSION_RELEASE_NOTES=$(awk -v ver="[${{ env.VERSION_NUMBER }}]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/releases/tag/v${{ env.VERSION_NUMBER }})" '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next} } p && NF' ${{ env.VERSION_SOURCES }}/CHANGELOG.md | sed ':a;N;$!ba;s/\n---/ /g')
+          echo "$VERSION_RELEASE_NOTES" >> CHANGELOG.txt
+
+      - name: Create release ${{ env.VERSION_NUMBER }}
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ${{ env.VERSION_SOURCES }}.zip
+          body_path: CHANGELOG.txt
+          name: ${{ env.VERSION_NUMBER }}
+          tag_name: ${{ env.INPUT_TAG_NAME }}

.gitignore

@@ -0,0 +1 @@
+__pycache__

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## SemVer public API
+
+The [public API](https://semver.org/spec/v2.0.0.html#spec-item-1)  for this project is defined by the set of functions provided by the `src/misp_modules/modules/expansion/crowdsec.py` file.
+
+---
+
+## [2.0.0](https://github.com/crowdsecurity/cs-misp-module/releases/tag/v2.0.0) - 2024-??-??
+
+- Initial release: synchronization with MISP modules `v2.4.195` release

README.md

@@ -0,0 +1,23 @@
+![CrowdSec Logo](https://raw.githubusercontent.com/crowdsecurity/cs-misp-module/main/docs/images/logo_crowdsec.png)
+
+# MISP CrowdSec module
+
+> Module which enriches your knowledge by using CrowdSec's CTI API.
+
+[![Version](https://img.shields.io/github/v/release/crowdsecurity/cs-misp-module)](https://github.com/crowdsecurity/cs-misp-module/releases/)
+
+## Usage
+
+See [User Guide](https://github.com/crowdsecurity/cs-misp-module/blob/main/docs/USER_GUIDE.md)
+
+## Installation
+
+See [Installation Guide](https://github.com/crowdsecurity/cs-misp-module/blob/main/docs/INSTALLATION_GUIDE.md)
+
+## Developer guide
+
+See [Developer guide](https://github.com/crowdsecurity/cs-misp-module/blob/main/docs/DEVELOPER.md)
+
+
+
+

dev/docker-compose.override.yml

@@ -0,0 +1,4 @@
+services:
+  misp-modules:
+    volumes:
+      - ../cs-misp-module/src/misp_modules/modules/expansion/crowdsec.py:/usr/local/lib/python3.12/site-packages/misp_modules/modules/expansion/crowdsec.py

docs/DEVELOPER.md

@@ -0,0 +1,137 @@
+![CrowdSec Logo](images/logo_crowdsec.png)
+# MISP CrowdSec module
+
+## Developer guide
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Local installation](#local-installation)
+  - [Prepare local environment](#prepare-local-environment)
+  - [Start Docker environment](#start-docker-environment)
+  - [Stop Docker environment](#stop-docker-environment)
+- [Manual testing in UI](#manual-testing-in-ui)
+- [Update documentation table of contents](#update-documentation-table-of-contents)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+
+## Local installation
+
+### Prepare local environment
+
+The final structure of the project will look like below.
+
+```markdown
+crowdsec-misp (choose the name you want for this folder)
+│       
+│
+└───misp-modules (do not change this folder name; Only needed for MISP Pull Request process)
+│   │
+│   │ (Clone of https://github.com/crowdsecurity/misp-modules)
+│
+└───misp-docker (do not change this folder name;)
+│   │
+│   │ (Clone of https://github.com/misp/misp-docker)
+│
+└───cs-misp-module (do not change this folder name)
+    │   
+    │ (Clone of this repo)
+
+```
+
+- Create an empty folder that will contain all necessary sources:
+```bash
+mkdir crowdsec-misp && cd crowdsec-misp
+```
+
+- Clone the fork of misp-modules repository:
+
+```bash
+git clone [email protected]:crowdsecurity/misp-modules.git
+```
+
+- Clone this repository:
+
+``` bash
+git clone [email protected]:crowdsecurity/cs-misp-modules.git
+```
+
+- Clone the MISP docker repository:
+
+``` bash
+git clone [email protected]:misp/misp-docker.git
+```
+
+### Start Docker environment
+
+Before running the docker environment, we need to create a volume so that our local sources are mounted in the misp-modules container.
+
+**Warning**: The python version that is hard-coded in the `docker-compose.override.yml` may change: it should be same version that is used by the misp-modules container.
+Please look the `python_version` value at the end of the `misp-modules/Pipfile` file.
+
+```bash
+cp cs-misp-module/dev/docker-compose.override.yml misp-docker/
+```
+
+We also need to create a `env` file:
+
+```bash
+cp misp-docer/template.env misp-docker/.env
+```
+
+Then, start the docker environment:
+
+```bash
+cd misp-docker && docker compose up -d --build
+```
+
+Once running, you can browse to your MISP instance at `http://localhost:80` and login with the default credentials that you can find in the `.env` file.
+
+
+### Stop Docker environment
+
+To stop all containers: 
+
+```bash
+docker compose down
+```
+
+To stop all containers and remove all data (if you want to come back to a fresh TheHive/Cortex installation): 
+
+```bash
+docker compose down -v
+```
+
+## Manual testing in UI
+
+When you have the docker environment running, you can test the module in the MISP UI.
+
+After each modification in the module code, you need to restart the misp-modules container to apply the changes:
+
+```bash
+docker compose restart misp-modules
+```
+
+## Update documentation table of contents
+
+To update the table of contents in the documentation, you can use [the `doctoc` tool](https://github.com/thlorenz/doctoc).
+
+First, install it:
+
+```bash
+npm install -g doctoc
+```
+
+Then, run it in the documentation folder:
+
+```bash
+doctoc docs/* --maxlevel 3
+```
+
+
+
+
+
+
+ 

docs/INSTALLATION_GUIDE.md

@@ -0,0 +1,29 @@
+![CrowdSec Logo](images/logo_crowdsec.png)
+
+# MISP CrowdSec module
+
+## Installation Guide
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Requirements](#requirements)
+- [Installation](#installation)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+
+## Requirements
+
+- A CrowdSec CTI API key. See [instructions to obtain it](https://docs.crowdsec.net/docs/next/cti_api/getting_started/#getting-an-api-key)
+
+
+## Installation
+
+Enabling this module could be done by browsing to the Plugins tab of your MISP instance: 
+
+- Navigate to plugin settings page at `http://<your_misp_address>/servers/serverSettings/Plugin`
+- Click on Enrichment
+- Set the value of `Plugin.Enrichment_crowdsec_enabled` to `true`
+- Set the value of `Plugin.Enrichment_crowdsec_api_key` to your CrowdSec CTI API key
+