Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for https://github.com/crowdsecurity/hub/issues/1102 #1103

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

brknkfr
Copy link

@brknkfr brknkfr commented Aug 27, 2024

Fix for #1102

  • Add 403, PUT and HEAD to path ^/remote.php/(web)?dav/ (mobile clients synchronizing with app token)
  • Add 404 with GET to path /app/files/api/v1/thumbnail/ (missing files for mobile clients)

@brknkfr brknkfr force-pushed the nextcloud_autoupload branch 2 times, most recently from e8d8c9e to 0807512 Compare August 28, 2024 05:54
@LaurenceJJones
Copy link
Contributor

Hey 👋🏻

Thank you for opening a pull request!

The only issue I see at the moment is evt.Meta.http_path contains '/remote.php/dav/files/' is similar to a line we have above and is on the similar lines.

I would only expect 403 response codes when the token you have is expired but maybe im abit naive on how the plugin / app works in nextcloud.

I looked at your issue and maybe the HEAD request 403 is because the IP had a decision rather than the application itself?

The rest seem fine like 404 on GET but that can also be included in the original whitelisted line.

Let me know your thoughts and if im abit naive on some parts 🦙

@brknkfr
Copy link
Author

brknkfr commented Aug 28, 2024

The only issue I see at the moment is evt.Meta.http_path contains '/remote.php/dav/files/' is similar to a line we have above and is on the similar lines.

Agreed.

I would only expect 403 response codes when the token you have is expired but maybe im abit naive on how the plugin / app works in nextcloud.

Normally I would agree, but somehow this isn't the case. I think, I reason of this behaviour could be the setting storeCryptedPassword on the nextcloud server (with a external auth backend).

I looked at your issue and maybe the HEAD request 403 is because the IP had a decision rather than the application itself?

No, there are/were no other decisions.

What do you think about changing line 11 in https://github.com/crowdsecurity/hub/blob/master/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml like this (added PUT aswell, which is generating 403 too):

   - evt.Meta.http_status in ['404', '403', '200'] && evt.Meta.http_verb in ['PROPFIND', 'PUT', 'GET', 'HEAD'] && evt.Meta.http_path matches '^/remote.php/(web)?dav/' #Uploading new files via WebDAV always produces a 404

If this would be okay, I would do another forced push.

@brknkfr brknkfr force-pushed the nextcloud_autoupload branch from 82a6c75 to 9891aa6 Compare August 29, 2024 15:01
@brknkfr brknkfr force-pushed the nextcloud_autoupload branch from 9891aa6 to dd80b54 Compare August 30, 2024 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants