Problem/Motivation

The Signal scenarios are meant to determine which signals from Ban plugins will be signaled upstream. Since we moved the signal determination into a plugin framework, we haven't actively verified, that the list of available "Signal scenarios" is actually dynamic according to the list of available and enabled plugins.

Also, what may not have been tested yet, if only the checked scenarios will be signaled upstream.

Steps to reproduce

Proposed resolution

Review the code to verify that all this works as intended.

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork crowdsec-3583697

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

jurgenhaas created an issue. See original summary.

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented

Reviewed the code to verify that Signal scenarios work as intended. Here are the findings:

1. The list of available Signal scenarios IS dynamic.

Signals::signalScenarios() in src/Signals.php iterates over all discovered CrowdsecScenario plugin definitions via the plugin manager. Any module can provide additional scenario plugins, and they will automatically appear in the Signal scenarios checkboxes on the settings form. Additionally, the SIGNAL_SCENARIO_LIST_BUILD event allows other modules to add or modify scenarios without implementing a full plugin.

If a module providing a scenario plugin is uninstalled, the scenario disappears from the list.

2. Only checked scenarios are signaled upstream.

Buffer::addSignal() in src/Buffer.php (line 158) performs a strict in_array() check against the signal_scenarios config value (which stores only the user's checked selections). Unchecked scenarios are logged as ignored and discarded before they reach the buffer or the upstream API.

3. Minor gap: no enable check for non-buffered plugins.

For buffered plugins (Whisper), Buffer::bufferSignal() checks the per-plugin enable setting before entering the leaky-bucket algorithm. However, for non-buffered plugins (Flood, Ban), the code path in ScenarioPluginBase::addSignal() goes directly to Buffer::addSignal() without checking enable. The signal is still filtered by the signal_scenarios check, so no incorrect signals are sent upstream, but unnecessary processing occurs for disabled non-buffered plugins.

Conclusion

The core behavior is correct. The only improvement would be adding the enable check for non-buffered plugins in ScenarioPluginBase::addSignal() to avoid unnecessary work.

jurgenhaas opened merge request !22

jurgenhaas’s picture

jurgenhaas
he/him
Primary language German
Location Gottmadingen
commented
Status: Active » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

  • jurgenhaas committed 6c8b847b on 1.2.x 
    #3583697 Check enable setting for non-buffered scenario plugins before...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.