Skip to content

[do-not-merge] Waf Challenge Collection#1826

Open
buixor wants to merge 36 commits into
masterfrom
test-waf-challenge-mode-scenarios
Open

[do-not-merge] Waf Challenge Collection#1826
buixor wants to merge 36 commits into
masterfrom
test-waf-challenge-mode-scenarios

Conversation

@buixor

@buixor buixor commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI review requested due to automatic review settings June 15, 2026 13:24

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new CrowdSec Hub collection intended to enable an AppSec “bot challenge” mode, including dedicated parsing of challenge events, scenarios for bot/challenge abuse detection, and a context to surface bot-detection signals.

Changes:

  • Introduces crowdsecurity/appsec-bot-challenge collection bundling new appsec-configs, parser(s), scenarios, and contexts.
  • Splits AppSec parsing to route crowdsec-appsec-challenge events into a dedicated parser.
  • Adds new scenarios for bot detection and challenge abuse tracking, plus a context for more readable alert output.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
scenarios/crowdsecurity/challenge-too-many-submit.yaml New leaky scenario for excessive challenge submissions
scenarios/crowdsecurity/challenge-too-many-request.yaml New leaky scenario for excessive challenge page requests
scenarios/crowdsecurity/challenge-request-with-no-submission.yaml New counter scenario tracking requests that don’t lead to submissions
scenarios/crowdsecurity/appsec-bot-detected.yaml New trigger scenario for fast bot detection rejections
parsers/s01-parse/crowdsecurity/appsec-logs.yaml Updates filter to exclude challenge-source AppSec events
parsers/s01-parse/crowdsecurity/appsec-bot-detection-logs.yaml New parser for challenge/bot-detection AppSec events
contexts/crowdsecurity/appsec_bot_detection.yaml New context to present fingerprint/session and bot-signal details
collections/crowdsecurity/appsec-bot-challenge.yaml New collection wiring parsers, appsec-configs, scenarios, and contexts
collections/crowdsecurity/appsec-bot-challenge.md New documentation for enabling the collection
appsec-configs/crowdsecurity/simple-bot-challenge.yaml New inband config to send challenges and reject known bots on submit
appsec-configs/crowdsecurity/challenge-exclude-webhooks.yaml New pre-eval exclusions for specific webhook paths
appsec-configs/crowdsecurity/challenge-exclude-feeds.yaml New pre-eval exclusions for feed endpoints
appsec-configs/crowdsecurity/challenge-exclude-crawler-files.yaml New pre-eval exclusions for crawler well-known files

Comment thread parsers/s01-parse/crowdsecurity/appsec-logs.yaml
Comment thread contexts/crowdsecurity/appsec_bot_detection.yaml Outdated
Comment thread contexts/crowdsecurity/appsec_bot_detection.yaml Outdated
Comment thread scenarios/crowdsecurity/appsec-challenge-too-many-request.yaml
Comment thread scenarios/crowdsecurity/appsec-challenge-too-many-requests.yaml Outdated
Comment thread scenarios/crowdsecurity/appsec-challenge-too-many-submissions.yaml Outdated
Comment thread scenarios/crowdsecurity/appsec-challenge-request-with-no-submission.yaml Outdated
Comment thread scenarios/crowdsecurity/appsec-challenge-request-with-no-submission.yaml Outdated
Comment thread collections/crowdsecurity/appsec-bot-challenge.yaml Outdated
@github-actions

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

Copy link
Copy Markdown

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

@github-actions

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2025-40552 🔴
🔴 crowdsecurity/vpatch-CVE-2023-4634 🔴
🔴 crowdsecurity/vpatch-CVE-2023-2009 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6623 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23488 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6567 🔴
🔴 crowdsecurity/vpatch-CVE-2024-1061 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0600 🔴
🔴 crowdsecurity/vpatch-CVE-2023-6360 🔴
🔴 crowdsecurity/vpatch-CVE-2023-23489 🔴
🔴 crowdsecurity/vpatch-CVE-2023-3197 🔴
🔴 crowdsecurity/vpatch-CVE-2022-3254 🔴
🔴 crowdsecurity/vpatch-CVE-2024-1071 🔴
🔴 crowdsecurity/vpatch-CVE-2023-0900 🔴

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@buixor

buixor commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

in terms of crowdsecurity/challenge-exclude-* should we be more radical and exclude static resources that could lead to further issues ? (favico, images, .ics files, font files etc.)

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

✅ The new VPATCH Rule is compliant, thank you for your contribution!

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hello @buixor,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants