pkg/cwhub: improve support for k8s config maps with custom items (#3154)

* pkg/cwhub: improve support for k8s config maps as custom items

 - allow links to links
 - ignore hidden ..data directories, but allow links to their content

* allow any number of subdirectories in /etc/crowdsec/{hubtype}

* item name as subdir/file.yaml

* improve func test

* lint

cmd/crowdsec-cli/capi.go

@@ -21,11 +21,6 @@ import (
 	"github.com/crowdsecurity/crowdsec/pkg/types"
 )
 
-const (
-	CAPIBaseURL   = "https://api.crowdsec.net/"
-	CAPIURLPrefix = "v3"
-)
-
 type cliCapi struct {
 	cfg configGetter
 }
@@ -78,7 +73,7 @@ func (cli *cliCapi) register(capiUserPrefix string, outputFile string) error {
 		Password:      password,
 		UserAgent:     cwversion.UserAgent(),
 		URL:           apiurl,
-		VersionPrefix: CAPIURLPrefix,
+		VersionPrefix: "v3",
 	}, nil)
 	if err != nil {
 		return fmt.Errorf("api client register ('%s'): %w", types.CAPIBaseURL, err)

pkg/cwhub/errors.go

@@ -5,10 +5,8 @@ import (
 	"fmt"
 )
 
-var (
-	// ErrNilRemoteHub is returned when trying to download with a local-only configuration.
-	ErrNilRemoteHub = errors.New("remote hub configuration is not provided. Please report this issue to the developers")
-)
+// ErrNilRemoteHub is returned when trying to download with a local-only configuration.
+var ErrNilRemoteHub = errors.New("remote hub configuration is not provided. Please report this issue to the developers")
 
 // IndexNotFoundError is returned when the remote hub index is not found.
 type IndexNotFoundError struct {

pkg/cwhub/relativepath.go

@@ -0,0 +1,28 @@
+package cwhub
+
+import (
+	"path/filepath"
+	"strings"
+)
+
+// relativePathComponents returns the list of path components after baseDir.
+// If path is not inside baseDir, it returns an empty slice.
+func relativePathComponents(path string, baseDir string) []string {
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return []string{}
+	}
+
+	absBaseDir, err := filepath.Abs(baseDir)
+	if err != nil {
+		return []string{}
+	}
+
+	// is path inside baseDir?
+	relPath, err := filepath.Rel(absBaseDir, absPath)
+	if err != nil || strings.HasPrefix(relPath, "..") || relPath == "." {
+		return []string{}
+	}
+
+	return strings.Split(relPath, string(filepath.Separator))
+}

pkg/cwhub/relativepath_test.go

@@ -0,0 +1,72 @@
+package cwhub
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRelativePathComponents(t *testing.T) {
+	tests := []struct {
+		name     string
+		path     string
+		baseDir  string
+		expected []string
+	}{
+		{
+			name:     "Path within baseDir",
+			path:     "/home/user/project/src/file.go",
+			baseDir:  "/home/user/project",
+			expected: []string{"src", "file.go"},
+		},
+		{
+			name:     "Path is baseDir",
+			path:     "/home/user/project",
+			baseDir:  "/home/user/project",
+			expected: []string{},
+		},
+		{
+			name:     "Path outside baseDir",
+			path:     "/home/user/otherproject/src/file.go",
+			baseDir:  "/home/user/project",
+			expected: []string{},
+		},
+		{
+			name:     "Path is subdirectory of baseDir",
+			path:     "/home/user/project/src/",
+			baseDir:  "/home/user/project",
+			expected: []string{"src"},
+		},
+		{
+			name:     "Relative paths",
+			path:     "project/src/file.go",
+			baseDir:  "project",
+			expected: []string{"src", "file.go"},
+		},
+		{
+			name:     "BaseDir with trailing slash",
+			path:     "/home/user/project/src/file.go",
+			baseDir:  "/home/user/project/",
+			expected: []string{"src", "file.go"},
+		},
+		{
+			name:     "Empty baseDir",
+			path:     "/home/user/project/src/file.go",
+			baseDir:  "",
+			expected: []string{},
+		},
+		{
+			name:     "Empty path",
+			path:     "",
+			baseDir:  "/home/user/project",
+			expected: []string{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := relativePathComponents(tt.path, tt.baseDir)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}