enhancement: Allow npm to parse malformed requests (#1210)

* enhancement: Allow npm to parse malformed requests

* enhancement: spell

* enhancement: fix tests

.tests/nginx-proxy-manager-malformed/config.yaml

@@ -0,0 +1,12 @@
+parsers:
+- crowdsecurity/syslog-logs
+- ./parsers/s01-parse/crowdsecurity/nginx-proxy-manager-logs.yaml
+- crowdsecurity/http-logs
+- crowdsecurity/dateparse-enrich
+scenarios:
+- "crowdsecurity/http-probing"
+postoverflows:
+- ""
+collections: []
+log_file: nginx_http-logs.log
+log_type: nginx-proxy-manager

.tests/nginx-proxy-manager-malformed/nginx_http-logs.log

@@ -0,0 +1,12 @@
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "lv|'|'|VHJvamFuX0M0NkY2RTk=|'|'|MARK|'|'|user|'|'|2013-11-22|'|'||'|'|Win XP|'|'|No|'|'|0.6.4|'|'|..|'|'||'|'|[endof]" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "Gh0st\xAD\x00\x00\x00\xE0\x00\x00\x00x\x9CKS``\x98\xC3\xC0\xC0\xC0\x06\xC4\x8C@\xBCQ\x96\x81\x81\x09H\x07\xA7\x16\x95e&\xA7*\x04$&g+\x182\x94\xF6\xB000\xAC\xA8rc\x00\x01\x11\xA0\x82\x1F\x5C`&\x83\xC7K7\x86\x19\xE5n\x0C9\x95n\x0C;\x84\x0F3\xAC\xE8sch\xA8^\xCF4'J\x97\xA9\x82\xE30\xC3\x91h]&\x90\xF8\xCE\x97S\xCBA4L?2=\xE1\xC4\x92\x86\x0B@\xF5`\x0CT\x1F\xAE\xAF]" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA==" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "H\x00\x00\x00tj\xA8\x9E#D\x98+\xCA\xF0\xA7\xBBl\xC5\x19\xD7\x8D\xB6\x18\xEDJ\x1En\xC1\xF9xu[l\xF0E\x1D-j\xEC\xD4xL\xC9r\xC9\x15\x10u\xE0%\x86Rtg\x05fv\x86]%\xCC\x80\x0C\xE8\xCF\xAE\x00\xB5\xC0f\xC8\x8DD\xC5\x09\xF4" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "HELP" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:06 -0700] "\x1B\x84\xD5\xB0]\xF4\xC4\x93\xC50\xC2X\x8C\xDA\xB1\xD7\xAC\xAFn\x1D\xE1\x1E\x1A3*\x85\xB7\x1D'\xB1\xC9k\xBF\xF0\xBC" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "batman" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "\x16\x03\x01\x00t\x01\x00\x00p\x03\x01YF}\xF6\x7F3\xD3\xA2'O\xAE\xB6\x041p\x87F\xE5\xA6\xA2\x18\xD1\x0B}\x0C\x9FO)u\xFE\xB1\xD9\x00\x00\x18\xC0\x14\xC0\x13\x005\x00/\xC0" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "\x01\x82\x00\x00\x00\x01,\xEF:\xE7\x89\xFEH\xAF\xAC\xF8\xC1Pq\xD7\xC3\xE8S\x8A\xD6:\x17\xD93\x14o)S}\xBB\xBB\x97b\xCE\xB6\x0B\x9B\xB97>\x01\xCFv\xAE\xA0E\xB6D\xEA\xE1\xEAA\xC4\xDB\xEE\x09\xAC\xFB\xF0\x84)k\xBBc\x18]V\x85V\xC5_\x05T\x0Bt\xC4\x0B\xBE\xB5w\xBCM=[1\xE1\x06\x9C\xFD\xD3g^\xE3\x01\x9BK\xD7\xFC>\xFFk\xAF\x95\x99\xFB\xDBH\x90\x8BD\x88`k\x92\xF5e\x1C\xAA\xBB{_LP\x15\x85\x1E\x0E\x8F\xDD\xC5J" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "\xBD\xFF\x9E\xFFE\xFF\x9E\xFF\xBD\xFF\x9E\xFF\xA4\xFF\x86\xFF\xC4\xFF\xBE\xFF\xC7\xFF\xDB\xFF\xEE\xFFx\x5Cd9\xFF\xED\xFF\xA4\xFF\x9D\xFF\xCF\xFF\xD8\xFF\xE5\xFF\x04\xFF\x12\xFF0\xFF\xB1\xFF\xBD\xFF\xE7\xFF\xE2\xFF\xDD\xFF\xDC\xFF\xDE\xFF\xC8\xFF\xCC\xFF\xBE\xFF\xF8\xFF&\xFF\x01\xFF\x0F\xFF\xF5\xFF\x06\xFF\xFF\xFF\xF7\xFF!\xFF\xDE\xFF\x02\xFF&\xFF\x0C\xFF\x01\xFF\xF5\xFF" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "A\x00\x00\x00\x03fH\xBBd~\x8E\xFC\x94g\xD2\xDB\xFC\xEE\x8D\xFF\x98 \xB1\xBET\xA4\x9AZ\x9A\xA0?\x90\xE0\xF2t0\x5C\xED\xAE\xACX\x98\xDEJ\xEC\xF2\xC8\x9Cl\xD0\x9C\xC0\xE0\x98\x12\x8F\xE7\xCB\x8F\xA1\xA3\x16\xF1J\xA9<\xBD\xDA`" 400 157 "-" "-"
+192.168.1.1 - - [29/Jul/2023:10:26:07 -0700] "\x09\x12;Bo3\xA2D\xFD\x01\x86si=\xAE\x12\xBB\xC6\x19\xFD\x1A:\xF3\x11\xC9\xAE\xDA<0\xBC8\x81\x9E\x00\x0F\xCAN\xFB\x05\xC6\xDE\xB7<oN\x01\xA2\x87\x82\xF5/\x8E\xED*\x1F\x0E\xB7C\x0C\xA04]\xBD\x80PVf\x1A\x11\xAF\xF5\xC8\xA3\x16+b\xB1\xD7" 400 157 "-" "-"