We use cookies to ensure you get the best experience on our website
Startsida Utforska Hjälp
Registrera dig Logga in
0ct0pu5
/
crowdsec
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: dc39866250
Grenar Taggar
crowdsec
/
pkg
/
leakybucket
/
conditional.go

conditional.go 2.2 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. package leakybucket
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"sync"
    6. 

  6. 

  7. 	"github.com/antonmedv/expr"
    8. 

  8. 	"github.com/antonmedv/expr/vm"
    9. 

  9. 	"github.com/crowdsecurity/crowdsec/pkg/exprhelpers"
    10. 

  10. 	"github.com/crowdsecurity/crowdsec/pkg/types"
    11. 

  11. )
    12. 

  12. 

  13. var conditionalExprCache map[string]vm.Program
    14. 

  14. var conditionalExprCacheLock sync.Mutex
    15. 

  15. 

  16. type ConditionalOverflow struct {
    17. 

  17. 	ConditionalFilter        string
    18. 

  18. 	ConditionalFilterRuntime *vm.Program
    19. 

  19. 	DumbProcessor
    20. 

  20. }
    21. 

  21. 

  22. func (c *ConditionalOverflow) OnBucketInit(g *BucketFactory) error {
    23. 

  23. 	var err error
    24. 

  24. 	var compiledExpr *vm.Program
    25. 

  25. 

  26. 	if conditionalExprCache == nil {
    27. 

  27. 		conditionalExprCache = make(map[string]vm.Program)
    28. 

  28. 	}
    29. 

  29. 	conditionalExprCacheLock.Lock()
    30. 

  30. 	if compiled, ok := conditionalExprCache[g.ConditionalOverflow]; ok {
    31. 

  31. 		conditionalExprCacheLock.Unlock()
    32. 

  32. 		c.ConditionalFilterRuntime = &compiled
    33. 

  33. 	} else {
    34. 

  34. 		conditionalExprCacheLock.Unlock()
    35. 

  35. 		//release the lock during compile
    36. 

  36. 		compiledExpr, err = expr.Compile(g.ConditionalOverflow, exprhelpers.GetExprOptions(map[string]interface{}{"queue": &types.Queue{}, "leaky": &Leaky{}, "evt": &types.Event{}})...)
    37. 

  37. 		if err != nil {
    38. 

  38. 			return fmt.Errorf("conditional compile error : %w", err)
    39. 

  39. 		}
    40. 

  40. 		c.ConditionalFilterRuntime = compiledExpr
    41. 

  41. 		conditionalExprCacheLock.Lock()
    42. 

  42. 		conditionalExprCache[g.ConditionalOverflow] = *compiledExpr
    43. 

  43. 		conditionalExprCacheLock.Unlock()
    44. 

  44. 	}
    45. 

  45. 	return err
    46. 

  46. }
    47. 

  47. 

  48. func (c *ConditionalOverflow) AfterBucketPour(b *BucketFactory) func(types.Event, *Leaky) *types.Event {
    49. 

  49. 	return func(msg types.Event, l *Leaky) *types.Event {
    50. 

  50. 		var condition, ok bool
    51. 

  51. 		if c.ConditionalFilterRuntime != nil {
    52. 

  52. 			l.logger.Debugf("Running condition expression : %s", c.ConditionalFilter)
    53. 

  53. 

  54. 			ret, err := exprhelpers.Run(c.ConditionalFilterRuntime,
    55. 

  55. 				map[string]interface{}{"evt": &msg, "queue": l.Queue, "leaky": l},
    56. 

  56. 				l.logger, b.Debug)
    57. 

  57. 			if err != nil {
    58. 

  58. 				l.logger.Errorf("unable to run conditional filter : %s", err)
    59. 

  59. 				return &msg
    60. 

  60. 			}
    61. 

  61. 			l.logger.Debugf("Conditional bucket expression returned : %v", ret)
    62. 

  62. 

  63. 			if condition, ok = ret.(bool); !ok {
    64. 

  64. 				l.logger.Warningf("overflow condition, unexpected non-bool return : %T", ret)
    65. 

  65. 				return &msg
    66. 

  66. 			}
    67. 

  67. 

  68. 			if condition {
    69. 

  69. 				l.logger.Debugf("Conditional bucket overflow")
    70. 

  70. 				l.Ovflw_ts = l.Last_ts
    71. 

  71. 				l.Out <- l.Queue
    72. 

  72. 				return nil
    73. 

  73. 			}
    74. 

  74. 		}
    75. 

  75. 

  76. 		return &msg
    77. 

  77. 	}
    78. 

  78. }
    79.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5