MCPcopy
hub / github.com/crowdsecurity/crowdsec / AppsecEventToContext

Function AppsecEventToContext

pkg/alertcontext/alertcontext.go:229–248  ·  view source on GitHub ↗

Iterate over the individual appsec matched rules to create the needed alert context.

(event pipeline.AppsecEvent, request *http.Request)

Source from the content-addressed store, hash-verified

227
228// Iterate over the individual appsec matched rules to create the needed alert context.
229func AppsecEventToContext(event pipeline.AppsecEvent, request *http.Request) (models.Meta, []error) {
230 var errors []error
231
232 tmpContext := make(map[string][]string)
233
234 evt := pipeline.MakeEvent(false, pipeline.LOG, false)
235 for _, matched_rule := range event.MatchedRules {
236 tmpErrors := EvalAlertContextRules(evt, &matched_rule, request, tmpContext)
237 errors = append(errors, tmpErrors...)
238 }
239
240 ac := getAlertContext()
241
242 metas, truncErrors := TruncateContextMap(tmpContext, ac.ContextValueLen)
243 errors = append(errors, truncErrors...)
244
245 ret := models.Meta(metas)
246
247 return ret, errors
248}
249
250// Iterate over the individual events to create the needed alert context.
251func EventToContext(events []pipeline.Event) (models.Meta, []error) {

Callers 2

AppsecEventGenerationFunction · 0.92
TestAppsecEventToContextFunction · 0.85

Calls 5

MakeEventFunction · 0.92
MetaTypeAlias · 0.92
EvalAlertContextRulesFunction · 0.85
getAlertContextFunction · 0.85
TruncateContextMapFunction · 0.85

Tested by 1

TestAppsecEventToContextFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…