(evt pipeline.Event, match *pipeline.MatchedRule, request *http.Request, tmpContext map[string][]string)
| 157 | } |
| 158 | |
| 159 | func EvalAlertContextRules(evt pipeline.Event, match *pipeline.MatchedRule, request *http.Request, tmpContext map[string][]string) []error { |
| 160 | var errors []error |
| 161 | |
| 162 | // if we're evaluating context for appsec event, match and request will be present. |
| 163 | // otherwise, only evt will be. |
| 164 | if match == nil { |
| 165 | match = pipeline.NewMatchedRule() |
| 166 | } |
| 167 | |
| 168 | if request == nil { |
| 169 | request = &http.Request{} |
| 170 | } |
| 171 | |
| 172 | ac := getAlertContext() |
| 173 | |
| 174 | for key, values := range ac.ContextToSendCompiled { |
| 175 | if _, ok := tmpContext[key]; !ok { |
| 176 | tmpContext[key] = make([]string, 0) |
| 177 | } |
| 178 | |
| 179 | for _, value := range values { |
| 180 | var val string |
| 181 | |
| 182 | output, err := expr.Run(value, map[string]any{"match": match, "evt": evt, "req": request}) |
| 183 | if err != nil { |
| 184 | errors = append(errors, fmt.Errorf("failed to get value for %s: %w", key, err)) |
| 185 | continue |
| 186 | } |
| 187 | |
| 188 | switch out := output.(type) { |
| 189 | case string: |
| 190 | val = out |
| 191 | if val != "" && !slices.Contains(tmpContext[key], val) { |
| 192 | tmpContext[key] = append(tmpContext[key], val) |
| 193 | } |
| 194 | case []string: |
| 195 | for _, v := range out { |
| 196 | if v != "" && !slices.Contains(tmpContext[key], v) { |
| 197 | tmpContext[key] = append(tmpContext[key], v) |
| 198 | } |
| 199 | } |
| 200 | case int: |
| 201 | val = strconv.Itoa(out) |
| 202 | if val != "" && !slices.Contains(tmpContext[key], val) { |
| 203 | tmpContext[key] = append(tmpContext[key], val) |
| 204 | } |
| 205 | case []int: |
| 206 | for _, v := range out { |
| 207 | val = strconv.Itoa(v) |
| 208 | if val != "" && !slices.Contains(tmpContext[key], val) { |
| 209 | tmpContext[key] = append(tmpContext[key], val) |
| 210 | } |
| 211 | } |
| 212 | default: |
| 213 | r := reflect.ValueOf(output) |
| 214 | if r.IsZero() || r.IsNil() { |
| 215 | continue |
| 216 | } |
searching dependent graphs…