MCPcopy
hub / github.com/crowdsecurity/crowdsec / alertPredicatesFromFilter

Function alertPredicatesFromFilter

pkg/database/alertfilter.go:180–260  ·  view source on GitHub ↗
(filter map[string][]string)

Source from the content-addressed store, hash-verified

178}
179
180func alertPredicatesFromFilter(filter map[string][]string) ([]predicate.Alert, error) {
181 predicates := make([]predicate.Alert, 0)
182
183 var (
184 err error
185 hasActiveDecision bool
186 rng csnet.Range
187 )
188
189 contains := true
190
191 // if contains is true, return bans that *contains* the given value (value is the inner)
192 // else, return bans that are *contained* by the given value (value is the outer)
193
194 handleSimulatedFilter(filter, &predicates)
195 handleOriginFilter(filter)
196
197 for param, value := range filter {
198 switch param {
199 case "contains":
200 contains, err = strconv.ParseBool(value[0])
201 if err != nil {
202 return nil, fmt.Errorf("invalid contains value: %w: %w", err, InvalidFilter)
203 }
204 case "scope":
205 handleScopeFilter(value[0], &predicates)
206 case "value":
207 predicates = append(predicates, alert.SourceValueEQ(value[0]))
208 case "scenario":
209 predicates = append(predicates, alert.Or(
210 alert.ScenarioEQ(value[0]), // match alerts with no decisions
211 alert.HasDecisionsWith(decision.ScenarioEQ(value[0])),
212 ))
213 case "ip", "range":
214 rng, err = csnet.NewRange(value[0])
215 if err != nil {
216 return nil, err
217 }
218 case "since", "created_before", "until":
219 if err := handleTimeFilters(param, value[0], &predicates); err != nil {
220 return nil, err
221 }
222 case "decision_type":
223 predicates = append(predicates, alert.HasDecisionsWith(decision.TypeEQ(value[0])))
224 case "origin":
225 predicates = append(predicates, alert.HasDecisionsWith(decision.OriginEQ(value[0])))
226 case "include_capi": // allows to exclude one or more specific origins
227 if err = handleIncludeCapiFilter(value[0], &predicates); err != nil {
228 return nil, err
229 }
230 case "has_active_decision":
231 if hasActiveDecision, err = strconv.ParseBool(value[0]); err != nil {
232 return nil, fmt.Errorf("'%s' is not a boolean: %w: %w", value[0], err, ParseType)
233 }
234
235 if hasActiveDecision {
236 predicates = append(predicates, alert.HasDecisionsWith(decision.UntilGTE(time.Now().UTC())))
237 } else {

Callers 2

DeleteAlertWithFilterMethod · 0.85
applyAlertFilterFunction · 0.85

Calls 15

SourceValueEQFunction · 0.92
OrFunction · 0.92
ScenarioEQFunction · 0.92
HasDecisionsWithFunction · 0.92
ScenarioEQFunction · 0.92
NewRangeFunction · 0.92
TypeEQFunction · 0.92
OriginEQFunction · 0.92
UntilGTEFunction · 0.92
NotFunction · 0.92
HasDecisionsFunction · 0.92
KindEQFunction · 0.92

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…