MCPcopy
hub / github.com/crowdsecurity/crowdsec / buildEventCreates

Function buildEventCreates

pkg/database/alerts.go:439–511  ·  view source on GitHub ↗
(ctx context.Context, logger log.FieldLogger, client *ent.Client, machineID string, alertItem *models.Alert)

Source from the content-addressed store, hash-verified

437}
438
439func buildEventCreates(ctx context.Context, logger log.FieldLogger, client *ent.Client, machineID string, alertItem *models.Alert) ([]*ent.Event, error) {
440 // let's track when we strip or drop data, notify outside of loop to avoid spam
441 stripped := false
442 dropped := false
443
444 if len(alertItem.Events) == 0 {
445 return nil, nil
446 }
447
448 eventBulk := make([]*ent.EventCreate, len(alertItem.Events))
449
450 for i, eventItem := range alertItem.Events {
451 ts, err := time.Parse(time.RFC3339, *eventItem.Timestamp)
452 if err != nil {
453 logger.Errorf("creating alert: Failed to parse event timestamp '%s', defaulting to now: %s", *eventItem.Timestamp, err)
454
455 ts = time.Now().UTC()
456 }
457
458 marshallMetas, err := json.Marshal(eventItem.Meta)
459 if err != nil {
460 return nil, fmt.Errorf("event meta '%v': %w: %w", eventItem.Meta, err, MarshalFail)
461 }
462
463 // the serialized field is too big, let's try to progressively strip it
464 if event.SerializedValidator(string(marshallMetas)) != nil {
465 stripped = true
466
467 valid := false
468 stripSize := 2048
469
470 for !valid && stripSize > 0 {
471 for _, serializedItem := range eventItem.Meta {
472 if len(serializedItem.Value) > stripSize*2 {
473 serializedItem.Value = serializedItem.Value[:stripSize] + "<stripped>"
474 }
475 }
476
477 marshallMetas, err = json.Marshal(eventItem.Meta)
478 if err != nil {
479 return nil, fmt.Errorf("event meta '%v': %w: %w", eventItem.Meta, err, MarshalFail)
480 }
481
482 if event.SerializedValidator(string(marshallMetas)) == nil {
483 valid = true
484 }
485
486 stripSize /= 2
487 }
488
489 // nothing worked, drop it
490 if !valid {
491 dropped = true
492 stripped = false
493 marshallMetas = []byte("")
494 }
495 }
496

Callers 1

createAlertBatchMethod · 0.85

Calls 6

ParseMethod · 0.45
SetSerializedMethod · 0.45
SetTimeMethod · 0.45
CreateMethod · 0.45
SaveMethod · 0.45
CreateBulkMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…