MCPcopy
hub / github.com/crowdsecurity/crowdsec / eventSources

Function eventSources

pkg/leakybucket/overflows.go:93–199  ·  view source on GitHub ↗
(evt pipeline.Event, leaky *Leaky)

Source from the content-addressed store, hash-verified

91}
92
93func eventSources(evt pipeline.Event, leaky *Leaky) (map[string]models.Source, error) {
94 srcs := make(map[string]models.Source)
95
96 src := models.Source{}
97
98 switch leaky.Factory.Spec.ScopeType.Scope {
99 case types.Range, types.Ip:
100 v, ok := evt.Meta["source_ip"]
101 if !ok {
102 return srcs, fmt.Errorf("scope is %s but Meta[source_ip] doesn't exist", leaky.Factory.Spec.ScopeType.Scope)
103 }
104
105 if net.ParseIP(v) == nil {
106 return srcs, fmt.Errorf("scope is %s but '%s' isn't a valid ip", leaky.Factory.Spec.ScopeType.Scope, v)
107 }
108
109 src.IP = v
110 src.Scope = &leaky.Factory.Spec.ScopeType.Scope
111
112 if v, ok := evt.Enriched["ASNumber"]; ok {
113 src.AsNumber = v
114 } else if v, ok := evt.Enriched["ASNNumber"]; ok {
115 src.AsNumber = v
116 }
117
118 if v, ok := evt.Enriched["IsoCode"]; ok {
119 src.Cn = v
120 }
121
122 if v, ok := evt.Enriched["ASNOrg"]; ok {
123 src.AsName = v
124 }
125
126 if v, ok := evt.Enriched["Latitude"]; ok {
127 l, err := strconv.ParseFloat(v, 32)
128 if err != nil {
129 log.Warningf("bad latitude %s : %s", v, err)
130 }
131
132 src.Latitude = float32(l)
133 }
134
135 if v, ok := evt.Enriched["Longitude"]; ok {
136 l, err := strconv.ParseFloat(v, 32)
137 if err != nil {
138 log.Warningf("bad longitude %s : %s", v, err)
139 }
140
141 src.Longitude = float32(l)
142 }
143
144 if v, ok := evt.Meta["SourceRange"]; ok && v != "" {
145 _, ipNet, err := net.ParseCIDR(v)
146 if err != nil {
147 return srcs, fmt.Errorf("declared range %s of %s can't be parsed", v, src.IP)
148 }
149
150 if ipNet != nil {

Callers 1

SourceFromEventFunction · 0.85

Calls 3

RunFunction · 0.92
TracefMethod · 0.80
StringMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…