MCPcopy
hub / github.com/crowdsecurity/crowdsec / CreateAlert

Method CreateAlert

pkg/apiserver/controllers/v1/alerts.go:149–293  ·  view source on GitHub ↗

CreateAlert writes the alerts received in the body to the database

(gctx *gin.Context)

Source from the content-addressed store, hash-verified

147
148// CreateAlert writes the alerts received in the body to the database
149func (c *Controller) CreateAlert(gctx *gin.Context) {
150 var input models.AddAlertsRequest
151
152 ctx := gctx.Request.Context()
153 machineID, _ := getMachineIDFromContext(gctx)
154
155 if err := gctx.ShouldBindJSON(&input); err != nil {
156 gctx.JSON(http.StatusBadRequest, gin.H{"message": err.Error()})
157 return
158 }
159
160 if err := input.Validate(strfmt.Default); err != nil {
161 c.HandleDBErrors(gctx, err)
162 return
163 }
164
165 stopFlush := false
166 alertsToSave := make([]*models.Alert, 0)
167
168 for _, alert := range input {
169 // normalize scope for alert.Source and decisions
170 if alert.Source.Scope != nil {
171 *alert.Source.Scope = types.NormalizeScope(*alert.Source.Scope)
172 }
173
174 for _, decision := range alert.Decisions {
175 if decision.Scope != nil {
176 *decision.Scope = types.NormalizeScope(*decision.Scope)
177 }
178 }
179
180 if allowlisted, reason := c.isAllowListed(ctx, alert); allowlisted {
181 log.Infof("alert source %s is allowlisted by %s, skipping", *alert.Source.Value, reason)
182 continue
183 }
184
185 alert.MachineID = machineID
186 // generate uuid here for alert
187 alert.UUID = uuid.NewString()
188
189 // if coming from cscli, alert already has decisions
190 if len(alert.Decisions) != 0 {
191 // alert already has a decision (cscli decisions add etc.), generate uuid here
192 for _, decision := range alert.Decisions {
193 decision.UUID = uuid.NewString()
194 }
195
196 for pIdx, profile := range c.Profiles {
197 _, matched, err := profile.EvaluateProfile(alert)
198 if err != nil {
199 profile.Logger.Warningf("error while evaluating profile %s : %v", profile.Cfg.Name, err)
200
201 continue
202 }
203
204 if !matched {
205 continue
206 }

Callers

nothing calls this directly

Calls 9

ValidateMethod · 0.95
HandleDBErrorsMethod · 0.95
isAllowListedMethod · 0.95
NormalizeScopeFunction · 0.92
getMachineIDFromContextFunction · 0.85
EvaluateProfileMethod · 0.80
ErrorMethod · 0.65
DebugMethod · 0.45

Tested by

no test coverage detected