MCPcopy
hub / github.com/crowdsecurity/crowdsec / EvaluateProfile

Method EvaluateProfile

pkg/csprofiles/csprofiles.go:167–209  ·  view source on GitHub ↗

EvaluateProfile is going to evaluate an Alert against a profile to generate Decisions

(alert *models.Alert)

Source from the content-addressed store, hash-verified

165
166// EvaluateProfile is going to evaluate an Alert against a profile to generate Decisions
167func (profile *Runtime) EvaluateProfile(alert *models.Alert) ([]*models.Decision, bool, error) {
168 var decisions []*models.Decision
169
170 matched := false
171
172 for eIdx, expression := range profile.RuntimeFilters {
173 debugProfile := false
174 if profile.Cfg.Debug != nil && *profile.Cfg.Debug {
175 debugProfile = true
176 }
177
178 output, err := exprhelpers.Run(expression, map[string]interface{}{"Alert": alert}, profile.Logger, debugProfile)
179 if err != nil {
180 profile.Logger.Warningf("failed to run profile expr for %s: %v", profile.Cfg.Name, err)
181 return nil, matched, fmt.Errorf("while running expression %s: %w", profile.Cfg.Filters[eIdx], err)
182 }
183
184 switch out := output.(type) {
185 case bool:
186 if out {
187 matched = true
188 /*the expression matched, create the associated decision*/
189 subdecisions, err := profile.GenerateDecisionFromProfile(alert)
190 if err != nil {
191 return nil, matched, fmt.Errorf("while generating decision from profile %s: %w", profile.Cfg.Name, err)
192 }
193
194 decisions = append(decisions, subdecisions...)
195 } else {
196 profile.Logger.Debugf("Profile %s filter is unsuccessful", profile.Cfg.Name)
197
198 if profile.Cfg.OnFailure == "break" {
199 break
200 }
201 }
202
203 default:
204 return nil, matched, fmt.Errorf("unexpected type %t (%v) while running '%s'", output, output, profile.Cfg.Filters[eIdx])
205 }
206 }
207
208 return decisions, matched, nil
209}

Callers 3

TestEvaluateProfileFunction · 0.80
CreateAlertMethod · 0.80
newReinjectCmdMethod · 0.80

Calls 2

RunFunction · 0.92

Tested by 1

TestEvaluateProfileFunction · 0.64