MCPcopy
hub / github.com/crowdsecurity/crowdsec / UpdateCommunityBlocklist

Method UpdateCommunityBlocklist

pkg/database/alerts.go:193–367  ·  view source on GitHub ↗

UpdateCommunityBlocklist is called to update either the community blocklist (or other lists the user subscribed to) it takes care of creating the new alert with the associated decisions, and it will as well deleted the "older" overlapping decisions: 1st pull, you get decisions [1,2,3]. it inserts [1

(ctx context.Context, alertItem *models.Alert)

Source from the content-addressed store, hash-verified

191// 1st pull, you get decisions [1,2,3]. it inserts [1,2,3]
192// 2nd pull, you get decisions [1,2,3,4]. it inserts [1,2,3,4] and will try to delete [1,2,3,4] with a different alert ID and same origin
193func (c *Client) UpdateCommunityBlocklist(ctx context.Context, alertItem *models.Alert) (int, int, int, error) {
194 if alertItem == nil {
195 return 0, 0, 0, errors.New("nil alert")
196 }
197
198 if alertItem.StartAt == nil {
199 return 0, 0, 0, errors.New("nil start_at")
200 }
201
202 startAtTime, err := time.Parse(time.RFC3339, *alertItem.StartAt)
203 if err != nil {
204 return 0, 0, 0, fmt.Errorf("start_at field time '%s': %w: %w", *alertItem.StartAt, err, ParseTimeFail)
205 }
206
207 if alertItem.StopAt == nil {
208 return 0, 0, 0, errors.New("nil stop_at")
209 }
210
211 stopAtTime, err := time.Parse(time.RFC3339, *alertItem.StopAt)
212 if err != nil {
213 return 0, 0, 0, fmt.Errorf("stop_at field time '%s': %w: %w", *alertItem.StopAt, err, ParseTimeFail)
214 }
215
216 ts, err := time.Parse(time.RFC3339, *alertItem.StopAt)
217 if err != nil {
218 c.Log.Errorf("While parsing StartAt of item %s : %s", *alertItem.StopAt, err)
219
220 ts = time.Now().UTC()
221 }
222
223 alertB := c.Ent.Alert.
224 Create().
225 SetScenario(*alertItem.Scenario).
226 SetMessage(*alertItem.Message).
227 SetEventsCount(*alertItem.EventsCount).
228 SetStartedAt(startAtTime).
229 SetStoppedAt(stopAtTime).
230 SetSourceScope(*alertItem.Source.Scope).
231 SetSourceValue(*alertItem.Source.Value).
232 SetSourceIp(alertItem.Source.IP).
233 SetSourceRange(alertItem.Source.Range).
234 SetSourceAsNumber(alertItem.Source.AsNumber).
235 SetSourceAsName(alertItem.Source.AsName).
236 SetSourceCountry(alertItem.Source.Cn).
237 SetSourceLatitude(alertItem.Source.Latitude).
238 SetSourceLongitude(alertItem.Source.Longitude).
239 SetCapacity(*alertItem.Capacity).
240 SetLeakSpeed(*alertItem.Leakspeed).
241 SetSimulated(*alertItem.Simulated).
242 SetScenarioVersion(*alertItem.ScenarioVersion).
243 SetScenarioHash(*alertItem.ScenarioHash).
244 SetKind(alertItem.Kind).
245 SetRemediation(true) // it's from CAPI, we always have decisions
246
247 alertRef, err := alertB.Save(ctx)
248 if err != nil {
249 return 0, 0, 0, fmt.Errorf("error creating alert: %w: %w", err, BulkError)
250 }

Callers 1

SaveAlertsMethod · 0.80

Calls 15

SizeMethod · 0.95
NewRangeFunction · 0.92
AndFunction · 0.92
OriginEQFunction · 0.92
NotFunction · 0.92
HasOwnerWithFunction · 0.92
IDEQFunction · 0.92
ValueInFunction · 0.92
rollbackOnErrorFunction · 0.85
CommitMethod · 0.65
ParseMethod · 0.45
SetRemediationMethod · 0.45

Tested by

no test coverage detected