MCPcopy
hub / github.com/crowdsecurity/crowdsec / process

Method process

pkg/parser/node.go:294–397  ·  view source on GitHub ↗
(p *pipeline.Event, ctx UnixParserCtx, expressionEnv map[string]any)

Source from the content-addressed store, hash-verified

292}
293
294func (n *Node) process(p *pipeline.Event, ctx UnixParserCtx, expressionEnv map[string]any) (bool, error) {
295 clog := n.Logger
296
297 cachedExprEnv := expressionEnv
298
299 clog.Trace("Event entering node")
300
301 nodeState, err := n.processFilter(cachedExprEnv)
302 if err != nil {
303 return false, err
304 }
305
306 if !nodeState {
307 return false, nil
308 }
309
310 if n.Name != "" {
311 n.bumpNodeMetric(metrics.NodesHits, p)
312 }
313
314 isWhitelisted, err := n.processWhitelist(cachedExprEnv, p)
315 if err != nil {
316 return false, err
317 }
318
319 nodeState, nodeHasOKGrok, err := n.processGrok(p, cachedExprEnv)
320 if err != nil {
321 return false, err
322 }
323
324 // Process the stash (data collection) if: a grok was present and succeeded, or if there is no grok
325 if nodeHasOKGrok || n.RuntimeGrok.RunTimeRegexp == nil {
326 if err := n.processStash(p, cachedExprEnv); err != nil {
327 return false, err
328 }
329 }
330
331 leafState, err := n.processLeaves(p, ctx, cachedExprEnv, nodeState, nodeHasOKGrok)
332 if err != nil {
333 return false, err
334 }
335
336 nodeState = leafState
337
338 // todo : check if a node made the state change ?
339 // should the childs inherit the on_success behavior
340
341 clog.Tracef("State after nodes: %v", nodeState)
342
343 // grok or leafs failed, don't process statics
344 if !nodeState {
345 if n.Name != "" {
346 n.bumpNodeMetric(metrics.NodesHitsKo, p)
347 }
348
349 clog.Debug("Event leaving node: ko")
350
351 return nodeState, nil

Callers 2

processLeavesMethod · 0.80
ParseFunction · 0.80

Calls 11

processFilterMethod · 0.95
bumpNodeMetricMethod · 0.95
processWhitelistMethod · 0.95
processGrokMethod · 0.95
processStashMethod · 0.95
processLeavesMethod · 0.95
ContainsWLsMethod · 0.95
ProcessStaticsMethod · 0.95
TracefMethod · 0.80
TraceMethod · 0.65
DebugMethod · 0.45

Tested by

no test coverage detected