MCPcopy
hub / github.com/crowdsecurity/crowdsec / processWhitelist

Method processWhitelist

pkg/parser/node.go:136–166  ·  view source on GitHub ↗
(cachedExprEnv map[string]any, p *pipeline.Event)

Source from the content-addressed store, hash-verified

134}
135
136func (n *Node) processWhitelist(cachedExprEnv map[string]any, p *pipeline.Event) (bool, error) {
137 var exprErr error
138
139 isWhitelisted := n.CheckIPsWL(p)
140 if !isWhitelisted {
141 isWhitelisted, exprErr = n.CheckExprWL(cachedExprEnv, p)
142 }
143
144 if exprErr != nil {
145 // Previous code returned nil if there was an error, so we keep this behavior
146 return false, nil //nolint:nilerr
147 }
148
149 if isWhitelisted && !p.Whitelisted {
150 p.Whitelisted = true
151 p.WhitelistReason = n.Whitelist.Reason
152 // huglily wipe the ban order if the event is whitelisted and it's an overflow
153 if p.Type == pipeline.OVFLW { // don't do this at home kids
154 ips := []string{}
155 for k := range p.Overflow.Sources {
156 ips = append(ips, k)
157 }
158
159 n.Logger.Infof("Ban for %s whitelisted, reason [%s]", strings.Join(ips, ","), n.Whitelist.Reason)
160
161 p.Overflow.Whitelisted = true
162 }
163 }
164
165 return isWhitelisted, nil
166}
167
168func (n *Node) processGrok(p *pipeline.Event, cachedExprEnv map[string]any) (bool, bool, error) {
169 // Process grok if present, should be exclusive with nodes :)

Callers 1

processMethod · 0.95

Calls 2

CheckIPsWLMethod · 0.95
CheckExprWLMethod · 0.95

Tested by

no test coverage detected