(cachedExprEnv map[string]any, p *pipeline.Event)
| 134 | } |
| 135 | |
| 136 | func (n *Node) processWhitelist(cachedExprEnv map[string]any, p *pipeline.Event) (bool, error) { |
| 137 | var exprErr error |
| 138 | |
| 139 | isWhitelisted := n.CheckIPsWL(p) |
| 140 | if !isWhitelisted { |
| 141 | isWhitelisted, exprErr = n.CheckExprWL(cachedExprEnv, p) |
| 142 | } |
| 143 | |
| 144 | if exprErr != nil { |
| 145 | // Previous code returned nil if there was an error, so we keep this behavior |
| 146 | return false, nil //nolint:nilerr |
| 147 | } |
| 148 | |
| 149 | if isWhitelisted && !p.Whitelisted { |
| 150 | p.Whitelisted = true |
| 151 | p.WhitelistReason = n.Whitelist.Reason |
| 152 | // huglily wipe the ban order if the event is whitelisted and it's an overflow |
| 153 | if p.Type == pipeline.OVFLW { // don't do this at home kids |
| 154 | ips := []string{} |
| 155 | for k := range p.Overflow.Sources { |
| 156 | ips = append(ips, k) |
| 157 | } |
| 158 | |
| 159 | n.Logger.Infof("Ban for %s whitelisted, reason [%s]", strings.Join(ips, ","), n.Whitelist.Reason) |
| 160 | |
| 161 | p.Overflow.Whitelisted = true |
| 162 | } |
| 163 | } |
| 164 | |
| 165 | return isWhitelisted, nil |
| 166 | } |
| 167 | |
| 168 | func (n *Node) processGrok(p *pipeline.Event, cachedExprEnv map[string]any) (bool, bool, error) { |
| 169 | // Process grok if present, should be exclusive with nodes :) |
no test coverage detected