MCPcopy
hub / github.com/crowdsecurity/crowdsec / CheckExprWL

Method CheckExprWL

pkg/parser/whitelist.go:76–110  ·  view source on GitHub ↗
(cachedExprEnv map[string]any, p *pipeline.Event)

Source from the content-addressed store, hash-verified

74}
75
76func (n *Node) CheckExprWL(cachedExprEnv map[string]any, p *pipeline.Event) (bool, error) {
77 isWhitelisted := false
78
79 if !n.ContainsExprLists() {
80 return false, nil
81 }
82 n.bumpWhitelistMetric(metrics.NodesWlHits, p)
83 /* run whitelist expression tests anyway */
84 for eidx, e := range n.Whitelist.B_Exprs {
85 // if we already know the event is whitelisted, skip the rest of the expressions
86 if isWhitelisted {
87 break
88 }
89
90 output, err := exprhelpers.Run(e.Filter, cachedExprEnv, n.Logger, n.Debug)
91 if err != nil {
92 n.Logger.Warningf("failed to run whitelist expr : %v", err)
93 n.Logger.Debug("Event leaving node : ko")
94 return isWhitelisted, err
95 }
96 switch out := output.(type) {
97 case bool:
98 if out {
99 n.Logger.Debugf("Event is whitelisted by expr, reason [%s]", n.Whitelist.Reason)
100 isWhitelisted = true
101 }
102 default:
103 n.Logger.Errorf("unexpected type %t (%v) while running '%s'", output, output, n.Whitelist.Exprs[eidx])
104 }
105 }
106 if isWhitelisted {
107 n.bumpWhitelistMetric(metrics.NodesWlHitsOk, p)
108 }
109 return isWhitelisted, nil
110}
111
112func (n *Node) CompileWLs() (bool, error) {
113 for _, v := range n.Whitelist.Ips {

Callers 2

TestWhitelistCheckFunction · 0.95
processWhitelistMethod · 0.95

Calls 4

ContainsExprListsMethod · 0.95
bumpWhitelistMetricMethod · 0.95
RunFunction · 0.92
DebugMethod · 0.45

Tested by 1

TestWhitelistCheckFunction · 0.76