| 74 | } |
| 75 | |
| 76 | func (n *Node) CheckExprWL(cachedExprEnv map[string]any, p *pipeline.Event) (bool, error) { |
| 77 | isWhitelisted := false |
| 78 | |
| 79 | if !n.ContainsExprLists() { |
| 80 | return false, nil |
| 81 | } |
| 82 | n.bumpWhitelistMetric(metrics.NodesWlHits, p) |
| 83 | /* run whitelist expression tests anyway */ |
| 84 | for eidx, e := range n.Whitelist.B_Exprs { |
| 85 | // if we already know the event is whitelisted, skip the rest of the expressions |
| 86 | if isWhitelisted { |
| 87 | break |
| 88 | } |
| 89 | |
| 90 | output, err := exprhelpers.Run(e.Filter, cachedExprEnv, n.Logger, n.Debug) |
| 91 | if err != nil { |
| 92 | n.Logger.Warningf("failed to run whitelist expr : %v", err) |
| 93 | n.Logger.Debug("Event leaving node : ko") |
| 94 | return isWhitelisted, err |
| 95 | } |
| 96 | switch out := output.(type) { |
| 97 | case bool: |
| 98 | if out { |
| 99 | n.Logger.Debugf("Event is whitelisted by expr, reason [%s]", n.Whitelist.Reason) |
| 100 | isWhitelisted = true |
| 101 | } |
| 102 | default: |
| 103 | n.Logger.Errorf("unexpected type %t (%v) while running '%s'", output, output, n.Whitelist.Exprs[eidx]) |
| 104 | } |
| 105 | } |
| 106 | if isWhitelisted { |
| 107 | n.bumpWhitelistMetric(metrics.NodesWlHitsOk, p) |
| 108 | } |
| 109 | return isWhitelisted, nil |
| 110 | } |
| 111 | |
| 112 | func (n *Node) CompileWLs() (bool, error) { |
| 113 | for _, v := range n.Whitelist.Ips { |