rules

package
v0.0.0-...-367748d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package rules holds rules related files

Package rules holds rules related files

Index

Constants

View Source 
const (
	// TagMaxResolutionDelay maximum tag resolution delay
	TagMaxResolutionDelay = 5 * time.Second
)

Variables

This section is empty.

Functions

This section is empty.

Types

type APIServer 

type APIServer interface {
	ApplyRuleIDs([]rules.RuleID)
	ApplyPolicyStates([]*monitor.PolicyState)
}

APIServer defines the API server

type RuleEngine 

type RuleEngine struct {
	sync.RWMutex

	AutoSuppression autosuppression.AutoSuppression
	// contains filtered or unexported fields
}

RuleEngine defines a rule engine

func NewRuleEngine 

func NewRuleEngine(evm *eventmonitor.EventMonitor, config *config.RuntimeSecurityConfig, probe *probe.Probe, rateLimiter *events.RateLimiter, apiServer APIServer, sender events.EventSender, statsdClient statsd.ClientInterface, rulesetListeners ...rules.RuleSetListener) (*RuleEngine, error)

NewRuleEngine returns a new rule engine

func (*RuleEngine) AddPolicyProvider 

func (e *RuleEngine) AddPolicyProvider(provider rules.PolicyProvider)

AddPolicyProvider add a provider

func (*RuleEngine) EventDiscarderFound 

func (e *RuleEngine) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

EventDiscarderFound is called by the ruleset when a new discarder discovered

func (*RuleEngine) GetRuleSet 

func (e *RuleEngine) GetRuleSet() (rs *rules.RuleSet)

GetRuleSet returns the set of loaded rules

func (*RuleEngine) HandleEvent 

func (e *RuleEngine) HandleEvent(event *model.Event)

HandleEvent is called by the probe when an event arrives from the kernel

func (*RuleEngine) LoadPolicies 

func (e *RuleEngine) LoadPolicies(providers []rules.PolicyProvider, sendLoadedReport bool) error

LoadPolicies loads the policies

func (*RuleEngine) ReloadPolicies 

func (e *RuleEngine) ReloadPolicies() error

ReloadPolicies reloads the policies

func (*RuleEngine) RuleMatch 

func (e *RuleEngine) RuleMatch(rule *rules.Rule, event eval.Event) bool

RuleMatch is called by the ruleset when a rule matches

func (*RuleEngine) SetRulesetLoadedCallback 

func (e *RuleEngine) SetRulesetLoadedCallback(cb func(es *rules.RuleSet, err *multierror.Error))

SetRulesetLoadedCallback allows setting a callback called when a rule set is loaded

func (*RuleEngine) Start 

func (e *RuleEngine) Start(ctx context.Context, reloadChan <-chan struct{}, wg *sync.WaitGroup) error

Start the rule engine

func (*RuleEngine) Stop 

func (e *RuleEngine) Stop()

Stop stops the rule engine

func (*RuleEngine) StopEventCollector 

func (e *RuleEngine) StopEventCollector() []rules.CollectedEvent

StopEventCollector stops the event collector

type RuleFilterEvent 

type RuleFilterEvent struct {
	*kernel.Version
	// contains filtered or unexported fields
}

RuleFilterEvent defines a rule filter event

func (*RuleFilterEvent) GetFieldEventType 

func (e *RuleFilterEvent) GetFieldEventType(_ eval.Field) (string, error)

GetFieldEventType returns the event type for the given field

func (*RuleFilterEvent) GetFieldType 

func (e *RuleFilterEvent) GetFieldType(field eval.Field) (reflect.Kind, error)

GetFieldType get the type of the field

func (*RuleFilterEvent) GetFieldValue 

func (e *RuleFilterEvent) GetFieldValue(field eval.Field) (interface{}, error)

GetFieldValue gets a field value

func (*RuleFilterEvent) GetTags 

func (e *RuleFilterEvent) GetTags() []string

GetTags returns the tags for this event

func (*RuleFilterEvent) GetType 

func (e *RuleFilterEvent) GetType() string

GetType returns the type for this event

func (*RuleFilterEvent) Init 

func (e *RuleFilterEvent) Init()

Init inits the rule filter event

func (*RuleFilterEvent) SetFieldValue 

func (e *RuleFilterEvent) SetFieldValue(field eval.Field, _ interface{}) error

SetFieldValue sets the value for the given field

type RuleFilterModel 

type RuleFilterModel struct {
	*kernel.Version
	// contains filtered or unexported fields
}

RuleFilterModel defines a filter model

func NewRuleFilterModel 

func NewRuleFilterModel(cfg *config.Config, origin string) (*RuleFilterModel, error)

NewRuleFilterModel returns a new rule filter model

func (*RuleFilterModel) GetEvaluator 

func (m *RuleFilterModel) GetEvaluator(field eval.Field, _ eval.RegisterID) (eval.Evaluator, error)

GetEvaluator gets the evaluator

func (*RuleFilterModel) GetFieldRestrictions 

func (m *RuleFilterModel) GetFieldRestrictions(_ eval.Field) []eval.EventType

GetFieldRestrictions returns the field event type restrictions

func (*RuleFilterModel) NewEvent 

func (m *RuleFilterModel) NewEvent() eval.Event

NewEvent returns a new event

func (*RuleFilterModel) ValidateField 

func (m *RuleFilterModel) ValidateField(_ string, _ eval.FieldValue) error

ValidateField returns whether the value use against the field is valid

Source Files

View all Source files

Directories

Path Synopsis
Package autosuppression holds auto suppression related files
 Package autosuppression holds auto suppression related files
Package bundled contains bundled rules
 Package bundled contains bundled rules
Package monitor holds rules related files
 Package monitor holds rules related files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.