Documentation
¶
Index ¶
- Variables
- func Atof(params ...any) (any, error)
- func B64Decode(params ...any) (any, error)
- func CrowdsecCTI(params ...any) (any, error)
- func CrowdsecCTIInitCache(size int, ttl time.Duration)
- func DisplayExprDebug(program *vm.Program, outputs []OpOutput, logger *log.Entry, ret any)
- func Distance(params ...any) (any, error)
- func Distinct(params ...any) (any, error)
- func Fields(params ...any) (any, error)
- func File(params ...any) (any, error)
- func FileInit(fileFolder string, filename string, fileType string) error
- func Flatten(params ...any) (any, error)
- func FlattenDistinct(params ...any) (any, error)
- func FloatApproxEqual(params ...any) (any, error)
- func GeoIPASNEnrich(params ...any) (any, error)
- func GeoIPClose()
- func GeoIPEnrich(params ...any) (any, error)
- func GeoIPInit(datadir string) error
- func GeoIPRangeEnrich(params ...any) (any, error)
- func Get(params ...any) (any, error)
- func GetActiveDecisionsCount(params ...any) (any, error)
- func GetActiveDecisionsTimeLeft(params ...any) (any, error)
- func GetDecisionsCount(params ...any) (any, error)
- func GetDecisionsSinceCount(params ...any) (any, error)
- func GetExprOptions(ctx map[string]interface{}) []expr.Option
- func GetFromStash(params ...any) (any, error)
- func Hostname(params ...any) (any, error)
- func Index(params ...any) (any, error)
- func IndexAny(params ...any) (any, error)
- func Init(databaseClient *database.Client) error
- func InitCrowdsecCTI(Key *string, TTL *time.Duration, Size *int, LogLevel *log.Level) error
- func IpInRange(params ...any) (any, error)
- func IpToRange(params ...any) (any, error)
- func IsIP(params ...any) (any, error)
- func IsIPV4(params ...any) (any, error)
- func IsIPV6(params ...any) (any, error)
- func Join(params ...any) (any, error)
- func JsonExtract(params ...any) (any, error)
- func JsonExtractLib(params ...any) (any, error)
- func JsonExtractObject(params ...any) (any, error)
- func JsonExtractSlice(params ...any) (any, error)
- func JsonExtractUnescape(params ...any) (any, error)
- func KeyExists(params ...any) (any, error)
- func LibInjectionIsSQLI(params ...any) (any, error)
- func LibInjectionIsXSS(params ...any) (any, error)
- func LogInfo(params ...any) (any, error)
- func LookupHost(params ...any) (any, error)
- func Lower(params ...any) (any, error)
- func Match(params ...any) (any, error)
- func ParseKV(params ...any) (any, error)
- func ParseUnix(params ...any) (any, error)
- func ParseUnixTime(params ...any) (any, error)
- func ParseUri(params ...any) (any, error)
- func PathEscape(params ...any) (any, error)
- func PathUnescape(params ...any) (any, error)
- func QueryEscape(params ...any) (any, error)
- func QueryUnescape(params ...any) (any, error)
- func RegexpCacheInit(filename string, CacheCfg types.DataSource) error
- func RegexpInFile(params ...any) (any, error)
- func Replace(params ...any) (any, error)
- func ReplaceAll(params ...any) (any, error)
- func Run(program *vm.Program, env interface{}, logger *log.Entry, debug bool) (any, error)
- func SetInStash(params ...any) (any, error)
- func ShutdownCrowdsecCTI()
- func Split(params ...any) (any, error)
- func SplitAfter(params ...any) (any, error)
- func SplitAfterN(params ...any) (any, error)
- func SplitN(params ...any) (any, error)
- func Sprintf(params ...any) (any, error)
- func TimeNow(params ...any) (any, error)
- func ToJson(params ...any) (any, error)
- func ToString(params ...any) (any, error)
- func Trim(params ...any) (any, error)
- func TrimLeft(params ...any) (any, error)
- func TrimPrefix(params ...any) (any, error)
- func TrimRight(params ...any) (any, error)
- func TrimSpace(params ...any) (any, error)
- func TrimSuffix(params ...any) (any, error)
- func UnmarshalJSON(params ...any) (any, error)
- func UpdateRegexpCacheMetrics()
- func Upper(params ...any) (any, error)
- func XMLGetAttributeValue(params ...any) (any, error)
- func XMLGetNodeValue(params ...any) (any, error)
- type ExprRuntimeDebug
- type OpOutput
Constants ¶
This section is empty.
Variables ¶
View Source
var CTIApiEnabled = false
this is set for non-recoverable errors, such as 403 when querying API or empty API key
View Source
var CTIApiKey = ""
View Source
var CTIBackOffDuration = 5 * time.Minute
View Source
var CTIBackOffUntil time.Time
when hitting quotas or auth errors, we temporarily disable the API
View Source
var CTICache gcache.Cache
Cache for responses
View Source
var CTIUrl = "https://cti.api.crowdsec.net"
View Source
var CTIUrlSuffix = "/v2/smoke/"
View Source
var CacheExpiration time.Duration
View Source
var IndentStep = 4
View Source
var RegexpCacheMetrics = prometheus.NewGaugeVec( prometheus.GaugeOpts{ Name: "cs_regexp_cache_size", Help: "Entries per regexp cache.", }, []string{"name"}, )
prometheus
Functions ¶
func CrowdsecCTI ¶ added in v1.5.0
func CrowdsecCTI(ip string) (*cticlient.SmokeItem, error) {
func CrowdsecCTIInitCache ¶ added in v1.5.0
func DisplayExprDebug ¶ added in v1.6.0
func Distance ¶ added in v1.5.0
func Distance(lat1 string, long1 string, lat2 string, long2 string) (float64, error) {
func FlattenDistinct ¶ added in v1.6.0
func FloatApproxEqual ¶ added in v1.5.5
func GeoIPASNEnrich ¶ added in v1.6.2
func GeoIPClose ¶ added in v1.6.2
func GeoIPClose()
func GeoIPEnrich ¶ added in v1.6.2
func GeoIPRangeEnrich ¶ added in v1.6.2
func GetActiveDecisionsCount ¶ added in v1.6.2
func GetActiveDecisionsTimeLeft ¶ added in v1.6.2
func GetDecisionsCount ¶ added in v1.4.0
func GetDecisionsCount(value string) int {
func GetDecisionsSinceCount ¶ added in v1.4.0
func GetDecisionsSinceCount(value string, since string) int {
func GetExprOptions ¶ added in v1.5.0
func GetFromStash ¶ added in v1.5.0
func GetFromStash(cacheName string, key string) (string, error) {
func InitCrowdsecCTI ¶ added in v1.5.0
func JsonExtract ¶ added in v0.0.3
func JsonExtract(jsblob string, target string) string {
func JsonExtractLib ¶ added in v0.0.3
func JsonExtractLib(jsblob string, target ...string) string {
func JsonExtractObject ¶ added in v1.4.0
func JsonExtractObject(jsblob string, target string) map[string]interface{} {
func JsonExtractSlice ¶ added in v1.4.0
func JsonExtractSlice(jsblob string, target string) []interface{} {
func JsonExtractUnescape ¶ added in v1.2.0
func JsonExtractUnescape(jsblob string, target ...string) string {
func LibInjectionIsSQLI ¶ added in v1.6.1
func LibInjectionIsXSS ¶ added in v1.6.1
func LookupHost ¶ added in v1.4.2
func LookupHost(value string) []string {
func ParseUnixTime ¶ added in v1.5.0
func ParseUnixTime(value string) (time.Time, error) {
func PathEscape ¶ added in v1.2.2
func PathEscape(s string) string {
func PathUnescape ¶ added in v1.2.2
func PathUnescape(s string) string {
func QueryEscape ¶ added in v1.2.2
func QueryEscape(s string) string {
func QueryUnescape ¶ added in v1.2.2
func QueryUnescape(s string) string {
func RegexpCacheInit ¶ added in v1.5.0
func RegexpCacheInit(filename string, CacheCfg types.DataSource) error
func RegexpInFile ¶ added in v0.1.0
func RegexpInFile(data string, filename string) bool {
func ReplaceAll ¶ added in v1.5.0
func SetInStash ¶ added in v1.5.0
func SetInStash(cacheName string, key string, value string, expiration *time.Duration) any {
func ShutdownCrowdsecCTI ¶ added in v1.5.0
func ShutdownCrowdsecCTI()
func SplitAfter ¶ added in v1.5.0
func SplitAfterN ¶ added in v1.5.0
func TrimPrefix ¶ added in v1.5.0
func TrimSuffix ¶ added in v1.5.0
func UnmarshalJSON ¶ added in v1.5.0
Func UnmarshalJSON(jsonBlob []byte, target interface{}) error {
func UpdateRegexpCacheMetrics ¶ added in v1.5.0
func UpdateRegexpCacheMetrics()
UpdateCacheMetrics is called directly by the prom handler
func XMLGetAttributeValue ¶ added in v1.4.0
func XMLGetAttributeValue(xmlString string, path string, attributeName string) string {
func XMLGetNodeValue ¶ added in v1.4.0
func XMLGetNodeValue(xmlString string, path string) string {
Types ¶
type ExprRuntimeDebug ¶ added in v1.6.0
type OpOutput ¶ added in v1.6.0
type OpOutput struct {
Code string //relevant code part
CodeDepth int //level of nesting
BlockStart bool
BlockEnd bool
Func bool //true if it's a function call
FuncName string
Args []string
FuncResults []string
//
Comparison bool //true if it's a comparison
Negated bool
Left string
Right string
//
JumpIf bool //true if it's conditional jump
IfTrue bool
IfFalse bool
//
Condition bool //true if it's a condition
ConditionIn bool
ConditionContains bool
//used for comparisons, conditional jumps and conditions
StrConditionResult string
ConditionResult *bool //should always be present for conditions
//
Finalized bool //used when a node is finalized, we already fetched result from next OP
}
we use this struct to store the output of the expr runtime
func RunWithDebug ¶ added in v1.6.0
TBD: Based on the level of the logger (ie. trace vs debug) we could decide to add more low level instructions (pop, push, etc.)
Source Files
Click to show internal directories.
Click to hide internal directories.