exprhelpers

package
v1.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 9, 2024 License: MIT Imports: 37 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CTIApiEnabled = false

this is set for non-recoverable errors, such as 403 when querying API or empty API key

View Source
var CTIApiKey = ""
View Source
var CTIBackOffDuration = 5 * time.Minute
View Source
var CTIBackOffUntil time.Time

when hitting quotas or auth errors, we temporarily disable the API

View Source
var CTICache gcache.Cache

Cache for responses

View Source
var CTIUrl = "https://cti.api.crowdsec.net"
View Source
var CTIUrlSuffix = "/v2/smoke/"
View Source
var CacheExpiration time.Duration
View Source
var IndentStep = 4
View Source
var RegexpCacheMetrics = prometheus.NewGaugeVec(
	prometheus.GaugeOpts{
		Name: "cs_regexp_cache_size",
		Help: "Entries per regexp cache.",
	},
	[]string{"name"},
)

prometheus

Functions

func Atof

func Atof(params ...any) (any, error)

func Atof(x string) float64 {

func B64Decode added in v1.5.0

func B64Decode(params ...any) (any, error)

func CrowdsecCTI added in v1.5.0

func CrowdsecCTI(params ...any) (any, error)

func CrowdsecCTI(ip string) (*cticlient.SmokeItem, error) {

func CrowdsecCTIInitCache added in v1.5.0

func CrowdsecCTIInitCache(size int, ttl time.Duration)

func DisplayExprDebug added in v1.6.0

func DisplayExprDebug(program *vm.Program, outputs []OpOutput, logger *log.Entry, ret any)

func Distance added in v1.5.0

func Distance(params ...any) (any, error)

func Distance(lat1 string, long1 string, lat2 string, long2 string) (float64, error) {

func Distinct added in v1.6.0

func Distinct(params ...any) (any, error)

func Fields added in v1.5.0

func Fields(params ...any) (any, error)

func File added in v0.1.0

func File(params ...any) (any, error)

func File(filename string) []string {

func FileInit added in v0.1.0

func FileInit(fileFolder string, filename string, fileType string) error

func Flatten added in v1.6.0

func Flatten(params ...any) (any, error)

func FlattenDistinct added in v1.6.0

func FlattenDistinct(params ...any) (any, error)

func FloatApproxEqual added in v1.5.5

func FloatApproxEqual(params ...any) (any, error)

func GeoIPASNEnrich added in v1.6.2

func GeoIPASNEnrich(params ...any) (any, error)

func GeoIPClose added in v1.6.2

func GeoIPClose()

func GeoIPEnrich added in v1.6.2

func GeoIPEnrich(params ...any) (any, error)

func GeoIPInit added in v1.6.2

func GeoIPInit(datadir string) error

func GeoIPRangeEnrich added in v1.6.2

func GeoIPRangeEnrich(params ...any) (any, error)

func Get added in v1.5.0

func Get(params ...any) (any, error)

func Get(arr []string, index int) string {

func GetActiveDecisionsCount added in v1.6.2

func GetActiveDecisionsCount(params ...any) (any, error)

func GetActiveDecisionsTimeLeft added in v1.6.2

func GetActiveDecisionsTimeLeft(params ...any) (any, error)

func GetDecisionsCount added in v1.4.0

func GetDecisionsCount(params ...any) (any, error)

func GetDecisionsCount(value string) int {

func GetDecisionsSinceCount added in v1.4.0

func GetDecisionsSinceCount(params ...any) (any, error)

func GetDecisionsSinceCount(value string, since string) int {

func GetExprOptions added in v1.5.0

func GetExprOptions(ctx map[string]interface{}) []expr.Option

func GetFromStash added in v1.5.0

func GetFromStash(params ...any) (any, error)

func GetFromStash(cacheName string, key string) (string, error) {

func Hostname added in v1.5.0

func Hostname(params ...any) (any, error)

func Index added in v1.5.0

func Index(params ...any) (any, error)

func IndexAny added in v1.5.0

func IndexAny(params ...any) (any, error)

func Init added in v0.1.0

func Init(databaseClient *database.Client) error

func InitCrowdsecCTI added in v1.5.0

func InitCrowdsecCTI(Key *string, TTL *time.Duration, Size *int, LogLevel *log.Level) error

func IpInRange added in v0.2.3

func IpInRange(params ...any) (any, error)

func IpInRange(ip string, ipRange string) bool {

func IpToRange added in v1.3.1

func IpToRange(params ...any) (any, error)

func IpToRange(ip string, cidr string) string {

func IsIP added in v1.5.0

func IsIP(params ...any) (any, error)

func IsIP(ip string) bool {

func IsIPV4 added in v1.5.0

func IsIPV4(params ...any) (any, error)

func IsIPV4(ip string) bool {

func IsIPV6 added in v1.4.0

func IsIPV6(params ...any) (any, error)

func IsIPV6(ip string) bool {

func Join added in v1.5.0

func Join(params ...any) (any, error)

func JsonExtract added in v0.0.3

func JsonExtract(params ...any) (any, error)

func JsonExtract(jsblob string, target string) string {

func JsonExtractLib added in v0.0.3

func JsonExtractLib(params ...any) (any, error)

func JsonExtractLib(jsblob string, target ...string) string {

func JsonExtractObject added in v1.4.0

func JsonExtractObject(params ...any) (any, error)

func JsonExtractObject(jsblob string, target string) map[string]interface{} {

func JsonExtractSlice added in v1.4.0

func JsonExtractSlice(params ...any) (any, error)

func JsonExtractSlice(jsblob string, target string) []interface{} {

func JsonExtractUnescape added in v1.2.0

func JsonExtractUnescape(params ...any) (any, error)

func JsonExtractUnescape(jsblob string, target ...string) string {

func KeyExists added in v1.2.1

func KeyExists(params ...any) (any, error)

func KeyExists(key string, dict map[string]interface{}) bool {

func LibInjectionIsSQLI added in v1.6.1

func LibInjectionIsSQLI(params ...any) (any, error)

func LibInjectionIsXSS added in v1.6.1

func LibInjectionIsXSS(params ...any) (any, error)

func LogInfo added in v1.5.0

func LogInfo(params ...any) (any, error)

func LookupHost added in v1.4.2

func LookupHost(params ...any) (any, error)

func LookupHost(value string) []string {

func Lower added in v1.2.2

func Lower(params ...any) (any, error)

func Lower(s string) string {

func Match added in v1.5.0

func Match(params ...any) (any, error)

func Match(pattern, name string) bool {

func ParseKV added in v1.5.0

func ParseKV(params ...any) (any, error)

func ParseUnix added in v1.5.0

func ParseUnix(params ...any) (any, error)

func ParseUnix(value string) string {

func ParseUnixTime added in v1.5.0

func ParseUnixTime(params ...any) (any, error)

func ParseUnixTime(value string) (time.Time, error) {

func ParseUri added in v1.2.1

func ParseUri(params ...any) (any, error)

func ParseUri(uri string) map[string][]string {

func PathEscape added in v1.2.2

func PathEscape(params ...any) (any, error)

func PathEscape(s string) string {

func PathUnescape added in v1.2.2

func PathUnescape(params ...any) (any, error)

func PathUnescape(s string) string {

func QueryEscape added in v1.2.2

func QueryEscape(params ...any) (any, error)

func QueryEscape(s string) string {

func QueryUnescape added in v1.2.2

func QueryUnescape(params ...any) (any, error)

func QueryUnescape(s string) string {

func RegexpCacheInit added in v1.5.0

func RegexpCacheInit(filename string, CacheCfg types.DataSource) error

func RegexpInFile added in v0.1.0

func RegexpInFile(params ...any) (any, error)

func RegexpInFile(data string, filename string) bool {

func Replace added in v1.5.0

func Replace(params ...any) (any, error)

func ReplaceAll added in v1.5.0

func ReplaceAll(params ...any) (any, error)

func Run added in v1.6.0

func Run(program *vm.Program, env interface{}, logger *log.Entry, debug bool) (any, error)

func SetInStash added in v1.5.0

func SetInStash(params ...any) (any, error)

func SetInStash(cacheName string, key string, value string, expiration *time.Duration) any {

func ShutdownCrowdsecCTI added in v1.5.0

func ShutdownCrowdsecCTI()

func Split added in v1.5.0

func Split(params ...any) (any, error)

func SplitAfter added in v1.5.0

func SplitAfter(params ...any) (any, error)

func SplitAfterN added in v1.5.0

func SplitAfterN(params ...any) (any, error)

func SplitN added in v1.5.0

func SplitN(params ...any) (any, error)

func Sprintf added in v1.5.0

func Sprintf(params ...any) (any, error)

func TimeNow added in v1.0.13

func TimeNow(params ...any) (any, error)

func TimeNow() string {

func ToJson added in v1.4.0

func ToJson(params ...any) (any, error)

func ToJson(obj interface{}) string {

func ToString added in v1.5.0

func ToString(params ...any) (any, error)

func ToString(value interface{}) string {

func Trim added in v1.5.0

func Trim(params ...any) (any, error)

func TrimLeft added in v1.5.0

func TrimLeft(params ...any) (any, error)

func TrimPrefix added in v1.5.0

func TrimPrefix(params ...any) (any, error)

func TrimRight added in v1.5.0

func TrimRight(params ...any) (any, error)

func TrimSpace added in v1.5.0

func TrimSpace(params ...any) (any, error)

func TrimSuffix added in v1.5.0

func TrimSuffix(params ...any) (any, error)

func UnmarshalJSON added in v1.5.0

func UnmarshalJSON(params ...any) (any, error)

Func UnmarshalJSON(jsonBlob []byte, target interface{}) error {

func UpdateRegexpCacheMetrics added in v1.5.0

func UpdateRegexpCacheMetrics()

UpdateCacheMetrics is called directly by the prom handler

func Upper added in v0.1.0

func Upper(params ...any) (any, error)

func Upper(s string) string {

func XMLGetAttributeValue added in v1.4.0

func XMLGetAttributeValue(params ...any) (any, error)

func XMLGetAttributeValue(xmlString string, path string, attributeName string) string {

func XMLGetNodeValue added in v1.4.0

func XMLGetNodeValue(params ...any) (any, error)

func XMLGetNodeValue(xmlString string, path string) string {

Types

type ExprRuntimeDebug added in v1.6.0

type ExprRuntimeDebug struct {
	Logger  *log.Entry
	Lines   []string
	Outputs []OpOutput
}

type OpOutput added in v1.6.0

type OpOutput struct {
	Code string //relevant code part

	CodeDepth  int //level of nesting
	BlockStart bool
	BlockEnd   bool

	Func        bool //true if it's a function call
	FuncName    string
	Args        []string
	FuncResults []string
	//
	Comparison bool //true if it's a comparison
	Negated    bool
	Left       string
	Right      string
	//
	JumpIf  bool //true if it's conditional jump
	IfTrue  bool
	IfFalse bool
	//
	Condition         bool //true if it's a condition
	ConditionIn       bool
	ConditionContains bool
	//used for comparisons, conditional jumps and conditions
	StrConditionResult string
	ConditionResult    *bool //should always be present for conditions

	//
	Finalized bool //used when a node is finalized, we already fetched result from next OP
}

we use this struct to store the output of the expr runtime

func RunWithDebug added in v1.6.0

func RunWithDebug(program *vm.Program, env interface{}, logger *log.Entry) ([]OpOutput, any, error)

TBD: Based on the level of the logger (ie. trace vs debug) we could decide to add more low level instructions (pop, push, etc.)

func (*OpOutput) String added in v1.6.0

func (o *OpOutput) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL