beenull/crowdsec

Fork 0

Commit graph

Author	SHA1	Message	Date
Thibault "bui" Koechlin	3208a40ef3	Dedicated whitelist metrics (#2813 ) * add proper whitelist metrics : both its own table and an extension to acquis metrics to track discarded/whitelisted lines	2024-02-06 18:04:17 +01:00
Laurence Jones	19de3a8a77	Runtime whitelist parsing improvement (#2422 ) * Improve whitelist parsing * Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist * No point passing clog as an argument since it is just a pointer to node we already know about * We should break instead of returning false, false as it may have been whitelisted by ips/cidrs * reimplement early return if expr errors * Fix lint and dont need to parse ip back to string just loop over sources * Log error with node logger as it provides context * Move getsource to a function cleanup some code * Change func name * Split out compile to a function so we can use in tests. Add a bunch of tests * spell correction * Use node logger so it has context * alternative solution * quick fixes * Use containswls * Change whitelist test to use parseipsource and only events * Make it simpler * Postoverflow tests, some basic ones to make sure it works * Use official pkg * Add @mmetc reco * Add @mmetc reco * Change if if to a switch to only evaluate once * simplify assertions --------- Co-authored-by: bui <thibault@crowdsec.net> Co-authored-by: Marco Mariani <marco@crowdsec.net>	2023-10-16 10:08:57 +01:00

Author

SHA1

Message

Date

Thibault "bui" Koechlin

3208a40ef3

Dedicated whitelist metrics (#2813 )

* add proper whitelist metrics : both its own table and an extension to acquis metrics to track discarded/whitelisted lines

2024-02-06 18:04:17 +01:00

Laurence Jones

19de3a8a77

Runtime whitelist parsing improvement (#2422 )

* Improve whitelist parsing

* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist

* No point passing clog as an argument since it is just a pointer to node we already know about

* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs

* reimplement early return if expr errors

* Fix lint and dont need to parse ip back to string just loop over sources

* Log error with node logger as it provides context

* Move getsource to a function cleanup some code

* Change func name

* Split out compile to a function so we can use in tests. Add a bunch of tests

* spell correction

* Use node logger so it has context

* alternative solution

* quick fixes

* Use containswls

* Change whitelist test to use parseipsource and only events

* Make it simpler

* Postoverflow tests, some basic ones to make sure it works

* Use official pkg

* Add @mmetc reco

* Add @mmetc reco

* Change if if to a switch to only evaluate once

* simplify assertions

---------

Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>

2023-10-16 10:08:57 +01:00

2 commits