bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/leakybucket/overflow_filter.go (about) 1 package leakybucket 2 3 import ( 4 "fmt" 5 6 "github.com/antonmedv/expr" 7 "github.com/antonmedv/expr/vm" 8 9 "bitbucket.org/Aishee/synsec/pkg/exprhelpers" 10 "bitbucket.org/Aishee/synsec/pkg/types" 11 ) 12 13 // Uniq creates three new functions that share the same initialisation and the same scope. 14 // They are triggered respectively: 15 // on pour 16 // on overflow 17 // on leak 18 19 type OverflowFilter struct { 20 Filter string 21 FilterRuntime *vm.Program 22 DumbProcessor 23 } 24 25 func NewOverflowFilter(g *BucketFactory) (*OverflowFilter, error) { 26 var err error 27 28 u := OverflowFilter{} 29 u.Filter = g.OverflowFilter 30 u.FilterRuntime, err = expr.Compile(u.Filter, expr.Env(exprhelpers.GetExprEnv(map[string]interface{}{ 31 "queue": &Queue{}, "signal": &types.RuntimeAlert{}, "leaky": &Leaky{}}))) 32 if err != nil { 33 g.logger.Errorf("Unable to compile filter : %v", err) 34 return nil, fmt.Errorf("unable to compile filter : %v", err) 35 } 36 return &u, nil 37 } 38 39 func (u *OverflowFilter) OnBucketOverflow(Bucket *BucketFactory) func(*Leaky, types.RuntimeAlert, *Queue) (types.RuntimeAlert, *Queue) { 40 return func(l *Leaky, s types.RuntimeAlert, q *Queue) (types.RuntimeAlert, *Queue) { 41 el, err := expr.Run(u.FilterRuntime, exprhelpers.GetExprEnv(map[string]interface{}{ 42 "queue": q, "signal": s, "leaky": l})) 43 if err != nil { 44 l.logger.Errorf("Failed running overflow filter: %s", err) 45 return s, q 46 } 47 element, ok := el.(bool) 48 if !ok { 49 l.logger.Errorf("Overflow filter didn't return bool: %s", err) 50 return s, q 51 } 52 /*filter returned false, event is blackholded*/ 53 if !element { 54 l.logger.Infof("Event is discard by overflow filter (%s)", u.Filter) 55 return types.RuntimeAlert{ 56 Mapkey: l.Mapkey, 57 }, nil 58 } else { 59 l.logger.Tracef("Event is not discard by overflow filter (%s)", u.Filter) 60 } 61 return s, q 62 } 63 }