eval

package
v0.74.0-devel Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2025 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Overview

Package eval holds eval related files

Package eval holds eval related files

Index

Constants

View Source 
const (
	FunctionWeight       = 5
	InArrayWeight        = 10
	HandlerWeight        = 50
	PatternWeight        = 80
	RegexpWeight         = 100
	InPatternArrayWeight = 1000
	IteratorWeight       = 2000
)

defines factor applied by specific operator

Variables

View Source 
var (
	// IPV4Mask32 ipv4 ip address
	IPV4Mask32 = net.CIDRMask(32, 8*net.IPv4len)
	// IPV6Mask128 ipv6 ip address
	IPV6Mask128 = net.CIDRMask(128, 8*net.IPv6len)
)
View Source 
var (
	// CaseInsensitiveCmp lower case values before comparing. Important : this operator override doesn't support approvers
	CaseInsensitiveCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
			}

			return StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			}

			return StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
			}

			return StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			}

			return StringArrayMatches(a, b, state)
		},
	}

	// WindowsPathCmp lower case values before comparing, converts patterns to globs, and normalizes path separators. Important : this operator override doesn't support approvers
	WindowsPathCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
				b.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
				b.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringArrayMatches(a, b, state)
		},
	}
)
View Source 
var DefaultStringCmpOpts = StringCmpOpts{}

DefaultStringCmpOpts defines the default comparison options

View Source 
var (
	// ErrMultipleEventTypes is returned when multiple event type were inferred from the expression
	ErrMultipleEventTypes = errors.New("expression with multiple event types is not supported")
)
View Source 
var ErrOperatorNotSupported = errors.New("operation not supported")

ErrOperatorNotSupported represents an invalid variable assignment

View Source 
var (
	// GlobCmp replaces a pattern matcher with a glob matcher for *file.path fields.
	GlobCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			} else if b.ValueType == PatternValueType {
				b.ValueType = GlobValueType
			}

			return StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			} else {
				var values StringValues
				for _, v := range b.Values.GetFieldValues() {
					if v.Type == PatternValueType {
						v.Type = GlobValueType
					}
					values.AppendFieldValue(v)
				}
				b = &StringValuesEvaluator{
					Values: values,
				}
			}

			return StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			}

			return StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			var values StringValues
			for _, v := range b.Values.GetFieldValues() {
				if v.Type == PatternValueType {
					v.Type = GlobValueType
				}
				values.AppendFieldValue(v)
			}
			b = &StringValuesEvaluator{
				Values: values,
			}

			return StringArrayMatches(a, b, state)
		},
	}
)

Functions

func IPNetFromIP added in v0.37.0 

func IPNetFromIP(ip net.IP) *net.IPNet

IPNetFromIP returns a IPNET version of the IP

func IPNetsMatch added in v0.37.0 

func IPNetsMatch(i1, i2 *net.IPNet) bool

IPNetsMatch returns whether the IPNets match

func IPToInt added in v0.36.0 

func IPToInt(ip net.IP) (*big.Int, int, error)

IPToInt transforms an IP to a big Int

func IntToIP added in v0.36.0 

func IntToIP(ipInt *big.Int, bits int) net.IP

IntToIP transforms a big Int to an IP

func KeysOfMap added in v0.52.0 

func KeysOfMap[M ~map[K]V, K comparable, V any](m M) []K

KeysOfMap returns a slice of the keys contained in the given map

func NodeToEvaluator added in v0.65.0 

func NodeToEvaluator(obj interface{}, opts *Opts, state *State) (interface{}, lexer.Position, error)

NodeToEvaluator converts an AST expression to an evaluator

func NotOfValue 

func NotOfValue(value interface{}) (interface{}, error)

NotOfValue returns the NOT of a value

func ParseCIDR added in v0.37.0 

func ParseCIDR(ip string) (*net.IPNet, error)

ParseCIDR converts an IP/CIDR notation to an IPNet object

func PatternMatches added in v0.34.0 

func PatternMatches(pattern string, str string, caseInsensitive bool) bool

PatternMatches matches a pattern against a string

func PatternMatchesWithSegments added in v0.54.0 

func PatternMatchesWithSegments(patternElem patternElement, str string, caseInsensitive bool) bool

PatternMatchesWithSegments matches a pattern against a string

Types

type BoolArrayEvaluator 

type BoolArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []bool
	Field       Field
	Values      []bool
	Weight      int
	OpOverrides []*OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

BoolArrayEvaluator returns an array of bool

func (*BoolArrayEvaluator) AppendValues added in v0.56.0 

func (b *BoolArrayEvaluator) AppendValues(values ...bool)

AppendValues to the array evaluator

func (*BoolArrayEvaluator) Eval 

func (b *BoolArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*BoolArrayEvaluator) GetField 

func (b *BoolArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*BoolArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (b *BoolArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*BoolArrayEvaluator) IsStatic added in v0.36.0 

func (b *BoolArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*BoolArrayEvaluator) OriginField added in v0.66.0 

func (b *BoolArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type BoolEvalFnc 

type BoolEvalFnc = func(ctx *Context) bool

BoolEvalFnc describe a eval function return a boolean

type BoolEvaluator 

type BoolEvaluator struct {
	EvalFnc     BoolEvalFnc
	Field       Field
	Value       bool
	Weight      int
	OpOverrides []*OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

BoolEvaluator returns a bool as result of the evaluation

func And 

func And(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

And operator

func ArrayBoolContains 

func ArrayBoolContains(a *BoolEvaluator, b *BoolArrayEvaluator, state *State) (*BoolEvaluator, error)

ArrayBoolContains evaluates array of bool against a value

func BoolArrayEquals added in v0.34.0 

func BoolArrayEquals(a *BoolEvaluator, b *BoolArrayEvaluator, state *State) (*BoolEvaluator, error)

func BoolEquals 

func BoolEquals(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

func CIDRArrayContains added in v0.37.0 

func CIDRArrayContains(a *CIDREvaluator, b *CIDRArrayEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayContains evaluates a CIDR against a list of CIDRs

func CIDRArrayMatches added in v0.37.0 

func CIDRArrayMatches(a *CIDRArrayEvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatches weak comparison, at least one element of a should be in b.

func CIDRArrayMatchesAll added in v0.37.0 

func CIDRArrayMatchesAll(a *CIDRArrayEvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatchesAll ensures that all values from a and b match.

func CIDRArrayMatchesCIDREvaluator added in v0.65.0 

func CIDRArrayMatchesCIDREvaluator(a *CIDRArrayEvaluator, b *CIDREvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatchesCIDREvaluator weak comparison, at least one element of a should be in b.

func CIDREquals added in v0.36.0 

func CIDREquals(a *CIDREvaluator, b *CIDREvaluator, state *State) (*BoolEvaluator, error)

CIDREquals evaluates CIDR ranges

func CIDRValuesContains added in v0.36.0 

func CIDRValuesContains(a *CIDREvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRValuesContains evaluates a CIDR against a list of CIDRs

func DurationArrayGreaterOrEqualThan added in v0.46.0 

func DurationArrayGreaterOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayGreaterThan added in v0.46.0 

func DurationArrayGreaterThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayLesserOrEqualThan added in v0.46.0 

func DurationArrayLesserOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayLesserThan added in v0.46.0 

func DurationArrayLesserThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationEqual added in v0.46.0 

func DurationEqual(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationEqualArithmeticOperation added in v0.46.0 

func DurationEqualArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterOrEqualThan 

func DurationGreaterOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterOrEqualThanArithmeticOperation added in v0.46.0 

func DurationGreaterOrEqualThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterThan 

func DurationGreaterThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterThanArithmeticOperation added in v0.46.0 

func DurationGreaterThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserOrEqualThan 

func DurationLesserOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserOrEqualThanArithmeticOperation added in v0.46.0 

func DurationLesserOrEqualThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserThan 

func DurationLesserThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserThanArithmeticOperation added in v0.46.0 

func DurationLesserThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func GreaterOrEqualThan 

func GreaterOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func GreaterThan 

func GreaterThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayEquals added in v0.34.0 

func IntArrayEquals(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayGreaterOrEqualThan added in v0.34.0 

func IntArrayGreaterOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayGreaterThan added in v0.34.0 

func IntArrayGreaterThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayLesserOrEqualThan added in v0.34.0 

func IntArrayLesserOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayLesserThan added in v0.34.0 

func IntArrayLesserThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayMatches added in v0.34.0 

func IntArrayMatches(a *IntArrayEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

IntArrayMatches weak comparison, a least one element of a should be in b

func IntEquals 

func IntEquals(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func LesserOrEqualThan 

func LesserOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func LesserThan 

func LesserThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func Not 

func Not(a *BoolEvaluator, state *State) *BoolEvaluator

Not !true operator

func Or 

func Or(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

Or operator

func StringArrayContains added in v0.34.0 

func StringArrayContains(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)

StringArrayContains evaluates array of strings against a value

func StringArrayContainsWrapper added in v0.34.0 

func StringArrayContainsWrapper(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)

StringArrayContainsWrapper makes use of operator overrides

func StringArrayMatches added in v0.34.0 

func StringArrayMatches(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)

StringArrayMatches weak comparison, a least one element of a should be in b. a can't contain regexp

func StringEquals 

func StringEquals(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)

StringEquals evaluates string

func StringEqualsWrapper added in v0.34.0 

func StringEqualsWrapper(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)

StringEqualsWrapper makes use of operator overrides

func StringValuesContains added in v0.34.0 

func StringValuesContains(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)

StringValuesContains evaluates a string against values

func Unary added in v0.71.0 

func Unary(a *BoolEvaluator, state *State) (*BoolEvaluator, error)

Unary evaluator

func (*BoolEvaluator) Eval 

func (b *BoolEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*BoolEvaluator) GetField 

func (b *BoolEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*BoolEvaluator) IsDeterministicFor added in v0.35.0 

func (b *BoolEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*BoolEvaluator) IsStatic added in v0.36.0 

func (b *BoolEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*BoolEvaluator) OriginField added in v0.66.0 

func (b *BoolEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type CIDRArrayEvaluator added in v0.37.0 

type CIDRArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []net.IPNet
	Field       Field
	Value       []net.IPNet
	Weight      int
	OpOverrides []*OpOverrides
	ValueType   FieldValueType
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

CIDRArrayEvaluator returns an array of net.IPNet

func (*CIDRArrayEvaluator) Eval added in v0.37.0 

func (s *CIDRArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDRArrayEvaluator) GetField added in v0.37.0 

func (s *CIDRArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDRArrayEvaluator) IsDeterministicFor added in v0.37.0 

func (s *CIDRArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDRArrayEvaluator) IsStatic added in v0.37.0 

func (s *CIDRArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*CIDRArrayEvaluator) OriginField added in v0.66.0 

func (s *CIDRArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type CIDREvaluator added in v0.36.0 

type CIDREvaluator struct {
	EvalFnc     func(ctx *Context) net.IPNet
	Field       Field
	Value       net.IPNet
	Weight      int
	OpOverrides []*OpOverrides
	ValueType   FieldValueType
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

CIDREvaluator returns a net.IP

func (*CIDREvaluator) Eval added in v0.36.0 

func (s *CIDREvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDREvaluator) GetField added in v0.36.0 

func (s *CIDREvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDREvaluator) IsDeterministicFor added in v0.36.0 

func (s *CIDREvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDREvaluator) IsStatic added in v0.36.0 

func (s *CIDREvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

type CIDRValues added in v0.36.0 

type CIDRValues struct {
	// contains filtered or unexported fields
}

CIDRValues describes a set of CIDRs

func (*CIDRValues) AppendCIDR added in v0.36.0 

func (c *CIDRValues) AppendCIDR(cidr string) error

AppendCIDR append a CIDR notation

func (*CIDRValues) AppendIP added in v0.36.0 

func (c *CIDRValues) AppendIP(ip string) error

AppendIP append ip notation

func (*CIDRValues) Contains added in v0.37.0 

func (c *CIDRValues) Contains(ipnet *net.IPNet) (bool, *net.IPNet)

Contains returns whether the values match the provided IPNet

func (*CIDRValues) Match added in v0.37.0 

func (c *CIDRValues) Match(ipnets []net.IPNet) (bool, net.IPNet)

Match returns whether the values matches the provided IPNets

func (*CIDRValues) MatchAll added in v0.37.0 

func (c *CIDRValues) MatchAll(ipnets []net.IPNet) (bool, []*net.IPNet)

MatchAll returns whether the values matches all the provided IPNets

type CIDRValuesEvaluator added in v0.36.0 

type CIDRValuesEvaluator struct {
	EvalFnc   func(ctx *Context) *CIDRValues
	Value     CIDRValues
	Weight    int
	ValueType FieldValueType
	Offset    int // position in the expression
}

CIDRValuesEvaluator returns a net.IP

func (*CIDRValuesEvaluator) Eval added in v0.36.0 

func (s *CIDRValuesEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDRValuesEvaluator) GetField added in v0.36.0 

func (s *CIDRValuesEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDRValuesEvaluator) IsDeterministicFor added in v0.36.0 

func (s *CIDRValuesEvaluator) IsDeterministicFor(_ Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDRValuesEvaluator) IsStatic added in v0.36.0 

func (s *CIDRValuesEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*CIDRValuesEvaluator) OriginField added in v0.66.0 

func (s *CIDRValuesEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type Context 

type Context struct {
	Event Event

	// cache available across all the evaluations
	StringCache map[Field][]string
	IPNetCache  map[Field][]net.IPNet
	IntCache    map[Field][]int
	BoolCache   map[Field][]bool

	// iterator register cache. used to cache entry within a single rule evaluation
	RegisterCache map[RegisterID]*RegisterCacheEntry

	// rule register
	Registers map[RegisterID]int

	IteratorCountCache map[string]int
	// contains filtered or unexported fields
}

Context describes the context used during a rule evaluation

func NewContext 

func NewContext(evt Event) *Context

NewContext return a new Context

func (*Context) AddMatchingSubExpr added in v0.66.0 

func (c *Context) AddMatchingSubExpr(valueA, valueB MatchingValue)

AddMatchingSubExpr add a expression that matched a rule

func (*Context) AppendResolvedField added in v0.62.0 

func (c *Context) AppendResolvedField(_ string)

AppendResolvedField is a no-op outside of functional tests

func (*Context) GetMatchingSubExprs added in v0.66.0 

func (c *Context) GetMatchingSubExprs() MatchingSubExprs

GetMatchingSubExprs return the matching sub expressions

func (*Context) GetResolvedFields added in v0.62.0 

func (c *Context) GetResolvedFields() []Field

GetResolvedFields returns the resolved fields, always empty outside of functional tests

func (*Context) GetScopeFieldEvaluator added in v0.68.0 

func (c *Context) GetScopeFieldEvaluator() Evaluator

GetScopeFieldEvaluator returns the current scope field evaluator in context

func (*Context) Now 

func (c *Context) Now() time.Time

Now return and cache the `now` timestamp

func (*Context) PerActionReset added in v0.68.0 

func (c *Context) PerActionReset()

PerActionReset the context

func (*Context) PerEvalReset added in v0.66.0 

func (c *Context) PerEvalReset()

PerEvalReset the context

func (*Context) Reset 

func (c *Context) Reset()

Reset the context

func (*Context) SetEvent added in v0.43.0 

func (c *Context) SetEvent(evt Event)

SetEvent set the given event to the context

func (*Context) SetScopeFieldEvaluator added in v0.68.0 

func (c *Context) SetScopeFieldEvaluator(evaluator Evaluator)

SetScopeFieldEvaluator sets the scope field evaluator during the evaluation of an action

type ContextPool 

type ContextPool struct {
	// contains filtered or unexported fields
}

ContextPool defines a pool of context

func NewContextPool 

func NewContextPool() *ContextPool

NewContextPool returns a new context pool

func (*ContextPool) Get 

func (c *ContextPool) Get(evt Event) *Context

Get returns a context with the given event

func (*ContextPool) Put 

func (c *ContextPool) Put(ctx *Context)

Put returns the context to the pool

type ErrAstToEval 

type ErrAstToEval struct {
	Pos  lexer.Position
	Text string
}

ErrAstToEval describes an error that occurred during the conversion from the AST to an evaluator

func NewArrayTypeError added in v0.34.0 

func NewArrayTypeError(pos lexer.Position, arrayKind reflect.Kind, kind reflect.Kind) *ErrAstToEval

NewArrayTypeError returns a new ErrAstToEval error when an invalid type was used

func NewCIDRTypeError added in v0.36.0 

func NewCIDRTypeError(pos lexer.Position, arrayKind reflect.Kind, kind interface{}) *ErrAstToEval

NewCIDRTypeError returns a new ErrAstToEval error when an invalid type was used

func NewError 

func NewError(pos lexer.Position, format string, vars ...interface{}) *ErrAstToEval

NewError returns a new ErrAstToEval error

func NewOpError 

func NewOpError(pos lexer.Position, op string, err error) *ErrAstToEval

NewOpError returns a new ErrAstToEval error when an operator was used in an invalid manner

func NewOpUnknownError 

func NewOpUnknownError(pos lexer.Position, op string) *ErrAstToEval

NewOpUnknownError returns a new ErrAstToEval error when an unknown operator was used

func NewRegisterMultipleFields 

func NewRegisterMultipleFields(pos lexer.Position, regID RegisterID, err error) *ErrAstToEval

NewRegisterMultipleFields returns a new ErrAstToEval error when a register is used across multiple fields

func NewRegisterNameNotAllowed 

func NewRegisterNameNotAllowed(pos lexer.Position, regID RegisterID, err error) *ErrAstToEval

NewRegisterNameNotAllowed returns a new ErrAstToEval error when a register name is not allowed

func NewTypeError 

func NewTypeError(pos lexer.Position, kind reflect.Kind) *ErrAstToEval

NewTypeError returns a new ErrAstToEval error when an invalid type was used

func (*ErrAstToEval) Error 

func (r *ErrAstToEval) Error() string

type ErrFieldNotFound 

type ErrFieldNotFound struct {
	Field string
}

ErrFieldNotFound error when a field is not present in the model

func (ErrFieldNotFound) Error 

func (e ErrFieldNotFound) Error() string

type ErrFieldReadOnly added in v0.40.0 

type ErrFieldReadOnly struct {
	Field Field
}

ErrFieldReadOnly is returned when a filter does not support being set with SetFieldValue

func (ErrFieldReadOnly) Error added in v0.40.0 

func (e ErrFieldReadOnly) Error() string

type ErrInvalidPattern 

type ErrInvalidPattern struct {
	Pattern string
}

ErrInvalidPattern is returned for an invalid regular expression

func (ErrInvalidPattern) Error 

func (e ErrInvalidPattern) Error() string

type ErrInvalidRegexp 

type ErrInvalidRegexp struct {
	Regexp string
}

ErrInvalidRegexp is returned for an invalid regular expression

func (ErrInvalidRegexp) Error 

func (e ErrInvalidRegexp) Error() string

type ErrIteratorNotSupported 

type ErrIteratorNotSupported struct {
	Field string
}

ErrIteratorNotSupported error when a field doesn't support iteration

func (ErrIteratorNotSupported) Error 

func (e ErrIteratorNotSupported) Error() string

type ErrIteratorVariable added in v0.60.0 

type ErrIteratorVariable struct {
	Err error
}

ErrIteratorVariable error when the iterator variable constraints are reached

func (ErrIteratorVariable) Error added in v0.60.0 

func (e ErrIteratorVariable) Error() string

type ErrNonStaticPattern 

type ErrNonStaticPattern struct {
	Field Field
}

ErrNonStaticPattern when pattern operator is used on a non static value

func (ErrNonStaticPattern) Error 

func (e ErrNonStaticPattern) Error() string

type ErrNotSupported 

type ErrNotSupported struct {
	Field string
}

ErrNotSupported returned when something is not supported on a field

func (ErrNotSupported) Error 

func (e ErrNotSupported) Error() string

type ErrRuleNotCompiled added in v0.34.0 

type ErrRuleNotCompiled struct {
	RuleID string
}

ErrRuleNotCompiled error returned by functions that require to have the rule compiled

func (ErrRuleNotCompiled) Error added in v0.34.0 

func (e ErrRuleNotCompiled) Error() string

type ErrRuleParse 

type ErrRuleParse struct {
	// contains filtered or unexported fields
}

ErrRuleParse describes a parsing error and its position in the expression

func (*ErrRuleParse) Error 

func (e *ErrRuleParse) Error() string

type ErrScopeFailure 

type ErrScopeFailure struct {
	VarName    string
	ScoperType InternalScoperType
	ScoperErr  error
}

ErrScopeFailure wraps an error coming from a variable scoper

func (*ErrScopeFailure) Error 

func (e *ErrScopeFailure) Error() string

Error returns the error message of the error

func (*ErrScopeFailure) Unwrap 

func (e *ErrScopeFailure) Unwrap() error

Unwrap unwraps the error

type ErrUnexpectedValueType 

type ErrUnexpectedValueType struct {
	Expected any
	Got      any
}

ErrUnexpectedValueType represents an invalid variable type assignment

func (*ErrUnexpectedValueType) Error 

func (e *ErrUnexpectedValueType) Error() string

Error returns the error message of the error

type ErrUnsupportedScope 

type ErrUnsupportedScope struct {
	VarName string
	Scope   string
}

ErrUnsupportedScope represents an unsupported scope error

func (*ErrUnsupportedScope) Error 

func (e *ErrUnsupportedScope) Error() string

Error returns the error message of the error

type ErrValueOutOfRange added in v0.58.0 

type ErrValueOutOfRange struct {
	Field string
}

ErrValueOutOfRange error when the given value is not having the correct range for the type

func (ErrValueOutOfRange) Error added in v0.58.0 

func (e ErrValueOutOfRange) Error() string

type ErrValueTypeMismatch 

type ErrValueTypeMismatch struct {
	Field string
}

ErrValueTypeMismatch error when the given value is not having the correct type

func (ErrValueTypeMismatch) Error 

func (e ErrValueTypeMismatch) Error() string

type Evaluator 

type Evaluator interface {
	Eval(ctx *Context) interface{}
	IsDeterministicFor(field Field) bool
	GetField() string
	IsStatic() bool
}

Evaluator is the interface of an evaluator

type Event 

type Event interface {
	// Init initialize the event
	Init()
	// GetType returns the Type of the Event
	GetType() EventType
	// GetFieldMetadata returns the Event Field Metadata for the given Field
	GetFieldMetadata(field Field) (EventType, reflect.Kind, string, error)
	// SetFieldValue sets the value of the given Field
	SetFieldValue(field Field, value interface{}) error
	// GetFieldValue returns the value of the given Field
	GetFieldValue(field Field) (interface{}, error)
	// GetTags returns a list of tags
	GetTags() []string
}

Event is an interface that an Event has to implement for the evaluation

type EventType 

type EventType = string

EventType is the type of an event

func EventTypeFromState added in v0.73.0 

func EventTypeFromState(model Model, state *State) (EventType, error)

EventTypeFromState return the event type from state

type Field 

type Field = string

Field name

type FieldValue 

type FieldValue struct {
	Value interface{}
	Type  FieldValueType
}

FieldValue describes a field value with its type

type FieldValueType 

type FieldValueType int

FieldValueType represents the type of the value of a field 

const (
	ScalarValueType   FieldValueType = 1 << 0
	GlobValueType     FieldValueType = 1 << 1
	PatternValueType  FieldValueType = 1 << 2
	RegexpValueType   FieldValueType = 1 << 3
	BitmaskValueType  FieldValueType = 1 << 4
	VariableValueType FieldValueType = 1 << 5
	IPNetValueType    FieldValueType = 1 << 6
	RangeValueType    FieldValueType = 1 << 7
)

Field value types

func (FieldValueType) MarshalJSON added in v0.48.0 

func (t FieldValueType) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON encoding of the FieldValueType

func (FieldValueType) String added in v0.48.0 

func (t FieldValueType) String() string

type Gauge added in v0.70.0 

type Gauge interface {
	// Inc increments the Gauge value.
	Inc(tagsValue ...string)
	// Dec decrements the Gauge value.
	Dec(tagsValue ...string)
}

Gauge tracks the amount of a metric

type Glob added in v0.34.0 

type Glob struct {
	// contains filtered or unexported fields
}

Glob describes file glob object

func NewGlob added in v0.34.0 

func NewGlob(pattern string, caseInsensitive bool, normalizePaths bool) (*Glob, error)

NewGlob returns a new glob object from the given pattern

func (*Glob) IsPrefix added in v0.71.0 

func (g *Glob) IsPrefix(filename string) bool

IsPrefix returns whether the glob pattern matches the beginning of the filename

func (*Glob) Matches added in v0.34.0 

func (g *Glob) Matches(filename string) bool

Matches the given filename

type GlobStringMatcher added in v0.34.0 

type GlobStringMatcher struct {
	// contains filtered or unexported fields
}

GlobStringMatcher defines a glob pattern matcher

func (*GlobStringMatcher) Compile added in v0.34.0 

func (g *GlobStringMatcher) Compile(pattern string, caseInsensitive bool, normalizePath bool) error

Compile a simple pattern

func (*GlobStringMatcher) IsPrefix added in v0.71.0 

func (g *GlobStringMatcher) IsPrefix(value string) bool

IsPrefix returns whether the pattern is a prefix of the value

func (*GlobStringMatcher) Matches added in v0.34.0 

func (g *GlobStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*GlobStringMatcher) String added in v0.66.0 

func (g *GlobStringMatcher) String() string

String implements the stringer interface

type IntArrayEvaluator 

type IntArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []int
	Field       Field
	Values      []int
	Weight      int
	OpOverrides []*OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

IntArrayEvaluator returns an array of int

func (*IntArrayEvaluator) AppendValues added in v0.34.0 

func (i *IntArrayEvaluator) AppendValues(values ...int)

AppendValues to the array evaluator

func (*IntArrayEvaluator) Eval 

func (i *IntArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*IntArrayEvaluator) GetField 

func (i *IntArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*IntArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (i *IntArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*IntArrayEvaluator) IsStatic added in v0.36.0 

func (i *IntArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*IntArrayEvaluator) OriginField added in v0.66.0 

func (i *IntArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type IntEvaluator 

type IntEvaluator struct {
	EvalFnc     func(ctx *Context) int
	Field       Field
	Value       int
	Weight      int
	OpOverrides []*OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

IntEvaluator returns an int as result of the evaluation

func IntAnd 

func IntAnd(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntMinus added in v0.46.0 

func IntMinus(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntNot 

func IntNot(a *IntEvaluator, state *State) *IntEvaluator

IntNot ^int operator

func IntOr 

func IntOr(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntPlus added in v0.46.0 

func IntPlus(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntXor 

func IntXor(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func Minus 

func Minus(a *IntEvaluator, state *State) *IntEvaluator

Minus -int operator

func (*IntEvaluator) Eval 

func (i *IntEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*IntEvaluator) GetField 

func (i *IntEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*IntEvaluator) IsDeterministicFor added in v0.35.0 

func (i *IntEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*IntEvaluator) IsStatic added in v0.36.0 

func (i *IntEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*IntEvaluator) OriginField added in v0.66.0 

func (i *IntEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type InternalScoperType 

type InternalScoperType int

InternalScoperType represents the type of a scoper 

const (
	// UndefinedScoperType is the undefinied scoper
	UndefinedScoperType InternalScoperType = iota
	// GlobalScoperType handles the global scope
	GlobalScoperType
	// ProcessScoperType handles process scopes
	ProcessScoperType
	// ContainerScoperType handles container scopes
	ContainerScoperType
	// CGroupScoperType handles cgroup scopes
	CGroupScoperType
)

func (InternalScoperType) String 

func (isn InternalScoperType) String() string

String returns the name of the scoper

func (InternalScoperType) VariablePrefix 

func (isn InternalScoperType) VariablePrefix() string

VariablePrefix returns the variable prefix that corresponds to this scoper type

type Macro 

type Macro struct {
	ID   MacroID
	Opts *Opts
	// contains filtered or unexported fields
}

Macro - Macro object identified by an `ID` containing a SECL `Expression`

func NewMacro added in v0.35.0 

func NewMacro(id, expression string, model Model, parsingContext *ast.ParsingContext, opts *Opts) (*Macro, error)

NewMacro parses an expression and returns a new macro

func NewStringValuesMacro added in v0.35.0 

func NewStringValuesMacro(id string, values []string, opts *Opts) (*Macro, error)

NewStringValuesMacro returns a new macro from an array of strings

func (*Macro) GenEvaluator 

func (m *Macro) GenEvaluator(expression string, model Model) error

GenEvaluator - Compiles and generates the evalutor

func (*Macro) GetAst 

func (m *Macro) GetAst() *ast.Macro

GetAst - Returns the representation of the SECL `Expression`

func (*Macro) GetEvaluator 

func (m *Macro) GetEvaluator() *MacroEvaluator

GetEvaluator - Returns the MacroEvaluator of the Macro corresponding to the SECL `Expression`

func (*Macro) GetEventType added in v0.57.0 

func (m *Macro) GetEventType() EventType

GetEventType - Returns the Event Type that the `Expression` handles

func (*Macro) GetFields 

func (m *Macro) GetFields() []Field

GetFields - Returns all the Field that the Macro handles included sub-Macro

func (*Macro) Parse 

func (m *Macro) Parse(parsingContext *ast.ParsingContext, expression string) error

Parse - Transforms the SECL `Expression` into its AST representation

type MacroEvaluator 

type MacroEvaluator struct {
	Value     interface{}
	EventType EventType
	// contains filtered or unexported fields
}

MacroEvaluator - Evaluation part of a Macro

func (*MacroEvaluator) GetFields 

func (m *MacroEvaluator) GetFields() []Field

GetFields - Returns all the Field that the MacroEvaluator handles

type MacroEvaluatorGetter added in v0.64.0 

type MacroEvaluatorGetter interface {
	GetMacroEvaluator(macroID string) (*MacroEvaluator, bool)
}

MacroEvaluatorGetter is an interface to get a MacroEvaluator

type MacroID 

type MacroID = string

MacroID - ID of a Macro

type MacroStore added in v0.38.0 

type MacroStore struct {
	// contains filtered or unexported fields
}

MacroStore represents a store of SECL Macros

func (*MacroStore) Add added in v0.43.0 

func (s *MacroStore) Add(macro *Macro) *MacroStore

Add adds a macro

func (*MacroStore) Contains added in v0.52.0 

func (s *MacroStore) Contains(id string) bool

Contains returns returns true is there is already a macro with this ID in the store

func (*MacroStore) Get added in v0.43.0 

func (s *MacroStore) Get(id MacroID) *Macro

Get returns the marcro

func (*MacroStore) GetMacroEvaluator added in v0.64.0 

func (s *MacroStore) GetMacroEvaluator(id MacroID) (*MacroEvaluator, bool)

GetMacroEvaluator returns the macro evaluator associated with the macro ID

func (*MacroStore) List added in v0.43.0 

func (s *MacroStore) List() []*Macro

List lists macros

type MatchingSubExpr added in v0.66.0 

type MatchingSubExpr struct {
	Offset int
	ValueA MatchingValue
	ValueB MatchingValue
}

MatchingSubExpr defines a boolean expression that matched

type MatchingSubExprs added in v0.66.0 

type MatchingSubExprs []MatchingSubExpr

MatchingSubExprs list of sub expression

func (*MatchingSubExprs) GetMatchingValuePos added in v0.66.0 

func (m *MatchingSubExprs) GetMatchingValuePos(expr string) []MatchingValuePos

GetMatchingValuePos return all the matching value position

type MatchingValue added in v0.66.0 

type MatchingValue struct {
	Offset int
	Field  Field
	Value  interface{}
}

MatchingValue defines a matched value

type MatchingValuePos added in v0.66.0 

type MatchingValuePos struct {
	Offset int
	Length int
	Value  interface{}
	Field  string
}

MatchingValuePos defines a position and a length in the rule expression

func (MatchingValuePos) IsZero added in v0.66.0 

func (m MatchingValuePos) IsZero() bool

IsZero returns if the pos is empty of not

type Model 

type Model interface {
	// GetEvaluator returns an evaluator for the given field
	GetEvaluator(field Field, regID RegisterID, offset int) (Evaluator, error)
	// ValidateField returns whether the value use against the field is valid, ex: for constant
	ValidateField(field Field, value FieldValue) error
	// NewEvent returns a new event instance
	NewEvent() Event
	// GetFieldRestrictions returns the event type for which the field is available
	GetFieldRestrictions(field Field) []EventType
}

Model - interface that a model has to implement for the rule compilation

type OpOverrides added in v0.34.0 

type OpOverrides struct {
	StringEquals         func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)
	StringValuesContains func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)
	StringArrayContains  func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)
	StringArrayMatches   func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)
}

OpOverrides defines operator override functions

type Opts 

type Opts struct {
	LegacyFields  map[Field]Field
	Constants     map[string]interface{}
	VariableStore *VariableStore
	MacroStore    *MacroStore
	Telemetry     *Telemetry
}

Opts are the options to be passed to the evaluator

func (*Opts) AddMacro added in v0.34.0 

func (o *Opts) AddMacro(macro *Macro) *Opts

AddMacro add a macro

func (*Opts) AddVariable added in v0.43.0 

func (o *Opts) AddVariable(name string, variable StaticVariable) *Opts

AddVariable add a variable

func (*Opts) WithConstants added in v0.34.0 

func (o *Opts) WithConstants(constants map[string]interface{}) *Opts

WithConstants set constants

func (*Opts) WithLegacyFields added in v0.34.0 

func (o *Opts) WithLegacyFields(fields map[Field]Field) *Opts

WithLegacyFields set legacy fields

func (*Opts) WithMacroStore added in v0.43.0 

func (o *Opts) WithMacroStore(store *MacroStore) *Opts

WithMacroStore set the macro store

func (*Opts) WithTelemetry added in v0.70.0 

func (o *Opts) WithTelemetry(telemetry *Telemetry) *Opts

WithTelemetry sets the telemetry

func (*Opts) WithVariableStore added in v0.43.0 

func (o *Opts) WithVariableStore(store *VariableStore) *Opts

WithVariableStore set the variable store

func (*Opts) WithVariables added in v0.34.0 

func (o *Opts) WithVariables(variables map[string]StaticVariable) *Opts

WithVariables set variables

type PatternStringMatcher added in v0.36.0 

type PatternStringMatcher struct {
	// contains filtered or unexported fields
}

PatternStringMatcher defines a pattern matcher

func (*PatternStringMatcher) Compile added in v0.36.0 

func (p *PatternStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a simple pattern

func (*PatternStringMatcher) Matches added in v0.36.0 

func (p *PatternStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*PatternStringMatcher) String added in v0.66.0 

func (p *PatternStringMatcher) String() string

String implements the stringer interface

type RegexpStringMatcher added in v0.34.0 

type RegexpStringMatcher struct {
	// contains filtered or unexported fields
}

RegexpStringMatcher defines a regular expression pattern matcher

func (*RegexpStringMatcher) Compile added in v0.34.0 

func (r *RegexpStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a regular expression based pattern

func (*RegexpStringMatcher) Matches added in v0.34.0 

func (r *RegexpStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*RegexpStringMatcher) String added in v0.66.0 

func (r *RegexpStringMatcher) String() string

String implements the stringer interface

type Register 

type Register struct {
	ID    RegisterID
	Field Field
}

Register defines an eval register

type RegisterCacheEntry added in v0.60.0 

type RegisterCacheEntry struct {
	Pos   int
	Value interface{}
}

RegisterCacheEntry used to track the value

type RegisterID 

type RegisterID = string

RegisterID identify a register ID

type ReleasableVariableScope 

type ReleasableVariableScope interface {
	AppendReleaseCallback(callback func())
}

ReleasableVariableScope represents a scope that can be released

type Rule 

type Rule struct {
	ID         RuleID
	Expression string
	Tags       []string
	Model      Model
	Opts       *Opts
	// contains filtered or unexported fields
}

Rule - Rule object identified by an `ID` containing a SECL `Expression`

func NewRule added in v0.43.0 

func NewRule(id string, expression string, parsingContext *ast.ParsingContext, opts *Opts, tags ...string) (*Rule, error)

NewRule returns a new rule

func (*Rule) Eval 

func (r *Rule) Eval(ctx *Context) bool

Eval - Evaluates

func (*Rule) GenEvaluator 

func (r *Rule) GenEvaluator(model Model) error

GenEvaluator - Compile and generates the RuleEvaluator

func (*Rule) GetAst 

func (r *Rule) GetAst() *ast.Rule

GetAst - Returns the representation of the SECL `Expression`

func (*Rule) GetEvaluator 

func (r *Rule) GetEvaluator() *RuleEvaluator

GetEvaluator - Returns the RuleEvaluator of the Rule corresponding to the SECL `Expression`

func (*Rule) GetEventType added in v0.57.0 

func (r *Rule) GetEventType() (EventType, error)

GetEventType - Returns the event type that the `Expression` handles

func (*Rule) GetFieldValues 

func (r *Rule) GetFieldValues(field Field) []FieldValue

GetFieldValues returns the values of the given field

func (*Rule) GetFields 

func (r *Rule) GetFields() []Field

GetFields - Returns all the Field of the Rule including field of the Macro used

func (*Rule) GetPartialEval 

func (r *Rule) GetPartialEval(field Field) BoolEvalFnc

GetPartialEval - Returns the Partial RuleEvaluator for the given Field

func (*Rule) GetPprofLabels added in v0.53.0 

func (r *Rule) GetPprofLabels() utils.LabelSet

GetPprofLabels returns the pprof labels

func (*Rule) Parse 

func (r *Rule) Parse(parsingContext *ast.ParsingContext) error

Parse - Transforms the SECL `Expression` into its AST representation

func (*Rule) PartialEval 

func (r *Rule) PartialEval(ctx *Context, field Field) (bool, error)

PartialEval - Partial evaluation with the given Field

type RuleEvaluator 

type RuleEvaluator struct {
	Eval      BoolEvalFnc
	EventType EventType
	// contains filtered or unexported fields
}

RuleEvaluator - Evaluation part of a Rule

func NewRuleEvaluator added in v0.41.0 

func NewRuleEvaluator(rule *ast.Rule, model Model, opts *Opts) (*RuleEvaluator, error)

NewRuleEvaluator returns a new evaluator for a rule

func (*RuleEvaluator) GetFields 

func (r *RuleEvaluator) GetFields() []Field

GetFields - Returns all the Field that the RuleEvaluator handles

func (*RuleEvaluator) IsPartialAvailable added in v0.53.0 

func (r *RuleEvaluator) IsPartialAvailable(field Field) bool

IsPartialAvailable checks if partial have been generated for the given Field

func (*RuleEvaluator) PartialEval 

func (r *RuleEvaluator) PartialEval(ctx *Context, field Field) (bool, error)

PartialEval partially evaluation of the Rule with the given Field.

type RuleID 

type RuleID = string

RuleID - ID of a Rule

type RuleSetTagValue added in v0.46.0 

type RuleSetTagValue = string

RuleSetTagValue - Value of the "ruleset" tag

type ScalarStringMatcher added in v0.36.0 

type ScalarStringMatcher struct {
	// contains filtered or unexported fields
}

ScalarStringMatcher defines a scalar matcher

func (*ScalarStringMatcher) Compile added in v0.36.0 

func (s *ScalarStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a simple pattern

func (*ScalarStringMatcher) Matches added in v0.36.0 

func (s *ScalarStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*ScalarStringMatcher) String added in v0.66.0 

func (s *ScalarStringMatcher) String() string

String implements the stringer interface

type State added in v0.34.0 

type State struct {
	// contains filtered or unexported fields
}

State defines the current state of the rule compilation

func NewState added in v0.36.0 

func NewState(model Model, field Field, macros MacroEvaluatorGetter) *State

NewState returns a new State

func (*State) UpdateFieldValues added in v0.34.0 

func (s *State) UpdateFieldValues(field Field, value FieldValue) error

UpdateFieldValues updates the field values

func (*State) UpdateFields added in v0.34.0 

func (s *State) UpdateFields(field Field)

UpdateFields updates the fields used in the rule

type StateRegexpCache added in v0.37.0 

type StateRegexpCache struct {
	// contains filtered or unexported fields
}

StateRegexpCache is used to cache regexps used in the rule compilation process

type StaticVariable 

type StaticVariable interface {
	GetValue(ctx *Context) any
}

StaticVariable represents a hard-coded variable

func NewStaticVariable 

func NewStaticVariable[T VariableType](getValue func(ctx *Context) T) StaticVariable

NewStaticVariable returns a new static variable

type StringArrayEvaluator 

type StringArrayEvaluator struct {
	EvalFnc       func(ctx *Context) []string
	Values        []string
	Field         Field
	Weight        int
	OpOverrides   []*OpOverrides
	StringCmpOpts StringCmpOpts // only Field evaluator can set this value
	Offset        int           // position in the expression
	// contains filtered or unexported fields
}

StringArrayEvaluator returns an array of strings

func (*StringArrayEvaluator) AppendValue added in v0.34.0 

func (s *StringArrayEvaluator) AppendValue(value string)

AppendValue append the given value

func (*StringArrayEvaluator) Eval 

func (s *StringArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringArrayEvaluator) GetField 

func (s *StringArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringArrayEvaluator) IsStatic added in v0.36.0 

func (s *StringArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringArrayEvaluator) OriginField added in v0.66.0 

func (s *StringArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type StringCmpOpts added in v0.36.0 

type StringCmpOpts struct {
	CaseInsensitive        bool
	PathSeparatorNormalize bool
}

StringCmpOpts defines options to apply during string comparison

type StringEvaluator 

type StringEvaluator struct {
	EvalFnc       func(ctx *Context) string
	Field         Field
	Value         string
	Weight        int
	OpOverrides   []*OpOverrides
	ValueType     FieldValueType
	StringCmpOpts StringCmpOpts // only Field evaluator can set this value
	Offset        int           // position in the expression
	// contains filtered or unexported fields
}

StringEvaluator returns a string as result of the evaluation

func (*StringEvaluator) Eval 

func (s *StringEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringEvaluator) GetField 

func (s *StringEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringEvaluator) GetValue added in v0.34.0 

func (s *StringEvaluator) GetValue(ctx *Context) string

GetValue returns the evaluator value

func (*StringEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringEvaluator) IsStatic added in v0.36.0 

func (s *StringEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringEvaluator) OriginField added in v0.66.0 

func (s *StringEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

func (*StringEvaluator) ToStringMatcher added in v0.36.0 

func (s *StringEvaluator) ToStringMatcher(opts StringCmpOpts) (StringMatcher, error)

ToStringMatcher returns a StringMatcher of the evaluator

type StringMatcher added in v0.34.0 

type StringMatcher interface {
	Matches(value string) bool
	String() string
}

StringMatcher defines a pattern matcher

func NewStringMatcher added in v0.34.0 

func NewStringMatcher(kind FieldValueType, pattern string, opts StringCmpOpts) (StringMatcher, error)

NewStringMatcher returns a new string matcher

type StringValues added in v0.34.0 

type StringValues struct {
	// contains filtered or unexported fields
}

StringValues describes a set of string values, either regex or scalar

func (*StringValues) AppendFieldValue added in v0.34.0 

func (s *StringValues) AppendFieldValue(value FieldValue)

AppendFieldValue append a FieldValue

func (*StringValues) AppendScalarValue added in v0.34.0 

func (s *StringValues) AppendScalarValue(value string)

AppendScalarValue append a scalar string value

func (*StringValues) Compile added in v0.36.0 

func (s *StringValues) Compile(opts StringCmpOpts) error

Compile all the values

func (*StringValues) GetFieldValues added in v0.36.0 

func (s *StringValues) GetFieldValues() []FieldValue

GetFieldValues return the list of FieldValue stored in the StringValues

func (*StringValues) GetScalarValues added in v0.34.0 

func (s *StringValues) GetScalarValues() []string

GetScalarValues return the scalar values

func (*StringValues) GetStringMatchers added in v0.34.0 

func (s *StringValues) GetStringMatchers() []StringMatcher

GetStringMatchers return the pattern matchers

func (*StringValues) Matches added in v0.34.0 

func (s *StringValues) Matches(value string) (bool, string)

Matches returns whether the value matches the string values

func (*StringValues) SetFieldValues added in v0.34.0 

func (s *StringValues) SetFieldValues(values ...FieldValue) error

SetFieldValues apply field values

type StringValuesEvaluator added in v0.34.0 

type StringValuesEvaluator struct {
	EvalFnc func(ctx *Context) *StringValues
	Values  StringValues
	Weight  int
	Offset  int // position in the expression
}

StringValuesEvaluator returns an array of strings

func (*StringValuesEvaluator) AppendMembers added in v0.34.0 

func (s *StringValuesEvaluator) AppendMembers(members ...ast.StringMember)

AppendMembers add members to the evaluator

func (*StringValuesEvaluator) Compile added in v0.36.0 

func (s *StringValuesEvaluator) Compile(opts StringCmpOpts) error

Compile the underlying StringValues

func (*StringValuesEvaluator) Eval added in v0.34.0 

func (s *StringValuesEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringValuesEvaluator) GetField added in v0.34.0 

func (s *StringValuesEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringValuesEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringValuesEvaluator) IsDeterministicFor(_ Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringValuesEvaluator) IsStatic added in v0.36.0 

func (s *StringValuesEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringValuesEvaluator) SetFieldValues added in v0.34.0 

func (s *StringValuesEvaluator) SetFieldValues(values ...FieldValue) error

SetFieldValues apply field values

type Telemetry added in v0.70.0 

type Telemetry struct {
	TotalVariables Gauge
}

Telemetry tracks the values of evaluation metrics

type VariableDefinition 

type VariableDefinition interface {
	VariableName(withScopePrefix bool) string
	DefaultValue() any
	IsPrivate() bool
	Scoper() *VariableScoper
	AddNewInstance(ctx *Context) (VariableInstance, bool, error)
	GetInstance(ctx *Context) (VariableInstance, bool, error)
	GetInstancesCount() int
	CleanupExpiredVariables()
	// contains filtered or unexported methods
}

VariableDefinition represents the definition of a SECL variable

func NewVariableDefinition 

func NewVariableDefinition[T VariableType](name string, scoper *VariableScoper, defaultValue T, opts VariableOpts) VariableDefinition

NewVariableDefinition returns a new definition of a SECL variable

type VariableInstance 

type VariableInstance interface {
	Set(any) error
	Append(any) error
	GetValue() any
	IsExpired() bool
	// contains filtered or unexported methods
}

VariableInstance represents an instance of a variable, indenpdently of its type

type VariableName 

type VariableName string

VariableName represents the name of a variable with its scope prefix included

func GetVariableName 

func GetVariableName(scope, name string) VariableName

GetVariableName returns a VariableName based on the given scope and variable names

type VariableOpts added in v0.56.0 

type VariableOpts struct {
	TTL       time.Duration
	Size      int
	Private   bool
	Inherited bool
	Append    bool
	Telemetry *Telemetry
}

VariableOpts represents the options of a SECL variable

type VariableScope added in v0.64.0 

type VariableScope interface {
	Key() (string, bool)
	ParentScope() (VariableScope, bool)
}

VariableScope represents the scope of a variable

type VariableScoper 

type VariableScoper struct {
	// contains filtered or unexported fields
}

VariableScoper represents a variable scoper

func NewVariableScoper 

func NewVariableScoper(scoperType InternalScoperType, cb func(ctx *Context) (VariableScope, error)) *VariableScoper

NewVariableScoper returns a new variable scoper

func (*VariableScoper) GetScope 

func (vs *VariableScoper) GetScope(ctx *Context) (VariableScope, error)

GetScope returns a variable scope based on the given Context

func (*VariableScoper) Type 

func (vs *VariableScoper) Type() InternalScoperType

Type returns the type of the variable scoper

type VariableStore added in v0.43.0 

type VariableStore struct {
	// contains filtered or unexported fields
}

VariableStore represents a collection of variables

func NewVariableStore 

func NewVariableStore() *VariableStore

NewVariableStore returns a new VariableStore

func (*VariableStore) AddDefinition 

func (s *VariableStore) AddDefinition(varName VariableName, definition VariableDefinition)

AddDefinition adds a variable definition to the store

func (*VariableStore) AddStaticVariable 

func (s *VariableStore) AddStaticVariable(varName VariableName, variable StaticVariable)

AddStaticVariable adds a static variable to the store

func (*VariableStore) CleanupExpiredVariables 

func (s *VariableStore) CleanupExpiredVariables()

CleanupExpiredVariables deletes expired variable instances from the store

func (*VariableStore) GetDefinition 

func (s *VariableStore) GetDefinition(varName VariableName) (VariableDefinition, bool)

GetDefinition returns the definition of a variable based on the given name

func (*VariableStore) GetEvaluator 

func (s *VariableStore) GetEvaluator(varName VariableName) (any, error)

GetEvaluator returns an evaluator based on the given variable name

func (*VariableStore) IterVariableDefinitions 

func (s *VariableStore) IterVariableDefinitions(cb func(definition VariableDefinition))

IterVariableDefinitions calls the given callback function on all variable defintions

func (*VariableStore) IterVariables 

func (s *VariableStore) IterVariables(cb func(definition VariableDefinition, instances map[string]VariableInstance))

IterVariables calls the given callback function on all variables

type VariableType 

type VariableType interface {
	string | int | bool | net.IPNet |
		[]string | []int | []net.IPNet
}

VariableType lists the types that a SECL variable can take

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.