filter

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CompileExpression 

func CompileExpression(expression string, recordType types.Type) (*vm.Program, error)

CompileExpression compiles an expr-lang expression for a specific audit record type. The expression has access to all fields of the audit record and helper functions.

func Contains 

func Contains(slice any, value any) bool

Contains checks if a slice contains a specific value. Supports []string, []int, and []int32 (common in protobuf).

func ContainsAny 

func ContainsAny(str string, substrs []string) bool

ContainsAny checks if a string contains any of the provided substrings.

func CreateEnvironment 

func CreateEnvironment(record types.AuditRecord) map[string]any

CreateEnvironment creates an expression environment from an audit record. This makes all fields of the record accessible in expressions. Note: Helper functions are declared via expr.Function() in CompileExpression() with explicit type signatures.

func DurationSince 

func DurationSince(ts int64) int64

DurationSince returns the duration in nanoseconds since a given timestamp.

func EvaluateExpression 

func EvaluateExpression(program *vm.Program, record types.AuditRecord) (bool, error)

EvaluateExpression evaluates a compiled expression against an audit record. Returns true if the record matches the filter, false otherwise.

func FormatTime 

func FormatTime(ts int64, format string) string

FormatTime formats a timestamp (nanoseconds) according to the provided format string. Uses Go's time format layout (e.g., "2006-01-02 15:04:05").

func HasKey 

func HasKey(m any, key string) bool

HasKey checks if a map contains a specific key. Supports map[string]string and map[string]interface{}.

func InSubnet 

func InSubnet(ip, cidr string) bool

InSubnet checks if an IP address is within a given CIDR subnet.

func IsPrivateIP 

func IsPrivateIP(ip string) bool

IsPrivateIP checks if an IP address is in a private range.

func IsPublicIP 

func IsPublicIP(ip string) bool

IsPublicIP checks if an IP address is a public (non-private) address.

func MatchesPattern 

func MatchesPattern(str, pattern string) bool

MatchesPattern checks if a string matches a regular expression pattern.

func MustCompileExpression 

func MustCompileExpression(expression string, recordType types.Type) *vm.Program

MustCompileExpression compiles an expression and panics on error. Useful for static expressions that are known to be valid.

func ParsePort 

func ParsePort(port string) int

ParsePort converts a port string to an integer. Returns 0 if the string cannot be parsed.

func PortInRange 

func PortInRange(port, start, end int) bool

PortInRange checks if a port is within a given range (inclusive).

func TimeInRange 

func TimeInRange(ts, start, end int64) bool

TimeInRange checks if a timestamp (nanoseconds) is within a given range.

Types

type CompiledFilter 

type CompiledFilter struct {
	Program    *vm.Program
	RecordType types.Type
	Expression string
}

CompiledFilter wraps a compiled expression program with its record type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.