eval

package
v0.69.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2025 License: Apache-2.0 Imports: 16 Imported by: 1

Documentation

Overview

Package eval holds eval related files

Package eval holds eval related files

Index

Constants

View Source 
const (
	FunctionWeight       = 5
	InArrayWeight        = 10
	HandlerWeight        = 50
	PatternWeight        = 80
	RegexpWeight         = 100
	InPatternArrayWeight = 1000
	IteratorWeight       = 2000
)

defines factor applied by specific operator

Variables

View Source 
var (
	// IPV4Mask32 ipv4 ip address
	IPV4Mask32 = net.CIDRMask(32, 8*net.IPv4len)
	// IPV6Mask128 ipv6 ip address
	IPV6Mask128 = net.CIDRMask(128, 8*net.IPv6len)
)
View Source 
var (
	// CaseInsensitiveCmp lower case values before comparing. Important : this operator override doesn't support approvers
	CaseInsensitiveCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
			}

			return StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			}

			return StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
			}

			return StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
			}

			return StringArrayMatches(a, b, state)
		},
	}

	// WindowsPathCmp lower case values before comparing, converts patterns to globs, and normalizes path separators. Important : this operator override doesn't support approvers
	WindowsPathCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
				b.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			} else if b.Field != "" {
				b.StringCmpOpts.CaseInsensitive = true
				b.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.Field != "" {
				a.StringCmpOpts.CaseInsensitive = true
				a.StringCmpOpts.PathSeparatorNormalize = true
			}

			return GlobCmp.StringArrayMatches(a, b, state)
		},
	}
)
View Source 
var DefaultStringCmpOpts = StringCmpOpts{}

DefaultStringCmpOpts defines the default comparison options

View Source 
var (
	// ErrMultipleEventTypes is returned when multiple event type were inferred from the expression
	ErrMultipleEventTypes = errors.New("expression with multiple event types is not supported")
)
View Source 
var (
	// GlobCmp replaces a pattern matcher with a glob matcher for *file.path fields.
	GlobCmp = &OpOverrides{
		StringEquals: func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			} else if b.ValueType == PatternValueType {
				b.ValueType = GlobValueType
			}

			return StringEquals(a, b, state)
		},
		StringValuesContains: func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			} else {
				var values StringValues
				for _, v := range b.Values.GetFieldValues() {
					if v.Type == PatternValueType {
						v.Type = GlobValueType
					}
					values.AppendFieldValue(v)
				}
				b = &StringValuesEvaluator{
					Values: values,
				}
			}

			return StringValuesContains(a, b, state)
		},
		StringArrayContains: func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error) {
			if a.ValueType == PatternValueType {
				a.ValueType = GlobValueType
			}

			return StringArrayContains(a, b, state)
		},
		StringArrayMatches: func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error) {
			var values StringValues
			for _, v := range b.Values.GetFieldValues() {
				if v.Type == PatternValueType {
					v.Type = GlobValueType
				}
				values.AppendFieldValue(v)
			}
			b = &StringValuesEvaluator{
				Values: values,
			}

			return StringArrayMatches(a, b, state)
		},
	}
)

Functions

func IPNetFromIP added in v0.37.0 

func IPNetFromIP(ip net.IP) *net.IPNet

IPNetFromIP returns a IPNET version of the IP

func IPNetsMatch added in v0.37.0 

func IPNetsMatch(i1, i2 *net.IPNet) bool

IPNetsMatch returns whether the IPNets match

func IPToInt added in v0.36.0 

func IPToInt(ip net.IP) (*big.Int, int, error)

IPToInt transforms an IP to a big Int

func IntToIP added in v0.36.0 

func IntToIP(ipInt *big.Int, bits int) net.IP

IntToIP transforms a big Int to an IP

func KeysOfMap added in v0.52.0 

func KeysOfMap[M ~map[K]V, K comparable, V any](m M) []K

KeysOfMap returns a slice of the keys contained in the given map

func NodeToEvaluator added in v0.65.0 

func NodeToEvaluator(obj interface{}, opts *Opts, state *State) (interface{}, lexer.Position, error)

NodeToEvaluator converts an AST expression to an evaluator

func NotOfValue 

func NotOfValue(value interface{}) (interface{}, error)

NotOfValue returns the NOT of a value

func ParseCIDR added in v0.37.0 

func ParseCIDR(ip string) (*net.IPNet, error)

ParseCIDR converts an IP/CIDR notation to an IPNet object

func PatternMatches added in v0.34.0 

func PatternMatches(pattern string, str string, caseInsensitive bool) bool

PatternMatches matches a pattern against a string

func PatternMatchesWithSegments added in v0.54.0 

func PatternMatchesWithSegments(patternElem patternElement, str string, caseInsensitive bool) bool

PatternMatchesWithSegments matches a pattern against a string

Types

type BoolArrayEvaluator 

type BoolArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []bool
	Field       Field
	Values      []bool
	Weight      int
	OpOverrides *OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

BoolArrayEvaluator returns an array of bool

func (*BoolArrayEvaluator) AppendValues added in v0.56.0 

func (b *BoolArrayEvaluator) AppendValues(values ...bool)

AppendValues to the array evaluator

func (*BoolArrayEvaluator) Eval 

func (b *BoolArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*BoolArrayEvaluator) GetField 

func (b *BoolArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*BoolArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (b *BoolArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*BoolArrayEvaluator) IsStatic added in v0.36.0 

func (b *BoolArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*BoolArrayEvaluator) OriginField added in v0.66.0 

func (b *BoolArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type BoolEvalFnc 

type BoolEvalFnc = func(ctx *Context) bool

BoolEvalFnc describe a eval function return a boolean

type BoolEvaluator 

type BoolEvaluator struct {
	EvalFnc     BoolEvalFnc
	Field       Field
	Value       bool
	Weight      int
	OpOverrides *OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

BoolEvaluator returns a bool as result of the evaluation

func And 

func And(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

And operator

func ArrayBoolContains 

func ArrayBoolContains(a *BoolEvaluator, b *BoolArrayEvaluator, state *State) (*BoolEvaluator, error)

ArrayBoolContains evaluates array of bool against a value

func BoolArrayEquals added in v0.34.0 

func BoolArrayEquals(a *BoolEvaluator, b *BoolArrayEvaluator, state *State) (*BoolEvaluator, error)

func BoolEquals 

func BoolEquals(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

func CIDRArrayContains added in v0.37.0 

func CIDRArrayContains(a *CIDREvaluator, b *CIDRArrayEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayContains evaluates a CIDR against a list of CIDRs

func CIDRArrayMatches added in v0.37.0 

func CIDRArrayMatches(a *CIDRArrayEvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatches weak comparison, at least one element of a should be in b.

func CIDRArrayMatchesAll added in v0.37.0 

func CIDRArrayMatchesAll(a *CIDRArrayEvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatchesAll ensures that all values from a and b match.

func CIDRArrayMatchesCIDREvaluator added in v0.65.0 

func CIDRArrayMatchesCIDREvaluator(a *CIDRArrayEvaluator, b *CIDREvaluator, state *State) (*BoolEvaluator, error)

CIDRArrayMatchesCIDREvaluator weak comparison, at least one element of a should be in b.

func CIDREquals added in v0.36.0 

func CIDREquals(a *CIDREvaluator, b *CIDREvaluator, state *State) (*BoolEvaluator, error)

CIDREquals evaluates CIDR ranges

func CIDRValuesContains added in v0.36.0 

func CIDRValuesContains(a *CIDREvaluator, b *CIDRValuesEvaluator, state *State) (*BoolEvaluator, error)

CIDRValuesContains evaluates a CIDR against a list of CIDRs

func DurationArrayGreaterOrEqualThan added in v0.46.0 

func DurationArrayGreaterOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayGreaterThan added in v0.46.0 

func DurationArrayGreaterThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayLesserOrEqualThan added in v0.46.0 

func DurationArrayLesserOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationArrayLesserThan added in v0.46.0 

func DurationArrayLesserThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func DurationEqual added in v0.46.0 

func DurationEqual(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationEqualArithmeticOperation added in v0.46.0 

func DurationEqualArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterOrEqualThan 

func DurationGreaterOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterOrEqualThanArithmeticOperation added in v0.46.0 

func DurationGreaterOrEqualThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterThan 

func DurationGreaterThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationGreaterThanArithmeticOperation added in v0.46.0 

func DurationGreaterThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserOrEqualThan 

func DurationLesserOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserOrEqualThanArithmeticOperation added in v0.46.0 

func DurationLesserOrEqualThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserThan 

func DurationLesserThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func DurationLesserThanArithmeticOperation added in v0.46.0 

func DurationLesserThanArithmeticOperation(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func GreaterOrEqualThan 

func GreaterOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func GreaterThan 

func GreaterThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayEquals added in v0.34.0 

func IntArrayEquals(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayGreaterOrEqualThan added in v0.34.0 

func IntArrayGreaterOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayGreaterThan added in v0.34.0 

func IntArrayGreaterThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayLesserOrEqualThan added in v0.34.0 

func IntArrayLesserOrEqualThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayLesserThan added in v0.34.0 

func IntArrayLesserThan(a *IntEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

func IntArrayMatches added in v0.34.0 

func IntArrayMatches(a *IntArrayEvaluator, b *IntArrayEvaluator, state *State) (*BoolEvaluator, error)

IntArrayMatches weak comparison, a least one element of a should be in b

func IntEquals 

func IntEquals(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func LesserOrEqualThan 

func LesserOrEqualThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func LesserThan 

func LesserThan(a *IntEvaluator, b *IntEvaluator, state *State) (*BoolEvaluator, error)

func Not 

func Not(a *BoolEvaluator, state *State) *BoolEvaluator

Not !true operator

func Or 

func Or(a *BoolEvaluator, b *BoolEvaluator, state *State) (*BoolEvaluator, error)

Or operator

func StringArrayContains added in v0.34.0 

func StringArrayContains(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)

StringArrayContains evaluates array of strings against a value

func StringArrayContainsWrapper added in v0.34.0 

func StringArrayContainsWrapper(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)

StringArrayContainsWrapper makes use of operator overrides

func StringArrayMatches added in v0.34.0 

func StringArrayMatches(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)

StringArrayMatches weak comparison, a least one element of a should be in b. a can't contain regexp

func StringEquals 

func StringEquals(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)

StringEquals evaluates string

func StringEqualsWrapper added in v0.34.0 

func StringEqualsWrapper(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)

StringEqualsWrapper makes use of operator overrides

func StringValuesContains added in v0.34.0 

func StringValuesContains(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)

StringValuesContains evaluates a string against values

func (*BoolEvaluator) Eval 

func (b *BoolEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*BoolEvaluator) GetField 

func (b *BoolEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*BoolEvaluator) IsDeterministicFor added in v0.35.0 

func (b *BoolEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*BoolEvaluator) IsStatic added in v0.36.0 

func (b *BoolEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*BoolEvaluator) OriginField added in v0.66.0 

func (b *BoolEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type BoolVariable added in v0.35.0 

type BoolVariable struct {
	Value bool
	// contains filtered or unexported fields
}

BoolVariable describes a mutable boolean variable

func NewBoolVariable added in v0.35.0 

func NewBoolVariable(value bool, opts VariableOpts) *BoolVariable

NewBoolVariable returns a new mutable boolean variable

func (*BoolVariable) Append added in v0.64.0 

func (m *BoolVariable) Append(_ *Context, _ interface{}) error

Append a value to the boolean

func (*BoolVariable) GetEvaluator added in v0.35.0 

func (m *BoolVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*BoolVariable) GetValue added in v0.64.0 

func (m *BoolVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*BoolVariable) GetVariableOpts added in v0.68.0 

func (m *BoolVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*BoolVariable) Set added in v0.64.0 

func (m *BoolVariable) Set(_ *Context, value interface{}) error

Set the variable with the specified value

func (*BoolVariable) SetVariableOpts added in v0.68.0 

func (m *BoolVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type CIDRArrayEvaluator added in v0.37.0 

type CIDRArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []net.IPNet
	Field       Field
	Value       []net.IPNet
	Weight      int
	OpOverrides *OpOverrides
	ValueType   FieldValueType
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

CIDRArrayEvaluator returns an array of net.IPNet

func (*CIDRArrayEvaluator) Eval added in v0.37.0 

func (s *CIDRArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDRArrayEvaluator) GetField added in v0.37.0 

func (s *CIDRArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDRArrayEvaluator) IsDeterministicFor added in v0.37.0 

func (s *CIDRArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDRArrayEvaluator) IsStatic added in v0.37.0 

func (s *CIDRArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*CIDRArrayEvaluator) OriginField added in v0.66.0 

func (s *CIDRArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type CIDREvaluator added in v0.36.0 

type CIDREvaluator struct {
	EvalFnc     func(ctx *Context) net.IPNet
	Field       Field
	Value       net.IPNet
	Weight      int
	OpOverrides *OpOverrides
	ValueType   FieldValueType
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

CIDREvaluator returns a net.IP

func (*CIDREvaluator) Eval added in v0.36.0 

func (s *CIDREvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDREvaluator) GetField added in v0.36.0 

func (s *CIDREvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDREvaluator) IsDeterministicFor added in v0.36.0 

func (s *CIDREvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDREvaluator) IsStatic added in v0.36.0 

func (s *CIDREvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

type CIDRValues added in v0.36.0 

type CIDRValues struct {
	// contains filtered or unexported fields
}

CIDRValues describes a set of CIDRs

func (*CIDRValues) AppendCIDR added in v0.36.0 

func (c *CIDRValues) AppendCIDR(cidr string) error

AppendCIDR append a CIDR notation

func (*CIDRValues) AppendIP added in v0.36.0 

func (c *CIDRValues) AppendIP(ip string) error

AppendIP append ip notation

func (*CIDRValues) Contains added in v0.37.0 

func (c *CIDRValues) Contains(ipnet *net.IPNet) (bool, *net.IPNet)

Contains returns whether the values match the provided IPNet

func (*CIDRValues) Match added in v0.37.0 

func (c *CIDRValues) Match(ipnets []net.IPNet) (bool, net.IPNet)

Match returns whether the values matches the provided IPNets

func (*CIDRValues) MatchAll added in v0.37.0 

func (c *CIDRValues) MatchAll(ipnets []net.IPNet) (bool, []*net.IPNet)

MatchAll returns whether the values matches all the provided IPNets

type CIDRValuesEvaluator added in v0.36.0 

type CIDRValuesEvaluator struct {
	EvalFnc   func(ctx *Context) *CIDRValues
	Value     CIDRValues
	Weight    int
	ValueType FieldValueType
	Offset    int // position in the expression
}

CIDRValuesEvaluator returns a net.IP

func (*CIDRValuesEvaluator) Eval added in v0.36.0 

func (s *CIDRValuesEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*CIDRValuesEvaluator) GetField added in v0.36.0 

func (s *CIDRValuesEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*CIDRValuesEvaluator) IsDeterministicFor added in v0.36.0 

func (s *CIDRValuesEvaluator) IsDeterministicFor(_ Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*CIDRValuesEvaluator) IsStatic added in v0.36.0 

func (s *CIDRValuesEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*CIDRValuesEvaluator) OriginField added in v0.66.0 

func (s *CIDRValuesEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type Context 

type Context struct {
	Event Event

	// cache available across all the evaluations
	StringCache map[Field][]string
	IPNetCache  map[Field][]net.IPNet
	IntCache    map[Field][]int
	BoolCache   map[Field][]bool

	// iterator register cache. used to cache entry within a single rule evaluation
	RegisterCache map[RegisterID]*RegisterCacheEntry

	// rule register
	Registers map[RegisterID]int

	IteratorCountCache map[string]int
	// contains filtered or unexported fields
}

Context describes the context used during a rule evaluation

func NewContext 

func NewContext(evt Event) *Context

NewContext return a new Context

func (*Context) AddMatchingSubExpr added in v0.66.0 

func (c *Context) AddMatchingSubExpr(valueA, valueB MatchingValue)

AddMatchingSubExpr add a expression that matched a rule

func (*Context) AppendResolvedField added in v0.62.0 

func (c *Context) AppendResolvedField(_ string)

AppendResolvedField is a no-op outside of functional tests

func (*Context) GetMatchingSubExprs added in v0.66.0 

func (c *Context) GetMatchingSubExprs() MatchingSubExprs

GetMatchingSubExprs return the matching sub expressions

func (*Context) GetResolvedFields added in v0.62.0 

func (c *Context) GetResolvedFields() []Field

GetResolvedFields returns the resolved fields, always empty outside of functional tests

func (*Context) GetScopeFieldEvaluator added in v0.68.0 

func (c *Context) GetScopeFieldEvaluator() Evaluator

GetScopeFieldEvaluator returns the current scope field evaluator in context

func (*Context) Now 

func (c *Context) Now() time.Time

Now return and cache the `now` timestamp

func (*Context) PerActionReset added in v0.68.0 

func (c *Context) PerActionReset()

PerActionReset the context

func (*Context) PerEvalReset added in v0.66.0 

func (c *Context) PerEvalReset()

PerEvalReset the context

func (*Context) Reset 

func (c *Context) Reset()

Reset the context

func (*Context) SetEvent added in v0.43.0 

func (c *Context) SetEvent(evt Event)

SetEvent set the given event to the context

func (*Context) SetScopeFieldEvaluator added in v0.68.0 

func (c *Context) SetScopeFieldEvaluator(evaluator Evaluator)

SetScopeFieldEvaluator sets the scope field evaluator during the evaluation of an action

type ContextPool 

type ContextPool struct {
	// contains filtered or unexported fields
}

ContextPool defines a pool of context

func NewContextPool 

func NewContextPool() *ContextPool

NewContextPool returns a new context pool

func (*ContextPool) Get 

func (c *ContextPool) Get(evt Event) *Context

Get returns a context with the given event

func (*ContextPool) Put 

func (c *ContextPool) Put(ctx *Context)

Put returns the context to the pool

type ErrAstToEval 

type ErrAstToEval struct {
	Pos  lexer.Position
	Text string
}

ErrAstToEval describes an error that occurred during the conversion from the AST to an evaluator

func NewArrayTypeError added in v0.34.0 

func NewArrayTypeError(pos lexer.Position, arrayKind reflect.Kind, kind reflect.Kind) *ErrAstToEval

NewArrayTypeError returns a new ErrAstToEval error when an invalid type was used

func NewCIDRTypeError added in v0.36.0 

func NewCIDRTypeError(pos lexer.Position, arrayKind reflect.Kind, kind interface{}) *ErrAstToEval

NewCIDRTypeError returns a new ErrAstToEval error when an invalid type was used

func NewError 

func NewError(pos lexer.Position, format string, vars ...interface{}) *ErrAstToEval

NewError returns a new ErrAstToEval error

func NewOpError 

func NewOpError(pos lexer.Position, op string, err error) *ErrAstToEval

NewOpError returns a new ErrAstToEval error when an operator was used in an invalid manner

func NewOpUnknownError 

func NewOpUnknownError(pos lexer.Position, op string) *ErrAstToEval

NewOpUnknownError returns a new ErrAstToEval error when an unknown operator was used

func NewRegisterMultipleFields 

func NewRegisterMultipleFields(pos lexer.Position, regID RegisterID, err error) *ErrAstToEval

NewRegisterMultipleFields returns a new ErrAstToEval error when a register is used across multiple fields

func NewRegisterNameNotAllowed 

func NewRegisterNameNotAllowed(pos lexer.Position, regID RegisterID, err error) *ErrAstToEval

NewRegisterNameNotAllowed returns a new ErrAstToEval error when a register name is not allowed

func NewTypeError 

func NewTypeError(pos lexer.Position, kind reflect.Kind) *ErrAstToEval

NewTypeError returns a new ErrAstToEval error when an invalid type was used

func (*ErrAstToEval) Error 

func (r *ErrAstToEval) Error() string

type ErrFieldNotFound 

type ErrFieldNotFound struct {
	Field string
}

ErrFieldNotFound error when a field is not present in the model

func (ErrFieldNotFound) Error 

func (e ErrFieldNotFound) Error() string

type ErrFieldReadOnly added in v0.40.0 

type ErrFieldReadOnly struct {
	Field Field
}

ErrFieldReadOnly is returned when a filter does not support being set with SetFieldValue

func (ErrFieldReadOnly) Error added in v0.40.0 

func (e ErrFieldReadOnly) Error() string

type ErrInvalidPattern 

type ErrInvalidPattern struct {
	Pattern string
}

ErrInvalidPattern is returned for an invalid regular expression

func (ErrInvalidPattern) Error 

func (e ErrInvalidPattern) Error() string

type ErrInvalidRegexp 

type ErrInvalidRegexp struct {
	Regexp string
}

ErrInvalidRegexp is returned for an invalid regular expression

func (ErrInvalidRegexp) Error 

func (e ErrInvalidRegexp) Error() string

type ErrIteratorNotSupported 

type ErrIteratorNotSupported struct {
	Field string
}

ErrIteratorNotSupported error when a field doesn't support iteration

func (ErrIteratorNotSupported) Error 

func (e ErrIteratorNotSupported) Error() string

type ErrIteratorVariable added in v0.60.0 

type ErrIteratorVariable struct {
	Err error
}

ErrIteratorVariable error when the iterator variable constraints are reached

func (ErrIteratorVariable) Error added in v0.60.0 

func (e ErrIteratorVariable) Error() string

type ErrNonStaticPattern 

type ErrNonStaticPattern struct {
	Field Field
}

ErrNonStaticPattern when pattern operator is used on a non static value

func (ErrNonStaticPattern) Error 

func (e ErrNonStaticPattern) Error() string

type ErrNotSupported 

type ErrNotSupported struct {
	Field string
}

ErrNotSupported returned when something is not supported on a field

func (ErrNotSupported) Error 

func (e ErrNotSupported) Error() string

type ErrRuleNotCompiled added in v0.34.0 

type ErrRuleNotCompiled struct {
	RuleID string
}

ErrRuleNotCompiled error returned by functions that require to have the rule compiled

func (ErrRuleNotCompiled) Error added in v0.34.0 

func (e ErrRuleNotCompiled) Error() string

type ErrRuleParse 

type ErrRuleParse struct {
	// contains filtered or unexported fields
}

ErrRuleParse describes a parsing error and its position in the expression

func (*ErrRuleParse) Error 

func (e *ErrRuleParse) Error() string

type ErrValueOutOfRange added in v0.58.0 

type ErrValueOutOfRange struct {
	Field string
}

ErrValueOutOfRange error when the given value is not having the correct range for the type

func (ErrValueOutOfRange) Error added in v0.58.0 

func (e ErrValueOutOfRange) Error() string

type ErrValueTypeMismatch 

type ErrValueTypeMismatch struct {
	Field string
}

ErrValueTypeMismatch error when the given value is not having the correct type

func (ErrValueTypeMismatch) Error 

func (e ErrValueTypeMismatch) Error() string

type Evaluator 

type Evaluator interface {
	Eval(ctx *Context) interface{}
	IsDeterministicFor(field Field) bool
	GetField() string
	IsStatic() bool
}

Evaluator is the interface of an evaluator

type Event 

type Event interface {
	// Init initialize the event
	Init()
	// GetType returns the Type of the Event
	GetType() EventType
	// GetFieldMetadata returns the Event Field Metadata for the given Field
	GetFieldMetadata(field Field) (EventType, reflect.Kind, string, error)
	// SetFieldValue sets the value of the given Field
	SetFieldValue(field Field, value interface{}) error
	// GetFieldValue returns the value of the given Field
	GetFieldValue(field Field) (interface{}, error)
	// GetTags returns a list of tags
	GetTags() []string
}

Event is an interface that an Event has to implement for the evaluation

type EventType 

type EventType = string

EventType is the type of an event

type Field 

type Field = string

Field name

type FieldValue 

type FieldValue struct {
	Value interface{}
	Type  FieldValueType
}

FieldValue describes a field value with its type

type FieldValueType 

type FieldValueType int

FieldValueType represents the type of the value of a field 

const (
	ScalarValueType   FieldValueType = 1 << 0
	GlobValueType     FieldValueType = 1 << 1
	PatternValueType  FieldValueType = 1 << 2
	RegexpValueType   FieldValueType = 1 << 3
	BitmaskValueType  FieldValueType = 1 << 4
	VariableValueType FieldValueType = 1 << 5
	IPNetValueType    FieldValueType = 1 << 6
	RangeValueType    FieldValueType = 1 << 7
)

Field value types

func (FieldValueType) MarshalJSON added in v0.48.0 

func (t FieldValueType) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON encoding of the FieldValueType

func (FieldValueType) String added in v0.48.0 

func (t FieldValueType) String() string

type Glob added in v0.34.0 

type Glob struct {
	// contains filtered or unexported fields
}

Glob describes file glob object

func NewGlob added in v0.34.0 

func NewGlob(pattern string, caseInsensitive bool, normalizePaths bool) (*Glob, error)

NewGlob returns a new glob object from the given pattern

func (*Glob) Contains added in v0.34.0 

func (g *Glob) Contains(filename string) bool

Contains returns whether the glob pattern matches the beginning of the filename

func (*Glob) Matches added in v0.34.0 

func (g *Glob) Matches(filename string) bool

Matches the given filename

type GlobStringMatcher added in v0.34.0 

type GlobStringMatcher struct {
	// contains filtered or unexported fields
}

GlobStringMatcher defines a glob pattern matcher

func (*GlobStringMatcher) Compile added in v0.34.0 

func (g *GlobStringMatcher) Compile(pattern string, caseInsensitive bool, normalizePath bool) error

Compile a simple pattern

func (*GlobStringMatcher) Contains added in v0.34.0 

func (g *GlobStringMatcher) Contains(value string) bool

Contains returns whether the pattern contains the value

func (*GlobStringMatcher) Matches added in v0.34.0 

func (g *GlobStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*GlobStringMatcher) String added in v0.66.0 

func (g *GlobStringMatcher) String() string

String implements the stringer interface

type IPArrayVariable added in v0.65.0 

type IPArrayVariable struct {
	LRU *ttlcache.Cache[string, bool]
	// contains filtered or unexported fields
}

IPArrayVariable describes a global IP array variable

func NewIPArrayVariable added in v0.65.0 

func NewIPArrayVariable(value []net.IPNet, opts VariableOpts) *IPArrayVariable

NewIPArrayVariable returns a new mutable IP array variable

func (*IPArrayVariable) Append added in v0.65.0 

func (m *IPArrayVariable) Append(_ *Context, value interface{}) error

Append a value to the array

func (*IPArrayVariable) CleanupExpired added in v0.66.0 

func (m *IPArrayVariable) CleanupExpired()

CleanupExpired cleans up expired values from the variable note that this method in only used to free up memory as expired entries are already not returned by the LRU.Keys() method

func (*IPArrayVariable) GetEvaluator added in v0.65.0 

func (m *IPArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*IPArrayVariable) GetValue added in v0.65.0 

func (m *IPArrayVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*IPArrayVariable) GetVariableOpts added in v0.68.0 

func (m *IPArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*IPArrayVariable) Set added in v0.65.0 

func (m *IPArrayVariable) Set(ctx *Context, values interface{}) error

Set the variable with the specified value

func (*IPArrayVariable) SetVariableOpts added in v0.68.0 

func (m *IPArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type IPVariable added in v0.65.0 

type IPVariable struct {
	Value net.IPNet
	// contains filtered or unexported fields
}

IPVariable describes a global IP variable

func NewIPVariable added in v0.65.0 

func NewIPVariable(value net.IPNet, opts VariableOpts) *IPVariable

NewIPVariable returns a new mutable IP variable

func (*IPVariable) Append added in v0.65.0 

func (m *IPVariable) Append(_ *Context, _ interface{}) error

Append a value to the IP

func (*IPVariable) GetEvaluator added in v0.65.0 

func (m *IPVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*IPVariable) GetValue added in v0.65.0 

func (m *IPVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*IPVariable) GetVariableOpts added in v0.68.0 

func (m *IPVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*IPVariable) Set added in v0.65.0 

func (m *IPVariable) Set(_ *Context, value interface{}) error

Set the variable with the specified value

func (*IPVariable) SetVariableOpts added in v0.68.0 

func (m *IPVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type IntArrayEvaluator 

type IntArrayEvaluator struct {
	EvalFnc     func(ctx *Context) []int
	Field       Field
	Values      []int
	Weight      int
	OpOverrides *OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

IntArrayEvaluator returns an array of int

func (*IntArrayEvaluator) AppendValues added in v0.34.0 

func (i *IntArrayEvaluator) AppendValues(values ...int)

AppendValues to the array evaluator

func (*IntArrayEvaluator) Eval 

func (i *IntArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*IntArrayEvaluator) GetField 

func (i *IntArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*IntArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (i *IntArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*IntArrayEvaluator) IsStatic added in v0.36.0 

func (i *IntArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*IntArrayEvaluator) OriginField added in v0.66.0 

func (i *IntArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type IntArrayVariable added in v0.35.0 

type IntArrayVariable struct {
	LRU *ttlcache.Cache[int, bool]
	// contains filtered or unexported fields
}

IntArrayVariable describes a mutable integer array variable

func NewIntArrayVariable added in v0.35.0 

func NewIntArrayVariable(value []int, opts VariableOpts) *IntArrayVariable

NewIntArrayVariable returns a new mutable integer array variable

func (*IntArrayVariable) Append added in v0.35.0 

func (m *IntArrayVariable) Append(_ *Context, value interface{}) error

Append a value to the array

func (*IntArrayVariable) CleanupExpired added in v0.66.0 

func (m *IntArrayVariable) CleanupExpired()

CleanupExpired cleans up expired values from the variable note that this method in only used to free up memory as expired entries are already not returned by the LRU.Keys() method

func (*IntArrayVariable) GetEvaluator added in v0.35.0 

func (m *IntArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*IntArrayVariable) GetValue added in v0.64.0 

func (m *IntArrayVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*IntArrayVariable) GetVariableOpts added in v0.68.0 

func (m *IntArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*IntArrayVariable) Set added in v0.35.0 

func (m *IntArrayVariable) Set(ctx *Context, values interface{}) error

Set the variable with the specified value

func (*IntArrayVariable) SetVariableOpts added in v0.68.0 

func (m *IntArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type IntEvaluator 

type IntEvaluator struct {
	EvalFnc     func(ctx *Context) int
	Field       Field
	Value       int
	Weight      int
	OpOverrides *OpOverrides
	Offset      int // position in the expression
	// contains filtered or unexported fields
}

IntEvaluator returns an int as result of the evaluation

func IntAnd 

func IntAnd(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntMinus added in v0.46.0 

func IntMinus(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntNot 

func IntNot(a *IntEvaluator, state *State) *IntEvaluator

IntNot ^int operator

func IntOr 

func IntOr(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntPlus added in v0.46.0 

func IntPlus(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func IntXor 

func IntXor(a *IntEvaluator, b *IntEvaluator, state *State) (*IntEvaluator, error)

func Minus 

func Minus(a *IntEvaluator, state *State) *IntEvaluator

Minus -int operator

func (*IntEvaluator) Eval 

func (i *IntEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*IntEvaluator) GetField 

func (i *IntEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*IntEvaluator) IsDeterministicFor added in v0.35.0 

func (i *IntEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*IntEvaluator) IsStatic added in v0.36.0 

func (i *IntEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*IntEvaluator) OriginField added in v0.66.0 

func (i *IntEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type IntVariable added in v0.35.0 

type IntVariable struct {
	Value int
	// contains filtered or unexported fields
}

IntVariable describes a global integer variable

func NewIntVariable added in v0.35.0 

func NewIntVariable(value int, opts VariableOpts) *IntVariable

NewIntVariable returns a new mutable integer variable

func (*IntVariable) Append added in v0.64.0 

func (m *IntVariable) Append(_ *Context, value interface{}) error

Append a value to the integer

func (*IntVariable) GetEvaluator added in v0.35.0 

func (m *IntVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*IntVariable) GetValue added in v0.64.0 

func (m *IntVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*IntVariable) GetVariableOpts added in v0.68.0 

func (m *IntVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*IntVariable) Set added in v0.64.0 

func (m *IntVariable) Set(_ *Context, value interface{}) error

Set the variable with the specified value

func (*IntVariable) SetVariableOpts added in v0.68.0 

func (m *IntVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type Macro 

type Macro struct {
	ID   MacroID
	Opts *Opts
	// contains filtered or unexported fields
}

Macro - Macro object identified by an `ID` containing a SECL `Expression`

func NewMacro added in v0.35.0 

func NewMacro(id, expression string, model Model, parsingContext *ast.ParsingContext, opts *Opts) (*Macro, error)

NewMacro parses an expression and returns a new macro

func NewStringValuesMacro added in v0.35.0 

func NewStringValuesMacro(id string, values []string, opts *Opts) (*Macro, error)

NewStringValuesMacro returns a new macro from an array of strings

func (*Macro) GenEvaluator 

func (m *Macro) GenEvaluator(expression string, model Model) error

GenEvaluator - Compiles and generates the evalutor

func (*Macro) GetAst 

func (m *Macro) GetAst() *ast.Macro

GetAst - Returns the representation of the SECL `Expression`

func (*Macro) GetEvaluator 

func (m *Macro) GetEvaluator() *MacroEvaluator

GetEvaluator - Returns the MacroEvaluator of the Macro corresponding to the SECL `Expression`

func (*Macro) GetEventType added in v0.57.0 

func (m *Macro) GetEventType() EventType

GetEventType - Returns the Event Type that the `Expression` handles

func (*Macro) GetFields 

func (m *Macro) GetFields() []Field

GetFields - Returns all the Field that the Macro handles included sub-Macro

func (*Macro) Parse 

func (m *Macro) Parse(parsingContext *ast.ParsingContext, expression string) error

Parse - Transforms the SECL `Expression` into its AST representation

type MacroEvaluator 

type MacroEvaluator struct {
	Value     interface{}
	EventType EventType
	// contains filtered or unexported fields
}

MacroEvaluator - Evaluation part of a Macro

func (*MacroEvaluator) GetFields 

func (m *MacroEvaluator) GetFields() []Field

GetFields - Returns all the Field that the MacroEvaluator handles

type MacroEvaluatorGetter added in v0.64.0 

type MacroEvaluatorGetter interface {
	GetMacroEvaluator(macroID string) (*MacroEvaluator, bool)
}

MacroEvaluatorGetter is an interface to get a MacroEvaluator

type MacroID 

type MacroID = string

MacroID - ID of a Macro

type MacroStore added in v0.38.0 

type MacroStore struct {
	// contains filtered or unexported fields
}

MacroStore represents a store of SECL Macros

func (*MacroStore) Add added in v0.43.0 

func (s *MacroStore) Add(macro *Macro) *MacroStore

Add adds a macro

func (*MacroStore) Contains added in v0.52.0 

func (s *MacroStore) Contains(id string) bool

Contains returns returns true is there is already a macro with this ID in the store

func (*MacroStore) Get added in v0.43.0 

func (s *MacroStore) Get(id MacroID) *Macro

Get returns the marcro

func (*MacroStore) GetMacroEvaluator added in v0.64.0 

func (s *MacroStore) GetMacroEvaluator(id MacroID) (*MacroEvaluator, bool)

GetMacroEvaluator returns the macro evaluator associated with the macro ID

func (*MacroStore) List added in v0.43.0 

func (s *MacroStore) List() []*Macro

List lists macros

type MatchingSubExpr added in v0.66.0 

type MatchingSubExpr struct {
	Offset int
	ValueA MatchingValue
	ValueB MatchingValue
}

MatchingSubExpr defines a boolean expression that matched

type MatchingSubExprs added in v0.66.0 

type MatchingSubExprs []MatchingSubExpr

MatchingSubExprs list of sub expression

func (*MatchingSubExprs) GetMatchingValuePos added in v0.66.0 

func (m *MatchingSubExprs) GetMatchingValuePos(expr string) []MatchingValuePos

GetMatchingValuePos return all the matching value position

type MatchingValue added in v0.66.0 

type MatchingValue struct {
	Offset int
	Field  Field
	Value  interface{}
}

MatchingValue defines a matched value

type MatchingValuePos added in v0.66.0 

type MatchingValuePos struct {
	Offset int
	Length int
	Value  interface{}
	Field  string
}

MatchingValuePos defines a position and a length in the rule expression

func (MatchingValuePos) IsZero added in v0.66.0 

func (m MatchingValuePos) IsZero() bool

IsZero returns if the pos is empty of not

type Model 

type Model interface {
	// GetEvaluator returns an evaluator for the given field
	GetEvaluator(field Field, regID RegisterID, offset int) (Evaluator, error)
	// ValidateField returns whether the value use against the field is valid, ex: for constant
	ValidateField(field Field, value FieldValue) error
	// NewEvent returns a new event instance
	NewEvent() Event
	// GetFieldRestrictions returns the event type for which the field is available
	GetFieldRestrictions(field Field) []EventType
}

Model - interface that a model has to implement for the rule compilation

type MutableSECLVariable added in v0.64.0 

type MutableSECLVariable interface {
	Variable
	MutableVariable
	SECLVariable
}

MutableSECLVariable describes the interface implemented by mutable SECL variable

type MutableVariable added in v0.35.0 

type MutableVariable interface {
	Set(ctx *Context, value interface{}) error
	Append(ctx *Context, value interface{}) error
	GetVariableOpts() VariableOpts
	SetVariableOpts(opts VariableOpts)
}

MutableVariable is the interface by variables whose value can be changed

type OpOverrides added in v0.34.0 

type OpOverrides struct {
	StringEquals         func(a *StringEvaluator, b *StringEvaluator, state *State) (*BoolEvaluator, error)
	StringValuesContains func(a *StringEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)
	StringArrayContains  func(a *StringEvaluator, b *StringArrayEvaluator, state *State) (*BoolEvaluator, error)
	StringArrayMatches   func(a *StringArrayEvaluator, b *StringValuesEvaluator, state *State) (*BoolEvaluator, error)
}

OpOverrides defines operator override functions

type Opts 

type Opts struct {
	LegacyFields  map[Field]Field
	Constants     map[string]interface{}
	VariableStore *VariableStore
	MacroStore    *MacroStore
}

Opts are the options to be passed to the evaluator

func (*Opts) AddMacro added in v0.34.0 

func (o *Opts) AddMacro(macro *Macro) *Opts

AddMacro add a macro

func (*Opts) AddVariable added in v0.43.0 

func (o *Opts) AddVariable(name string, variable SECLVariable) *Opts

AddVariable add a variable

func (*Opts) WithConstants added in v0.34.0 

func (o *Opts) WithConstants(constants map[string]interface{}) *Opts

WithConstants set constants

func (*Opts) WithLegacyFields added in v0.34.0 

func (o *Opts) WithLegacyFields(fields map[Field]Field) *Opts

WithLegacyFields set legacy fields

func (*Opts) WithMacroStore added in v0.43.0 

func (o *Opts) WithMacroStore(store *MacroStore) *Opts

WithMacroStore set the macro store

func (*Opts) WithVariableStore added in v0.43.0 

func (o *Opts) WithVariableStore(store *VariableStore) *Opts

WithVariableStore set the variable store

func (*Opts) WithVariables added in v0.34.0 

func (o *Opts) WithVariables(variables map[string]SECLVariable) *Opts

WithVariables set variables

type PatternStringMatcher added in v0.36.0 

type PatternStringMatcher struct {
	// contains filtered or unexported fields
}

PatternStringMatcher defines a pattern matcher

func (*PatternStringMatcher) Compile added in v0.36.0 

func (p *PatternStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a simple pattern

func (*PatternStringMatcher) Matches added in v0.36.0 

func (p *PatternStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*PatternStringMatcher) String added in v0.66.0 

func (p *PatternStringMatcher) String() string

String implements the stringer interface

type RegexpStringMatcher added in v0.34.0 

type RegexpStringMatcher struct {
	// contains filtered or unexported fields
}

RegexpStringMatcher defines a regular expression pattern matcher

func (*RegexpStringMatcher) Compile added in v0.34.0 

func (r *RegexpStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a regular expression based pattern

func (*RegexpStringMatcher) Matches added in v0.34.0 

func (r *RegexpStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*RegexpStringMatcher) String added in v0.66.0 

func (r *RegexpStringMatcher) String() string

String implements the stringer interface

type Register 

type Register struct {
	ID    RegisterID
	Field Field
}

Register defines an eval register

type RegisterCacheEntry added in v0.60.0 

type RegisterCacheEntry struct {
	Pos   int
	Value interface{}
}

RegisterCacheEntry used to track the value

type RegisterID 

type RegisterID = string

RegisterID identify a register ID

type Rule 

type Rule struct {
	ID         RuleID
	Expression string
	Tags       []string
	Model      Model
	Opts       *Opts
	// contains filtered or unexported fields
}

Rule - Rule object identified by an `ID` containing a SECL `Expression`

func NewRule added in v0.43.0 

func NewRule(id string, expression string, parsingContext *ast.ParsingContext, opts *Opts, tags ...string) (*Rule, error)

NewRule returns a new rule

func (*Rule) Eval 

func (r *Rule) Eval(ctx *Context) bool

Eval - Evaluates

func (*Rule) GenEvaluator 

func (r *Rule) GenEvaluator(model Model) error

GenEvaluator - Compile and generates the RuleEvaluator

func (*Rule) GetAst 

func (r *Rule) GetAst() *ast.Rule

GetAst - Returns the representation of the SECL `Expression`

func (*Rule) GetEvaluator 

func (r *Rule) GetEvaluator() *RuleEvaluator

GetEvaluator - Returns the RuleEvaluator of the Rule corresponding to the SECL `Expression`

func (*Rule) GetEventType added in v0.57.0 

func (r *Rule) GetEventType() (EventType, error)

GetEventType - Returns the event type that the `Expression` handles

func (*Rule) GetFieldValues 

func (r *Rule) GetFieldValues(field Field) []FieldValue

GetFieldValues returns the values of the given field

func (*Rule) GetFields 

func (r *Rule) GetFields() []Field

GetFields - Returns all the Field of the Rule including field of the Macro used

func (*Rule) GetPartialEval 

func (r *Rule) GetPartialEval(field Field) BoolEvalFnc

GetPartialEval - Returns the Partial RuleEvaluator for the given Field

func (*Rule) GetPprofLabels added in v0.53.0 

func (r *Rule) GetPprofLabels() utils.LabelSet

GetPprofLabels returns the pprof labels

func (*Rule) Parse 

func (r *Rule) Parse(parsingContext *ast.ParsingContext) error

Parse - Transforms the SECL `Expression` into its AST representation

func (*Rule) PartialEval 

func (r *Rule) PartialEval(ctx *Context, field Field) (bool, error)

PartialEval - Partial evaluation with the given Field

type RuleEvaluator 

type RuleEvaluator struct {
	Eval      BoolEvalFnc
	EventType EventType
	// contains filtered or unexported fields
}

RuleEvaluator - Evaluation part of a Rule

func NewRuleEvaluator added in v0.41.0 

func NewRuleEvaluator(rule *ast.Rule, model Model, opts *Opts) (*RuleEvaluator, error)

NewRuleEvaluator returns a new evaluator for a rule

func (*RuleEvaluator) GetFields 

func (r *RuleEvaluator) GetFields() []Field

GetFields - Returns all the Field that the RuleEvaluator handles

func (*RuleEvaluator) IsPartialAvailable added in v0.53.0 

func (r *RuleEvaluator) IsPartialAvailable(field Field) bool

IsPartialAvailable checks if partial have been generated for the given Field

func (*RuleEvaluator) PartialEval 

func (r *RuleEvaluator) PartialEval(ctx *Context, field Field) (bool, error)

PartialEval partially evaluation of the Rule with the given Field.

type RuleID 

type RuleID = string

RuleID - ID of a Rule

type RuleSetTagValue added in v0.46.0 

type RuleSetTagValue = string

RuleSetTagValue - Value of the "ruleset" tag

type SECLVariable added in v0.64.0 

type SECLVariable interface {
	GetEvaluator() interface{}
	GetVariableOpts() VariableOpts
	SetVariableOpts(opts VariableOpts)
}

SECLVariable describes a SECL variable value

type ScalarStringMatcher added in v0.36.0 

type ScalarStringMatcher struct {
	// contains filtered or unexported fields
}

ScalarStringMatcher defines a scalar matcher

func (*ScalarStringMatcher) Compile added in v0.36.0 

func (s *ScalarStringMatcher) Compile(pattern string, caseInsensitive bool) error

Compile a simple pattern

func (*ScalarStringMatcher) Matches added in v0.36.0 

func (s *ScalarStringMatcher) Matches(value string) bool

Matches returns whether the value matches

func (*ScalarStringMatcher) String added in v0.66.0 

func (s *ScalarStringMatcher) String() string

String implements the stringer interface

type ScopedBoolVariable added in v0.64.0 

type ScopedBoolVariable struct {
	// contains filtered or unexported fields
}

ScopedBoolVariable describes a boolean variable

func NewScopedBoolVariable added in v0.64.0 

func NewScopedBoolVariable(boolFnc func(ctx *Context) (bool, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedBoolVariable

NewScopedBoolVariable returns a new boolean variable

func (*ScopedBoolVariable) Append added in v0.64.0 

func (v *ScopedBoolVariable) Append(_ *Context, _ interface{}) error

Append a value to the variable

func (*ScopedBoolVariable) GetEvaluator added in v0.64.0 

func (b *ScopedBoolVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedBoolVariable) GetValue added in v0.64.0 

func (b *ScopedBoolVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedBoolVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedBoolVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedBoolVariable) IsMutable added in v0.64.0 

func (v *ScopedBoolVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedBoolVariable) Set added in v0.64.0 

func (v *ScopedBoolVariable) Set(ctx *Context, value interface{}) error

Set the variable with the specified value

func (*ScopedBoolVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedBoolVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedIPArrayVariable added in v0.65.0 

type ScopedIPArrayVariable struct {
	// contains filtered or unexported fields
}

ScopedIPArrayVariable describes a scoped IP array variable

func NewScopedIPArrayVariable added in v0.65.0 

func NewScopedIPArrayVariable(ipFnc func(ctx *Context) ([]net.IPNet, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedIPArrayVariable

NewScopedIPArrayVariable returns a new IP array variable

func (*ScopedIPArrayVariable) Append added in v0.65.0 

func (i *ScopedIPArrayVariable) Append(ctx *Context, value interface{}) error

Append a value to the array

func (*ScopedIPArrayVariable) GetEvaluator added in v0.65.0 

func (i *ScopedIPArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedIPArrayVariable) GetValue added in v0.65.0 

func (i *ScopedIPArrayVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedIPArrayVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedIPArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedIPArrayVariable) IsMutable added in v0.65.0 

func (v *ScopedIPArrayVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedIPArrayVariable) Set added in v0.65.0 

func (i *ScopedIPArrayVariable) Set(ctx *Context, value interface{}) error

Set the array values

func (*ScopedIPArrayVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedIPArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedIPVariable added in v0.65.0 

type ScopedIPVariable struct {
	// contains filtered or unexported fields
}

ScopedIPVariable describes a scoped IP variable

func NewScopedIPVariable added in v0.65.0 

func NewScopedIPVariable(ipFnc func(ctx *Context) (net.IPNet, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedIPVariable

NewScopedIPVariable returns a new scoped IP variable

func (*ScopedIPVariable) Append added in v0.65.0 

func (v *ScopedIPVariable) Append(_ *Context, _ interface{}) error

Append a value to the variable

func (*ScopedIPVariable) GetEvaluator added in v0.65.0 

func (i *ScopedIPVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedIPVariable) GetValue added in v0.65.0 

func (i *ScopedIPVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedIPVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedIPVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedIPVariable) IsMutable added in v0.65.0 

func (v *ScopedIPVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedIPVariable) Set added in v0.65.0 

func (v *ScopedIPVariable) Set(ctx *Context, value interface{}) error

Set the variable with the specified value

func (*ScopedIPVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedIPVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedIntArrayVariable added in v0.64.0 

type ScopedIntArrayVariable struct {
	// contains filtered or unexported fields
}

ScopedIntArrayVariable describes a scoped integer array variable

func NewScopedIntArrayVariable added in v0.64.0 

func NewScopedIntArrayVariable(intFnc func(ctx *Context) ([]int, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedIntArrayVariable

NewScopedIntArrayVariable returns a new integer array variable

func (*ScopedIntArrayVariable) Append added in v0.64.0 

func (v *ScopedIntArrayVariable) Append(ctx *Context, value interface{}) error

Append a value to the array

func (*ScopedIntArrayVariable) GetEvaluator added in v0.64.0 

func (v *ScopedIntArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedIntArrayVariable) GetValue added in v0.64.0 

func (v *ScopedIntArrayVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedIntArrayVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedIntArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedIntArrayVariable) IsMutable added in v0.64.0 

func (v *ScopedIntArrayVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedIntArrayVariable) Set added in v0.64.0 

func (v *ScopedIntArrayVariable) Set(ctx *Context, value interface{}) error

Set the array values

func (*ScopedIntArrayVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedIntArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedIntVariable added in v0.64.0 

type ScopedIntVariable struct {
	// contains filtered or unexported fields
}

ScopedIntVariable describes a scoped integer variable

func NewScopedIntVariable added in v0.64.0 

func NewScopedIntVariable(intFnc func(ctx *Context) (int, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedIntVariable

NewScopedIntVariable returns a new integer variable

func (*ScopedIntVariable) Append added in v0.64.0 

func (v *ScopedIntVariable) Append(_ *Context, _ interface{}) error

Append a value to the variable

func (*ScopedIntVariable) GetEvaluator added in v0.64.0 

func (i *ScopedIntVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedIntVariable) GetValue added in v0.64.0 

func (i *ScopedIntVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedIntVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedIntVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedIntVariable) IsMutable added in v0.64.0 

func (v *ScopedIntVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedIntVariable) Set added in v0.64.0 

func (v *ScopedIntVariable) Set(ctx *Context, value interface{}) error

Set the variable with the specified value

func (*ScopedIntVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedIntVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedStringArrayVariable added in v0.64.0 

type ScopedStringArrayVariable struct {
	// contains filtered or unexported fields
}

ScopedStringArrayVariable describes a scoped string array variable

func NewScopedStringArrayVariable added in v0.64.0 

func NewScopedStringArrayVariable(strFnc func(ctx *Context) ([]string, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedStringArrayVariable

NewScopedStringArrayVariable returns a new scoped string array variable

func (*ScopedStringArrayVariable) Append added in v0.64.0 

func (s *ScopedStringArrayVariable) Append(ctx *Context, value interface{}) error

Append a value to the array

func (*ScopedStringArrayVariable) GetEvaluator added in v0.64.0 

func (s *ScopedStringArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedStringArrayVariable) GetValue added in v0.64.0 

func (s *ScopedStringArrayVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedStringArrayVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedStringArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedStringArrayVariable) IsMutable added in v0.64.0 

func (v *ScopedStringArrayVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedStringArrayVariable) Set added in v0.64.0 

func (s *ScopedStringArrayVariable) Set(ctx *Context, value interface{}) error

Set the array values

func (*ScopedStringArrayVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedStringArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedStringVariable added in v0.64.0 

type ScopedStringVariable struct {
	// contains filtered or unexported fields
}

ScopedStringVariable describes a string variable

func NewScopedStringVariable added in v0.64.0 

func NewScopedStringVariable(strFnc func(ctx *Context) (string, bool), setFnc func(ctx *Context, value interface{}) error) *ScopedStringVariable

NewScopedStringVariable returns a new scoped string variable

func (*ScopedStringVariable) Append added in v0.64.0 

func (v *ScopedStringVariable) Append(_ *Context, _ interface{}) error

Append a value to the variable

func (*ScopedStringVariable) GetEvaluator added in v0.64.0 

func (s *ScopedStringVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*ScopedStringVariable) GetValue added in v0.64.0 

func (s *ScopedStringVariable) GetValue(ctx *Context) (interface{}, bool)

GetValue returns the variable value

func (*ScopedStringVariable) GetVariableOpts added in v0.68.0 

func (v *ScopedStringVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable options

func (*ScopedStringVariable) IsMutable added in v0.64.0 

func (v *ScopedStringVariable) IsMutable() bool

IsMutable returns whether the variable is settable

func (*ScopedStringVariable) Set added in v0.64.0 

func (v *ScopedStringVariable) Set(ctx *Context, value interface{}) error

Set the variable with the specified value

func (*ScopedStringVariable) SetVariableOpts added in v0.68.0 

func (v *ScopedStringVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type ScopedVariable added in v0.45.0 

type ScopedVariable interface {
	GetValue(ctx *Context) (interface{}, bool)
	IsMutable() bool
}

ScopedVariable is the interface implemented by scoped variables

type ScopedVariables added in v0.35.0 

type ScopedVariables struct {
	// contains filtered or unexported fields
}

ScopedVariables holds a set of scoped variables

func NewScopedVariables added in v0.35.0 

func NewScopedVariables(scoperName string, scoper Scoper) *ScopedVariables

NewScopedVariables returns a new set of scope variables

func (*ScopedVariables) CleanupExpiredVariables added in v0.66.0 

func (v *ScopedVariables) CleanupExpiredVariables()

CleanupExpiredVariables cleans up expired variables

func (*ScopedVariables) Len added in v0.45.0 

func (v *ScopedVariables) Len() int

Len returns the length of the variable map

func (*ScopedVariables) NewSECLVariable added in v0.64.0 

func (v *ScopedVariables) NewSECLVariable(name string, value any, opts VariableOpts) (SECLVariable, error)

NewSECLVariable returns new variable of the type of the specified value

func (*ScopedVariables) ReleaseVariable added in v0.35.0 

func (v *ScopedVariables) ReleaseVariable(key string)

ReleaseVariable releases a scoped variable

type Scoper added in v0.35.0 

type Scoper func(ctx *Context) VariableScope

Scoper maps a variable to the entity its scoped to

type State added in v0.34.0 

type State struct {
	// contains filtered or unexported fields
}

State defines the current state of the rule compilation

func NewState added in v0.36.0 

func NewState(model Model, field Field, macros MacroEvaluatorGetter) *State

NewState returns a new State

func (*State) UpdateFieldValues added in v0.34.0 

func (s *State) UpdateFieldValues(field Field, value FieldValue) error

UpdateFieldValues updates the field values

func (*State) UpdateFields added in v0.34.0 

func (s *State) UpdateFields(field Field)

UpdateFields updates the fields used in the rule

type StateRegexpCache added in v0.37.0 

type StateRegexpCache struct {
	// contains filtered or unexported fields
}

StateRegexpCache is used to cache regexps used in the rule compilation process

type StringArrayEvaluator 

type StringArrayEvaluator struct {
	EvalFnc       func(ctx *Context) []string
	Values        []string
	Field         Field
	Weight        int
	OpOverrides   *OpOverrides
	StringCmpOpts StringCmpOpts // only Field evaluator can set this value
	Offset        int           // position in the expression
	// contains filtered or unexported fields
}

StringArrayEvaluator returns an array of strings

func (*StringArrayEvaluator) AppendValue added in v0.34.0 

func (s *StringArrayEvaluator) AppendValue(value string)

AppendValue append the given value

func (*StringArrayEvaluator) Eval 

func (s *StringArrayEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringArrayEvaluator) GetField 

func (s *StringArrayEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringArrayEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringArrayEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringArrayEvaluator) IsStatic added in v0.36.0 

func (s *StringArrayEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringArrayEvaluator) OriginField added in v0.66.0 

func (s *StringArrayEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

type StringArrayVariable added in v0.35.0 

type StringArrayVariable struct {
	LRU *ttlcache.Cache[string, bool]
	// contains filtered or unexported fields
}

StringArrayVariable describes a mutable string array variable

func NewStringArrayVariable added in v0.35.0 

func NewStringArrayVariable(value []string, opts VariableOpts) *StringArrayVariable

NewStringArrayVariable returns a new mutable string array variable

func (*StringArrayVariable) Append added in v0.35.0 

func (m *StringArrayVariable) Append(_ *Context, value interface{}) error

Append a value to the array

func (*StringArrayVariable) CleanupExpired added in v0.66.0 

func (m *StringArrayVariable) CleanupExpired()

CleanupExpired cleans up expired values from the variable note that this method in only used to free up memory as expired entries are already not returned by the LRU.Keys() method

func (*StringArrayVariable) GetEvaluator added in v0.35.0 

func (m *StringArrayVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*StringArrayVariable) GetValue added in v0.64.0 

func (m *StringArrayVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*StringArrayVariable) GetVariableOpts added in v0.68.0 

func (m *StringArrayVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*StringArrayVariable) Set added in v0.35.0 

func (m *StringArrayVariable) Set(ctx *Context, values interface{}) error

Set the variable with the specified value

func (*StringArrayVariable) SetVariableOpts added in v0.68.0 

func (m *StringArrayVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type StringCmpOpts added in v0.36.0 

type StringCmpOpts struct {
	CaseInsensitive        bool
	PathSeparatorNormalize bool
}

StringCmpOpts defines options to apply during string comparison

type StringEvaluator 

type StringEvaluator struct {
	EvalFnc       func(ctx *Context) string
	Field         Field
	Value         string
	Weight        int
	OpOverrides   *OpOverrides
	ValueType     FieldValueType
	StringCmpOpts StringCmpOpts // only Field evaluator can set this value
	Offset        int           // position in the expression
	// contains filtered or unexported fields
}

StringEvaluator returns a string as result of the evaluation

func (*StringEvaluator) Eval 

func (s *StringEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringEvaluator) GetField 

func (s *StringEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringEvaluator) GetValue added in v0.34.0 

func (s *StringEvaluator) GetValue(ctx *Context) string

GetValue returns the evaluator value

func (*StringEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringEvaluator) IsDeterministicFor(field Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringEvaluator) IsStatic added in v0.36.0 

func (s *StringEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringEvaluator) OriginField added in v0.66.0 

func (s *StringEvaluator) OriginField() Field

OriginField returns the field involved in the sub expression

func (*StringEvaluator) ToStringMatcher added in v0.36.0 

func (s *StringEvaluator) ToStringMatcher(opts StringCmpOpts) (StringMatcher, error)

ToStringMatcher returns a StringMatcher of the evaluator

type StringMatcher added in v0.34.0 

type StringMatcher interface {
	Matches(value string) bool
	String() string
}

StringMatcher defines a pattern matcher

func NewStringMatcher added in v0.34.0 

func NewStringMatcher(kind FieldValueType, pattern string, opts StringCmpOpts) (StringMatcher, error)

NewStringMatcher returns a new string matcher

type StringValues added in v0.34.0 

type StringValues struct {
	// contains filtered or unexported fields
}

StringValues describes a set of string values, either regex or scalar

func (*StringValues) AppendFieldValue added in v0.34.0 

func (s *StringValues) AppendFieldValue(value FieldValue)

AppendFieldValue append a FieldValue

func (*StringValues) AppendScalarValue added in v0.34.0 

func (s *StringValues) AppendScalarValue(value string)

AppendScalarValue append a scalar string value

func (*StringValues) Compile added in v0.36.0 

func (s *StringValues) Compile(opts StringCmpOpts) error

Compile all the values

func (*StringValues) GetFieldValues added in v0.36.0 

func (s *StringValues) GetFieldValues() []FieldValue

GetFieldValues return the list of FieldValue stored in the StringValues

func (*StringValues) GetScalarValues added in v0.34.0 

func (s *StringValues) GetScalarValues() []string

GetScalarValues return the scalar values

func (*StringValues) GetStringMatchers added in v0.34.0 

func (s *StringValues) GetStringMatchers() []StringMatcher

GetStringMatchers return the pattern matchers

func (*StringValues) Matches added in v0.34.0 

func (s *StringValues) Matches(value string) (bool, string)

Matches returns whether the value matches the string values

func (*StringValues) SetFieldValues added in v0.34.0 

func (s *StringValues) SetFieldValues(values ...FieldValue) error

SetFieldValues apply field values

type StringValuesEvaluator added in v0.34.0 

type StringValuesEvaluator struct {
	EvalFnc func(ctx *Context) *StringValues
	Values  StringValues
	Weight  int
	Offset  int // position in the expression
}

StringValuesEvaluator returns an array of strings

func (*StringValuesEvaluator) AppendMembers added in v0.34.0 

func (s *StringValuesEvaluator) AppendMembers(members ...ast.StringMember)

AppendMembers add members to the evaluator

func (*StringValuesEvaluator) Compile added in v0.36.0 

func (s *StringValuesEvaluator) Compile(opts StringCmpOpts) error

Compile the underlying StringValues

func (*StringValuesEvaluator) Eval added in v0.34.0 

func (s *StringValuesEvaluator) Eval(ctx *Context) interface{}

Eval returns the result of the evaluation

func (*StringValuesEvaluator) GetField added in v0.34.0 

func (s *StringValuesEvaluator) GetField() string

GetField returns field name used by this evaluator

func (*StringValuesEvaluator) IsDeterministicFor added in v0.35.0 

func (s *StringValuesEvaluator) IsDeterministicFor(_ Field) bool

IsDeterministicFor returns whether the evaluator is partial

func (*StringValuesEvaluator) IsStatic added in v0.36.0 

func (s *StringValuesEvaluator) IsStatic() bool

IsStatic returns whether the evaluator is a scalar

func (*StringValuesEvaluator) SetFieldValues added in v0.34.0 

func (s *StringValuesEvaluator) SetFieldValues(values ...FieldValue) error

SetFieldValues apply field values

type StringVariable added in v0.35.0 

type StringVariable struct {
	Value string
	// contains filtered or unexported fields
}

StringVariable describes a mutable string variable

func NewStringVariable added in v0.35.0 

func NewStringVariable(value string, opts VariableOpts) *StringVariable

NewStringVariable returns a new mutable string variable

func (*StringVariable) Append added in v0.64.0 

func (m *StringVariable) Append(_ *Context, value interface{}) error

Append a value to the string

func (*StringVariable) GetEvaluator added in v0.35.0 

func (m *StringVariable) GetEvaluator() interface{}

GetEvaluator returns the variable SECL evaluator

func (*StringVariable) GetValue added in v0.64.0 

func (m *StringVariable) GetValue() (interface{}, bool)

GetValue returns the variable value

func (*StringVariable) GetVariableOpts added in v0.68.0 

func (m *StringVariable) GetVariableOpts() VariableOpts

GetVariableOpts returns the variable VariableOpts

func (*StringVariable) Set added in v0.64.0 

func (m *StringVariable) Set(_ *Context, value interface{}) error

Set the variable with the specified value

func (*StringVariable) SetVariableOpts added in v0.68.0 

func (m *StringVariable) SetVariableOpts(opts VariableOpts)

SetVariableOpts sets the variable VariableOpts

type Variable added in v0.35.0 

type Variable interface {
	GetValue() (interface{}, bool)
}

Variable is the interface implemented by variables

type VariableOpts added in v0.56.0 

type VariableOpts struct {
	Size      int
	TTL       time.Duration
	Private   bool // When a variable is marked as private, it will not be included in the serialized event
	Inherited bool
}

VariableOpts holds the options of a variable set

type VariableScope added in v0.64.0 

type VariableScope interface {
	AppendReleaseCallback(callback func())
	Hash() string
	ParentScope() (VariableScope, bool)
}

VariableScope is the interface to be implemented by scoped variable in order to be released

type VariableStore added in v0.43.0 

type VariableStore struct {
	Variables map[string]SECLVariable
}

VariableStore represents a store of SECL variables

func (*VariableStore) Add added in v0.43.0 

func (s *VariableStore) Add(name string, variable SECLVariable) *VariableStore

Add adds a variable

func (*VariableStore) Get added in v0.43.0 

func (s *VariableStore) Get(name string) SECLVariable

Get returns the variable

type Variables added in v0.35.0 

type Variables struct {
	// contains filtered or unexported fields
}

Variables holds a set of variables

func NewVariables added in v0.56.0 

func NewVariables() *Variables

NewVariables returns a new set of global variables

func (*Variables) CleanupExpiredVariables added in v0.66.0 

func (v *Variables) CleanupExpiredVariables()

CleanupExpiredVariables cleans up expired variables

func (*Variables) NewSECLVariable added in v0.64.0 

func (v *Variables) NewSECLVariable(_ string, value interface{}, opts VariableOpts) (SECLVariable, error)

NewSECLVariable returns new variable of the type of the specified value

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.