1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
//! Evaluation-specific error types.
use thiserror::Error;
/// Errors that can occur during rule compilation or evaluation.
#[derive(Debug, Error)]
pub enum EvalError {
/// A regex pattern failed to compile.
#[error("invalid regex pattern: {0}")]
InvalidRegex(#[from] regex::Error),
/// A CIDR pattern failed to parse.
#[error("invalid CIDR: {0}")]
InvalidCidr(#[from] ipnet::AddrParseError),
/// A base64 operation failed.
#[error("base64 encoding error: {0}")]
Base64(String),
/// A detection referenced in a condition was not found.
#[error("unknown detection identifier: {0}")]
UnknownDetection(String),
/// A modifier combination is invalid.
#[error("invalid modifier combination: {0}")]
InvalidModifiers(String),
/// A value type is incompatible with the modifier.
#[error("incompatible value for modifier: {0}")]
IncompatibleValue(String),
/// A numeric value was expected but not found.
#[error("expected numeric value: {0}")]
ExpectedNumeric(String),
/// A parser error propagated during compilation.
#[error("parser error: {0}")]
Parser(#[from] rsigma_parser::SigmaParserError),
/// A correlation rule compilation or evaluation error.
#[error("correlation error: {0}")]
CorrelationError(String),
/// A rule referenced by a correlation was not found.
#[error("unknown rule reference: {0}")]
UnknownRuleRef(String),
/// A cycle was detected in correlation rule references.
#[error("correlation cycle detected: {0}")]
CorrelationCycle(String),
}
/// Convenience result type.
pub type Result<T> = std::result::Result<T, EvalError>;