rsigma_eval/
error.rs

1//! Evaluation-specific error types.
2
3use thiserror::Error;
4
5/// Errors that can occur during rule compilation or evaluation.
6#[derive(Debug, Error)]
7pub enum EvalError {
8    /// A regex pattern failed to compile.
9    #[error("invalid regex pattern: {0}")]
10    InvalidRegex(#[from] regex::Error),
11
12    /// A CIDR pattern failed to parse.
13    #[error("invalid CIDR: {0}")]
14    InvalidCidr(#[from] ipnet::AddrParseError),
15
16    /// A base64 operation failed.
17    #[error("base64 encoding error: {0}")]
18    Base64(String),
19
20    /// A detection referenced in a condition was not found.
21    #[error("unknown detection identifier: {0}")]
22    UnknownDetection(String),
23
24    /// A modifier combination is invalid.
25    #[error("invalid modifier combination: {0}")]
26    InvalidModifiers(String),
27
28    /// A value type is incompatible with the modifier.
29    #[error("incompatible value for modifier: {0}")]
30    IncompatibleValue(String),
31
32    /// A numeric value was expected but not found.
33    #[error("expected numeric value: {0}")]
34    ExpectedNumeric(String),
35
36    /// A parser error propagated during compilation.
37    #[error("parser error: {0}")]
38    Parser(#[from] rsigma_parser::SigmaParserError),
39
40    /// A correlation rule compilation or evaluation error.
41    #[error("correlation error: {0}")]
42    CorrelationError(String),
43
44    /// A timestamp could not be parsed from an event field.
45    #[error("timestamp parse error: {0}")]
46    TimestampParse(String),
47
48    /// A rule referenced by a correlation was not found.
49    #[error("unknown rule reference: {0}")]
50    UnknownRuleRef(String),
51
52    /// A cycle was detected in correlation rule references.
53    #[error("correlation cycle detected: {0}")]
54    CorrelationCycle(String),
55}
56
57/// Convenience result type.
58pub type Result<T> = std::result::Result<T, EvalError>;
rsigma_eval/error.rs

rsigma_eval/
error.rs
