def process_value_type(self, sentinel, value, resource):
if self.vtype == 'normalize' and isinstance(value, six.string_types):
return sentinel, value.strip().lower()
elif self.vtype == 'expr':
return sentinel, self.get_resource_value(value, resource)
elif self.vtype == 'integer':
try:
value = int(value.strip())
except ValueError:
value = 0
elif self.vtype == 'size':
try:
return sentinel, len(value)
except TypeError:
return sentinel, 0
elif self.vtype == 'swap':
return value, sentinel
elif self.vtype == 'age':
if not isinstance(sentinel, datetime.datetime):
sentinel = datetime.datetime.now(tz=tzutc()) - timedelta(sentinel)
if not isinstance(value, datetime.datetime):
# EMR bug when testing ages in EMR. This is due to
# EMR not having more functionality.
try:
value = parse(value, default=datetime.datetime.now(tz=tzutc()))
except (AttributeError, TypeError, ValueError):
value = 0
# Reverse the age comparison, we want to compare the value being
# greater than the sentinel typically. Else the syntax for age
# comparisons is intuitively wrong.
return value, sentinel
elif self.vtype == 'cidr':
s = parse_cidr(sentinel)
v = parse_cidr(value)
if (isinstance(s, ipaddress._BaseAddress) and isinstance(v, ipaddress._BaseNetwork)):
return v, s
return s, v
elif self.vtype == 'cidr_size':
cidr = parse_cidr(value)
if cidr:
return sentinel, cidr.prefixlen
return sentinel, 0
# Allows for expiration filtering, for events in the future as opposed
# to events in the past which age filtering allows for.
elif self.vtype == 'expiration':
if not isinstance(sentinel, datetime.datetime):
sentinel = datetime.datetime.now(tz=tzutc()) + timedelta(sentinel)
if not isinstance(value, datetime.datetime):
try:
value = parse(value, default=datetime.datetime.now(tz=tzutc()))
except (AttributeError, TypeError, ValueError):
value = 0
return sentinel, value
return sentinel, value
评论列表
文章目录
