@@ -94,6 +94,13 @@ class Router
|
||||
$path === '/config/telegram' && $method === 'PUT'
|
||||
=> $this->updateTelegramConfig(),
|
||||
|
||||
$path === '/false-positives' && $method === 'GET'
|
||||
=> $this->repo->getFalsePositives(),
|
||||
$path === '/false-positives' && $method === 'POST'
|
||||
=> $this->createFalsePositive(),
|
||||
preg_match('#^/false-positives/(\d+)$#', $path, $m) && $method === 'DELETE'
|
||||
=> $this->deleteFalsePositive((int) $m[1]),
|
||||
|
||||
default => throw new \RuntimeException('Not found', 404),
|
||||
};
|
||||
|
||||
@@ -315,4 +322,24 @@ class Router
|
||||
$this->repo->setConfig('telegram_chat_id', $body['chat_id'] ?? '');
|
||||
return $this->getTelegramConfig();
|
||||
}
|
||||
|
||||
private function createFalsePositive(): array
|
||||
{
|
||||
$body = json_decode(file_get_contents('php://input'), true);
|
||||
$pattern = $body['pattern'] ?? '';
|
||||
$description = $body['description'] ?? '';
|
||||
|
||||
if (empty($pattern)) {
|
||||
http_response_code(400);
|
||||
return ['error' => 'Missing "pattern" field'];
|
||||
}
|
||||
|
||||
return $this->repo->createFalsePositive($pattern, $description);
|
||||
}
|
||||
|
||||
private function deleteFalsePositive(int $id): array
|
||||
{
|
||||
$this->repo->deleteFalsePositive($id);
|
||||
return ['status' => 'deleted', 'id' => $id];
|
||||
}
|
||||
}
|
||||
@@ -16,6 +16,10 @@ class Engine
|
||||
|
||||
public function evaluate(string $line, ?LogSource $source = null): ?Alert
|
||||
{
|
||||
if ($this->repo->isFalsePositive($line)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$rules = $this->repo->getActiveRules();
|
||||
|
||||
foreach ($rules as $rule) {
|
||||
|
||||
@@ -156,5 +156,14 @@ $this->pdo->exec("
|
||||
INSERT OR IGNORE INTO log_entries_fts(rowid, line, source_name)
|
||||
SELECT id, line, source_name FROM log_entries
|
||||
");
|
||||
|
||||
$this->pdo->exec("
|
||||
CREATE TABLE IF NOT EXISTS false_positives (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
pattern TEXT NOT NULL,
|
||||
description TEXT NOT NULL DEFAULT '',
|
||||
created_at TEXT DEFAULT (datetime('now'))
|
||||
)
|
||||
");
|
||||
}
|
||||
}
|
||||
@@ -290,4 +290,52 @@ class Repository
|
||||
|
||||
return $row['count'] <= 1;
|
||||
}
|
||||
|
||||
// --- False Positives ---
|
||||
|
||||
public function getFalsePositives(): array
|
||||
{
|
||||
return $this->db->pdo()->query(
|
||||
"SELECT id, pattern, description, created_at FROM false_positives ORDER BY id"
|
||||
)->fetchAll();
|
||||
}
|
||||
|
||||
public function createFalsePositive(string $pattern, string $description = ''): array
|
||||
{
|
||||
$stmt = $this->db->pdo()->prepare(
|
||||
"INSERT INTO false_positives (pattern, description) VALUES (?, ?)"
|
||||
);
|
||||
$stmt->execute([$pattern, $description]);
|
||||
$id = (int) $this->db->pdo()->lastInsertId();
|
||||
return $this->getFalsePositive($id);
|
||||
}
|
||||
|
||||
public function getFalsePositive(int $id): ?array
|
||||
{
|
||||
$stmt = $this->db->pdo()->prepare(
|
||||
"SELECT id, pattern, description, created_at FROM false_positives WHERE id = ?"
|
||||
);
|
||||
$stmt->execute([$id]);
|
||||
$row = $stmt->fetch();
|
||||
return $row ?: null;
|
||||
}
|
||||
|
||||
public function deleteFalsePositive(int $id): void
|
||||
{
|
||||
$this->db->pdo()->prepare("DELETE FROM false_positives WHERE id = ?")->execute([$id]);
|
||||
}
|
||||
|
||||
public function isFalsePositive(string $line): bool
|
||||
{
|
||||
$patterns = $this->db->pdo()->query(
|
||||
"SELECT pattern FROM false_positives"
|
||||
)->fetchAll(\PDO::FETCH_COLUMN);
|
||||
|
||||
foreach ($patterns as $pattern) {
|
||||
if (preg_match($pattern, $line)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user