-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathapi.go
More file actions
38 lines (32 loc) · 1.7 KB
/
api.go
File metadata and controls
38 lines (32 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package api
type ConfigDefinitions struct {
Globs map[string][]string `yaml:"Globs"`
}
type Definition struct {
Name string `yaml:"Name" json:"Name,omitempty"`
Author string `yaml:"Author" json:"Author,omitempty"`
Description string `yaml:"Description" json:"Description,omitempty"`
Email string `yaml:"Email" json:"Email,omitempty"`
Reference string `yaml:"Reference" json:"Reference,omitempty"`
Categories []string `yaml:"Categories" json:"Categories,omitempty"`
SQLiteIdentifyQuery string `yaml:"SQLiteIdentifyQuery" json:"SQLiteIdentifyQuery,omitempty"`
SQLiteIdentifyValue interface{} `yaml:"SQLiteIdentifyValue" json:"SQLiteIdentifyValue,omitempty"`
Globs []string `yaml:"Globs" json:"Globs,omitempty"`
FilenameRegex string `yaml:"FilenameRegex" json:"FilenameRegex,omitempty"`
Sources []Source `yaml:"Sources" json:"Sources,omitempty"`
Filename_ string `yaml:"Filename" json:"Filename,omitempty"`
RawData_ string `yaml:"RawData" json:"RawData,omitempty"`
}
type Source struct {
Name string `yaml:"name"`
// VQL to include prior to the VQL query - for example contains
// custom VQL functions
Preamble string `yaml:"Preamble" json:"Preamble,omitempty"`
// Specialized VQL to post process the rows. Default is a
// passthrough `SELECT * FROM Rows`
VQL string `yaml:"VQL" json:"VQL,omitempty"`
SQL string `yaml:"SQL" json:"SQL,omitempty"`
SQLiteIdentifyQuery string `json:"id_query,omitempty"`
SQLiteIdentifyValue interface{} `json:"id_value,omitempty"`
Filename string `json:"filename,omitempty"`
}