beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

cscli context detect: fix nil dereference (#2635)

Browse source 
* cscli context detect: fix nil dereference
* Remove log.warning for missing pattern
This commit is contained in:
mmetc 2023-12-05 12:08:35 +01:00 committed by GitHub
parent 8bb7da3994
commit 486f96e7ac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
cmd/crowdsec-cli/lapi.go
View file

@ -332,7 +332,7 @@ cscli lapi context detect crowdsecurity/sshd-logs
} }
// to avoid all the log.Info from the loaders functions // to avoid all the log.Info from the loaders functions
log.SetLevel(log.ErrorLevel) log.SetLevel(log.WarnLevel)
err = exprhelpers.Init(nil) err = exprhelpers.Init(nil)
if err != nil { if err != nil {
@ -499,9 +499,8 @@ func detectNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
if node.Grok.RegexpName != "" { if node.Grok.RegexpName != "" {
grokCompiled, err := parserCTX.Grok.Get(node.Grok.RegexpName) grokCompiled, err := parserCTX.Grok.Get(node.Grok.RegexpName)
if err != nil { // ignore error (parser does not exist?)
log.Warningf("Can't get subgrok: %s", err) if err == nil {
}
for _, capturedField := range grokCompiled.Names() { for _, capturedField := range grokCompiled.Names() {
fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField) fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
if !slices.Contains(ret, fieldName) { if !slices.Contains(ret, fieldName) {
@ -509,6 +508,7 @@ func detectNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
} }
} }
} }
}
if len(node.Grok.Statics) > 0 { if len(node.Grok.Statics) > 0 {
staticsField := detectStaticField(node.Grok.Statics) staticsField := detectStaticField(node.Grok.Statics)
@ -545,9 +545,8 @@ func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
} }
if subnode.Grok.RegexpName != "" { if subnode.Grok.RegexpName != "" {
grokCompiled, err := parserCTX.Grok.Get(subnode.Grok.RegexpName) grokCompiled, err := parserCTX.Grok.Get(subnode.Grok.RegexpName)
if err != nil { if err == nil {
log.Warningf("Can't get subgrok: %s", err) // ignore error (parser does not exist?)
}
for _, capturedField := range grokCompiled.Names() { for _, capturedField := range grokCompiled.Names() {
fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField) fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
if !slices.Contains(ret, fieldName) { if !slices.Contains(ret, fieldName) {
@ -555,6 +554,7 @@ func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
} }
} }
} }
}
if len(subnode.Grok.Statics) > 0 { if len(subnode.Grok.Statics) > 0 {
staticsField := detectStaticField(subnode.Grok.Statics) staticsField := detectStaticField(subnode.Grok.Statics)