MCPcopy
hub / github.com/crowdsecurity/crowdsec / detectNode

Function detectNode

cmd/crowdsec-cli/clilapi/context.go:317–361  ·  view source on GitHub ↗
(node parser.Node, parserCTX parser.UnixParserCtx)

Source from the content-addressed store, hash-verified

315}
316
317func detectNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
318 ret := make([]string, 0)
319
320 if node.RuntimeGrok.RunTimeRegexp != nil {
321 for _, capturedField := range node.RuntimeGrok.RunTimeRegexp.Names() {
322 fieldName := "evt.Parsed." + capturedField
323 if !slices.Contains(ret, fieldName) {
324 ret = append(ret, fieldName)
325 }
326 }
327 }
328
329 if node.Grok.RegexpName != "" {
330 grokCompiled, err := parserCTX.Grok.Get(node.Grok.RegexpName)
331 // ignore error (parser does not exist?)
332 if err == nil {
333 for _, capturedField := range grokCompiled.Names() {
334 fieldName := "evt.Parsed." + capturedField
335 if !slices.Contains(ret, fieldName) {
336 ret = append(ret, fieldName)
337 }
338 }
339 }
340 }
341
342 if len(node.Grok.Statics) > 0 {
343 staticsField := detectStaticField(node.Grok.Statics)
344 for _, staticField := range staticsField {
345 if !slices.Contains(ret, staticField) {
346 ret = append(ret, staticField)
347 }
348 }
349 }
350
351 if len(node.Statics) > 0 {
352 staticsField := detectStaticField(node.Statics)
353 for _, staticField := range staticsField {
354 if !slices.Contains(ret, staticField) {
355 ret = append(ret, staticField)
356 }
357 }
358 }
359
360 return ret
361}
362
363func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
364 ret := make([]string, 0)

Callers 1

newContextDetectCmdMethod · 0.85

Calls 2

detectStaticFieldFunction · 0.85
GetMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…