MCPcopy
hub / github.com/crowdsecurity/crowdsec / detectSubNode

Function detectSubNode

cmd/crowdsec-cli/clilapi/context.go:363–409  ·  view source on GitHub ↗
(node parser.Node, parserCTX parser.UnixParserCtx)

Source from the content-addressed store, hash-verified

361}
362
363func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
364 ret := make([]string, 0)
365
366 for _, subnode := range node.LeavesNodes {
367 if subnode.RuntimeGrok.RunTimeRegexp != nil {
368 for _, capturedField := range subnode.RuntimeGrok.RunTimeRegexp.Names() {
369 fieldName := "evt.Parsed." + capturedField
370 if !slices.Contains(ret, fieldName) {
371 ret = append(ret, fieldName)
372 }
373 }
374 }
375
376 if subnode.Grok.RegexpName != "" {
377 grokCompiled, err := parserCTX.Grok.Get(subnode.Grok.RegexpName)
378 if err == nil {
379 // ignore error (parser does not exist?)
380 for _, capturedField := range grokCompiled.Names() {
381 fieldName := "evt.Parsed." + capturedField
382 if !slices.Contains(ret, fieldName) {
383 ret = append(ret, fieldName)
384 }
385 }
386 }
387 }
388
389 if len(subnode.Grok.Statics) > 0 {
390 staticsField := detectStaticField(subnode.Grok.Statics)
391 for _, staticField := range staticsField {
392 if !slices.Contains(ret, staticField) {
393 ret = append(ret, staticField)
394 }
395 }
396 }
397
398 if len(subnode.Statics) > 0 {
399 staticsField := detectStaticField(subnode.Statics)
400 for _, staticField := range staticsField {
401 if !slices.Contains(ret, staticField) {
402 ret = append(ret, staticField)
403 }
404 }
405 }
406 }
407
408 return ret
409}

Callers 1

newContextDetectCmdMethod · 0.85

Calls 2

detectStaticFieldFunction · 0.85
GetMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…