From 0526409bf7862329aeeb6edb4ff68956eca14c1a Mon Sep 17 00:00:00 2001
From: Marco Mariani <marco@crowdsec.net>
Date: Mon, 4 Dec 2023 22:54:27 +0100
Subject: [PATCH 1/2] cscli context detect: fix nil dereference

---
 cmd/crowdsec-cli/lapi.go | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/cmd/crowdsec-cli/lapi.go b/cmd/crowdsec-cli/lapi.go
index b2870cb200f..da4d420f277 100644
--- a/cmd/crowdsec-cli/lapi.go
+++ b/cmd/crowdsec-cli/lapi.go
@@ -332,7 +332,7 @@ cscli lapi context detect crowdsecurity/sshd-logs
 			}
 
 			// to avoid all the log.Info from the loaders functions
-			log.SetLevel(log.ErrorLevel)
+			log.SetLevel(log.WarnLevel)
 
 			err = exprhelpers.Init(nil)
 			if err != nil {
@@ -501,11 +501,12 @@ func detectNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
 		grokCompiled, err := parserCTX.Grok.Get(node.Grok.RegexpName)
 		if err != nil {
 			log.Warningf("Can't get subgrok: %s", err)
-		}
-		for _, capturedField := range grokCompiled.Names() {
-			fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
-			if !slices.Contains(ret, fieldName) {
-				ret = append(ret, fieldName)
+		} else {
+			for _, capturedField := range grokCompiled.Names() {
+				fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
+				if !slices.Contains(ret, fieldName) {
+					ret = append(ret, fieldName)
+				}
 			}
 		}
 	}
@@ -547,11 +548,12 @@ func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
 			grokCompiled, err := parserCTX.Grok.Get(subnode.Grok.RegexpName)
 			if err != nil {
 				log.Warningf("Can't get subgrok: %s", err)
-			}
-			for _, capturedField := range grokCompiled.Names() {
-				fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
-				if !slices.Contains(ret, fieldName) {
-					ret = append(ret, fieldName)
+			} else {
+				for _, capturedField := range grokCompiled.Names() {
+					fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
+					if !slices.Contains(ret, fieldName) {
+						ret = append(ret, fieldName)
+					}
 				}
 			}
 		}

From 172d0a673246c27b435f79c699e19c444891bce8 Mon Sep 17 00:00:00 2001
From: Marco Mariani <marco@crowdsec.net>
Date: Tue, 5 Dec 2023 10:46:59 +0100
Subject: [PATCH 2/2] Remove log.warning for missing pattern

---
 cmd/crowdsec-cli/lapi.go | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/cmd/crowdsec-cli/lapi.go b/cmd/crowdsec-cli/lapi.go
index 6d1cfe15d7b..9b6900a8fe8 100644
--- a/cmd/crowdsec-cli/lapi.go
+++ b/cmd/crowdsec-cli/lapi.go
@@ -499,9 +499,8 @@ func detectNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
 
 	if node.Grok.RegexpName != "" {
 		grokCompiled, err := parserCTX.Grok.Get(node.Grok.RegexpName)
-		if err != nil {
-			log.Warningf("Can't get subgrok: %s", err)
-		} else {
+		// ignore error (parser does not exist?)
+		if err == nil {
 			for _, capturedField := range grokCompiled.Names() {
 				fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
 				if !slices.Contains(ret, fieldName) {
@@ -546,9 +545,8 @@ func detectSubNode(node parser.Node, parserCTX parser.UnixParserCtx) []string {
 		}
 		if subnode.Grok.RegexpName != "" {
 			grokCompiled, err := parserCTX.Grok.Get(subnode.Grok.RegexpName)
-			if err != nil {
-				log.Warningf("Can't get subgrok: %s", err)
-			} else {
+			if err == nil {
+				// ignore error (parser does not exist?)
 				for _, capturedField := range grokCompiled.Names() {
 					fieldName := fmt.Sprintf("evt.Parsed.%s", capturedField)
 					if !slices.Contains(ret, fieldName) {