lint (intrange)

.golangci.yml

@@ -3,7 +3,7 @@
 linters-settings:
   cyclop:
     # lower this after refactoring
-    max-complexity: 48
+    max-complexity: 53
 
   gci:
     sections:
@@ -22,7 +22,7 @@ linters-settings:
 
   gocyclo:
     # lower this after refactoring
-    min-complexity: 48
+    min-complexity: 49
 
   funlen:
     # Checks the number of lines in a function.
@@ -82,6 +82,11 @@ linters-settings:
           - "!**/pkg/apiserver/controllers/v1/errors.go"
       yaml:
         files:
+          - "!**/cmd/notification-dummy/main.go"
+          - "!**/cmd/notification-email/main.go"
+          - "!**/cmd/notification-http/main.go"
+          - "!**/cmd/notification-slack/main.go"
+          - "!**/cmd/notification-splunk/main.go"
           - "!**/pkg/acquisition/acquisition.go"
           - "!**/pkg/acquisition/acquisition_test.go"
           - "!**/pkg/acquisition/modules/appsec/appsec.go"

cmd/crowdsec-cli/decisions.go

@@ -31,7 +31,7 @@ func (cli *cliDecisions) decisionsToTable(alerts *models.GetAlertsResponse, prin
 	spamLimit := make(map[string]bool)
 	skipped := 0
 
-	for aIdx := 0; aIdx < len(*alerts); aIdx++ {
+	for aIdx := range len(*alerts) {
 		alertItem := (*alerts)[aIdx]
 		newDecisions := make([]*models.Decision, 0)
 

cmd/crowdsec-cli/machines.go

@@ -41,7 +41,7 @@ func generatePassword(length int) string {
 
 	buf := make([]byte, length)
 
-	for i := 0; i < length; i++ {
+	for i := range length {
 		rInt, err := saferand.Int(saferand.Reader, big.NewInt(int64(charsetLength)))
 		if err != nil {
 			log.Fatalf("failed getting data from prng for password generation : %s", err)

cmd/crowdsec-cli/support.go

@@ -319,7 +319,7 @@ cscli support dump -f /tmp/crowdsec-support.zip
 `,
 		Args:              cobra.NoArgs,
 		DisableAutoGenTag: true,
-		RunE: func(_ *cobra.Command, _ []string) error {
+		Run: func(_ *cobra.Command, _ []string) {
 			var err error
 			var skipHub, skipDB, skipCAPI, skipLAPI, skipAgent bool
 			infos := map[string][]byte{
@@ -473,19 +473,15 @@ cscli support dump -f /tmp/crowdsec-support.zip
 
 			err = zipWriter.Close()
 			if err != nil {
-				return fmt.Errorf("could not finalize zip file: %s", err)
+				log.Fatalf("could not finalize zip file: %s", err)
 			}
 
-			if outFile == "-" {
-				_, err = os.Stdout.Write(w.Bytes())
-				return err
-			}
 			err = os.WriteFile(outFile, w.Bytes(), 0o600)
 			if err != nil {
-				return fmt.Errorf("could not write zip file to %s: %s", outFile, err)
+				log.Fatalf("could not write zip file to %s: %s", outFile, err)
 			}
+
 			log.Infof("Written zip file to %s", outFile)
-			return nil
 		},
 	}
 

cmd/crowdsec/crowdsec.go

@@ -65,7 +65,7 @@ func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.H
 	parsersTomb.Go(func() error {
 		parserWg.Add(1)
 
-		for i := 0; i < cConfig.Crowdsec.ParserRoutinesCount; i++ {
+		for range cConfig.Crowdsec.ParserRoutinesCount {
 			parsersTomb.Go(func() error {
 				defer trace.CatchPanic("crowdsec/runParse")
 
@@ -97,7 +97,7 @@ func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.H
 			}
 		}
 
-		for i := 0; i < cConfig.Crowdsec.BucketsRoutinesCount; i++ {
+		for range cConfig.Crowdsec.BucketsRoutinesCount {
 			bucketsTomb.Go(func() error {
 				defer trace.CatchPanic("crowdsec/runPour")
 
@@ -128,7 +128,7 @@ func runCrowdsec(cConfig *csconfig.Config, parsers *parser.Parsers, hub *cwhub.H
 	outputsTomb.Go(func() error {
 		outputWg.Add(1)
 
-		for i := 0; i < cConfig.Crowdsec.OutputRoutinesCount; i++ {
+		for range cConfig.Crowdsec.OutputRoutinesCount {
 			outputsTomb.Go(func() error {
 				defer trace.CatchPanic("crowdsec/runOutput")
 

cmd/notification-dummy/main.go

@@ -5,11 +5,10 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 	"github.com/hashicorp/go-hclog"
 	plugin "github.com/hashicorp/go-plugin"
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
-
-	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 )
 
 type PluginConfig struct {
@@ -33,7 +32,6 @@ func (s *DummyPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 	if _, ok := s.PluginConfigByName[notification.Name]; !ok {
 		return nil, fmt.Errorf("invalid plugin config name %s", notification.Name)
 	}
-
 	cfg := s.PluginConfigByName[notification.Name]
 
 	if cfg.LogLevel != nil && *cfg.LogLevel != "" {
@@ -44,22 +42,19 @@ func (s *DummyPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 	logger.Debug(notification.Text)
 
 	if cfg.OutputFile != nil && *cfg.OutputFile != "" {
-		f, err := os.OpenFile(*cfg.OutputFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644)
+		f, err := os.OpenFile(*cfg.OutputFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 		if err != nil {
 			logger.Error(fmt.Sprintf("Cannot open notification file: %s", err))
 		}
-
 		if _, err := f.WriteString(notification.Text + "\n"); err != nil {
 			f.Close()
 			logger.Error(fmt.Sprintf("Cannot write notification to file: %s", err))
 		}
-
 		err = f.Close()
 		if err != nil {
 			logger.Error(fmt.Sprintf("Cannot close notification file: %s", err))
 		}
 	}
-
 	fmt.Println(notification.Text)
 
 	return &protobufs.Empty{}, nil
@@ -69,12 +64,11 @@ func (s *DummyPlugin) Configure(ctx context.Context, config *protobufs.Config) (
 	d := PluginConfig{}
 	err := yaml.Unmarshal(config.Config, &d)
 	s.PluginConfigByName[d.Name] = d
-
 	return &protobufs.Empty{}, err
 }
 
 func main() {
-	handshake := plugin.HandshakeConfig{
+	var handshake = plugin.HandshakeConfig{
 		ProtocolVersion:  1,
 		MagicCookieKey:   "CROWDSEC_PLUGIN_KEY",
 		MagicCookieValue: os.Getenv("CROWDSEC_PLUGIN_KEY"),

cmd/notification-email/main.go

@@ -2,17 +2,15 @@ package main
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"os"
 	"time"
 
+	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 	"github.com/hashicorp/go-hclog"
 	plugin "github.com/hashicorp/go-plugin"
 	mail "github.com/xhit/go-simple-mail/v2"
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
-
-	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 )
 
 var baseLogger hclog.Logger = hclog.New(&hclog.LoggerOptions{
@@ -74,20 +72,19 @@ func (n *EmailPlugin) Configure(ctx context.Context, config *protobufs.Config) (
 	}
 
 	if d.Name == "" {
-		return nil, errors.New("name is required")
+		return nil, fmt.Errorf("name is required")
 	}
 
 	if d.SMTPHost == "" {
-		return nil, errors.New("SMTP host is not set")
+		return nil, fmt.Errorf("SMTP host is not set")
 	}
 
 	if d.ReceiverEmails == nil || len(d.ReceiverEmails) == 0 {
-		return nil, errors.New("receiver emails are not set")
+		return nil, fmt.Errorf("receiver emails are not set")
 	}
 
 	n.ConfigByName[d.Name] = d
 	baseLogger.Debug(fmt.Sprintf("Email plugin '%s' use SMTP host '%s:%d'", d.Name, d.SMTPHost, d.SMTPPort))
-
 	return &protobufs.Empty{}, nil
 }
 
@@ -95,7 +92,6 @@ func (n *EmailPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 	if _, ok := n.ConfigByName[notification.Name]; !ok {
 		return nil, fmt.Errorf("invalid plugin config name %s", notification.Name)
 	}
-
 	cfg := n.ConfigByName[notification.Name]
 
 	logger := baseLogger.Named(cfg.Name)
@@ -121,7 +117,6 @@ func (n *EmailPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 		server.ConnectTimeout, err = time.ParseDuration(cfg.ConnectTimeout)
 		if err != nil {
 			logger.Warn(fmt.Sprintf("invalid connect timeout '%s', using default '10s'", cfg.ConnectTimeout))
-
 			server.ConnectTimeout = 10 * time.Second
 		}
 	}
@@ -130,18 +125,15 @@ func (n *EmailPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 		server.SendTimeout, err = time.ParseDuration(cfg.SendTimeout)
 		if err != nil {
 			logger.Warn(fmt.Sprintf("invalid send timeout '%s', using default '10s'", cfg.SendTimeout))
-
 			server.SendTimeout = 10 * time.Second
 		}
 	}
 
 	logger.Debug("making smtp connection")
-
 	smtpClient, err := server.Connect()
 	if err != nil {
 		return &protobufs.Empty{}, err
 	}
-
 	logger.Debug("smtp connection done")
 
 	email := mail.NewMSG()
@@ -154,14 +146,12 @@ func (n *EmailPlugin) Notify(ctx context.Context, notification *protobufs.Notifi
 	if err != nil {
 		return &protobufs.Empty{}, err
 	}
-
 	logger.Info(fmt.Sprintf("sent email to %v", cfg.ReceiverEmails))
-
 	return &protobufs.Empty{}, nil
 }
 
 func main() {
-	handshake := plugin.HandshakeConfig{
+	var handshake = plugin.HandshakeConfig{
 		ProtocolVersion:  1,
 		MagicCookieKey:   "CROWDSEC_PLUGIN_KEY",
 		MagicCookieValue: os.Getenv("CROWDSEC_PLUGIN_KEY"),

cmd/notification-http/main.go

@@ -12,11 +12,10 @@ import (
 	"os"
 	"strings"
 
+	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 	"github.com/hashicorp/go-hclog"
 	plugin "github.com/hashicorp/go-plugin"
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
-
-	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 )
 
 type PluginConfig struct {
@@ -91,23 +90,18 @@ func getTLSClient(c *PluginConfig) error {
 
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
-
 	transport := &http.Transport{
 		TLSClientConfig: tlsConfig,
 	}
-
 	if c.UnixSocket != "" {
 		logger.Info(fmt.Sprintf("Using socket '%s'", c.UnixSocket))
-
 		transport.DialContext = func(_ context.Context, _, _ string) (net.Conn, error) {
 			return net.Dial("unix", strings.TrimSuffix(c.UnixSocket, "/"))
 		}
 	}
-
 	c.Client = &http.Client{
 		Transport: transport,
 	}
-
 	return nil
 }
 
@@ -115,7 +109,6 @@ func (s *HTTPPlugin) Notify(ctx context.Context, notification *protobufs.Notific
 	if _, ok := s.PluginConfigByName[notification.Name]; !ok {
 		return nil, fmt.Errorf("invalid plugin config name %s", notification.Name)
 	}
-
 	cfg := s.PluginConfigByName[notification.Name]
 
 	if cfg.LogLevel != nil && *cfg.LogLevel != "" {
@@ -128,14 +121,11 @@ func (s *HTTPPlugin) Notify(ctx context.Context, notification *protobufs.Notific
 	if err != nil {
 		return nil, err
 	}
-
 	for headerName, headerValue := range cfg.Headers {
 		logger.Debug(fmt.Sprintf("adding header %s: %s", headerName, headerValue))
 		request.Header.Add(headerName, headerValue)
 	}
-
 	logger.Debug(fmt.Sprintf("making HTTP %s call to %s with body %s", cfg.Method, cfg.URL, notification.Text))
-
 	resp, err := cfg.Client.Do(request.WithContext(ctx))
 	if err != nil {
 		logger.Error(fmt.Sprintf("Failed to make HTTP request : %s", err))
@@ -145,7 +135,7 @@ func (s *HTTPPlugin) Notify(ctx context.Context, notification *protobufs.Notific
 
 	respData, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read response body got error %w", err)
+		return nil, fmt.Errorf("failed to read response body got error %s", err)
 	}
 
 	logger.Debug(fmt.Sprintf("got response %s", string(respData)))
@@ -153,7 +143,6 @@ func (s *HTTPPlugin) Notify(ctx context.Context, notification *protobufs.Notific
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		logger.Warn(fmt.Sprintf("HTTP server returned non 200 status code: %d", resp.StatusCode))
 		logger.Debug(fmt.Sprintf("HTTP server returned body: %s", string(respData)))
-
 		return &protobufs.Empty{}, nil
 	}
 
@@ -162,25 +151,21 @@ func (s *HTTPPlugin) Notify(ctx context.Context, notification *protobufs.Notific
 
 func (s *HTTPPlugin) Configure(ctx context.Context, config *protobufs.Config) (*protobufs.Empty, error) {
 	d := PluginConfig{}
-
 	err := yaml.Unmarshal(config.Config, &d)
 	if err != nil {
 		return nil, err
 	}
-
 	err = getTLSClient(&d)
 	if err != nil {
 		return nil, err
 	}
-
 	s.PluginConfigByName[d.Name] = d
 	logger.Debug(fmt.Sprintf("HTTP plugin '%s' use URL '%s'", d.Name, d.URL))
-
 	return &protobufs.Empty{}, err
 }
 
 func main() {
-	handshake := plugin.HandshakeConfig{
+	var handshake = plugin.HandshakeConfig{
 		ProtocolVersion:  1,
 		MagicCookieKey:   "CROWDSEC_PLUGIN_KEY",
 		MagicCookieValue: os.Getenv("CROWDSEC_PLUGIN_KEY"),

cmd/notification-slack/main.go

@@ -5,12 +5,12 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 	"github.com/hashicorp/go-hclog"
 	plugin "github.com/hashicorp/go-plugin"
-	"github.com/slack-go/slack"
-	"gopkg.in/yaml.v3"
 
-	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
+	"github.com/slack-go/slack"
+	"gopkg.in/yaml.v2"
 )
 
 type PluginConfig struct {
@@ -33,16 +33,13 @@ func (n *Notify) Notify(ctx context.Context, notification *protobufs.Notificatio
 	if _, ok := n.ConfigByName[notification.Name]; !ok {
 		return nil, fmt.Errorf("invalid plugin config name %s", notification.Name)
 	}
-
 	cfg := n.ConfigByName[notification.Name]
 
 	if cfg.LogLevel != nil && *cfg.LogLevel != "" {
 		logger.SetLevel(hclog.LevelFromString(*cfg.LogLevel))
 	}
-
 	logger.Info(fmt.Sprintf("found notify signal for %s config", notification.Name))
 	logger.Debug(fmt.Sprintf("posting to %s webhook, message %s", cfg.Webhook, notification.Text))
-
 	err := slack.PostWebhookContext(ctx, n.ConfigByName[notification.Name].Webhook, &slack.WebhookMessage{
 		Text: notification.Text,
 	})
@@ -55,19 +52,16 @@ func (n *Notify) Notify(ctx context.Context, notification *protobufs.Notificatio
 
 func (n *Notify) Configure(ctx context.Context, config *protobufs.Config) (*protobufs.Empty, error) {
 	d := PluginConfig{}
-
 	if err := yaml.Unmarshal(config.Config, &d); err != nil {
 		return nil, err
 	}
-
 	n.ConfigByName[d.Name] = d
 	logger.Debug(fmt.Sprintf("Slack plugin '%s' use URL '%s'", d.Name, d.Webhook))
-
 	return &protobufs.Empty{}, nil
 }
 
 func main() {
-	handshake := plugin.HandshakeConfig{
+	var handshake = plugin.HandshakeConfig{
 		ProtocolVersion:  1,
 		MagicCookieKey:   "CROWDSEC_PLUGIN_KEY",
 		MagicCookieValue: os.Getenv("CROWDSEC_PLUGIN_KEY"),

cmd/notification-splunk/main.go

@@ -10,11 +10,11 @@ import (
 	"os"
 	"strings"
 
+	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
 	"github.com/hashicorp/go-hclog"
 	plugin "github.com/hashicorp/go-plugin"
-	"gopkg.in/yaml.v3"
 
-	"github.com/crowdsecurity/crowdsec/pkg/protobufs"
+	"gopkg.in/yaml.v2"
 )
 
 var logger hclog.Logger = hclog.New(&hclog.LoggerOptions{
@@ -44,7 +44,6 @@ func (s *Splunk) Notify(ctx context.Context, notification *protobufs.Notificatio
 	if _, ok := s.PluginConfigByName[notification.Name]; !ok {
 		return &protobufs.Empty{}, fmt.Errorf("splunk invalid config name %s", notification.Name)
 	}
-
 	cfg := s.PluginConfigByName[notification.Name]
 
 	if cfg.LogLevel != nil && *cfg.LogLevel != "" {
@@ -54,7 +53,6 @@ func (s *Splunk) Notify(ctx context.Context, notification *protobufs.Notificatio
 	logger.Info(fmt.Sprintf("received notify signal for %s config", notification.Name))
 
 	p := Payload{Event: notification.Text}
-
 	data, err := json.Marshal(p)
 	if err != nil {
 		return &protobufs.Empty{}, err
@@ -67,7 +65,6 @@ func (s *Splunk) Notify(ctx context.Context, notification *protobufs.Notificatio
 
 	req.Header.Add("Authorization", fmt.Sprintf("Splunk %s", cfg.Token))
 	logger.Debug(fmt.Sprintf("posting event %s to %s", string(data), req.URL))
-
 	resp, err := s.Client.Do(req.WithContext(ctx))
 	if err != nil {
 		return &protobufs.Empty{}, err
@@ -76,19 +73,15 @@ func (s *Splunk) Notify(ctx context.Context, notification *protobufs.Notificatio
 	if resp.StatusCode != http.StatusOK {
 		content, err := io.ReadAll(resp.Body)
 		if err != nil {
-			return &protobufs.Empty{}, fmt.Errorf("got non 200 response and failed to read error %w", err)
+			return &protobufs.Empty{}, fmt.Errorf("got non 200 response and failed to read error %s", err)
 		}
-
 		return &protobufs.Empty{}, fmt.Errorf("got non 200 response %s", string(content))
 	}
-
 	respData, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return &protobufs.Empty{}, fmt.Errorf("failed to read response body got error %w", err)
+		return &protobufs.Empty{}, fmt.Errorf("failed to read response body got error %s", err)
 	}
-
 	logger.Debug(fmt.Sprintf("got response %s", string(respData)))
-
 	return &protobufs.Empty{}, nil
 }
 
@@ -97,12 +90,11 @@ func (s *Splunk) Configure(ctx context.Context, config *protobufs.Config) (*prot
 	err := yaml.Unmarshal(config.Config, &d)
 	s.PluginConfigByName[d.Name] = d
 	logger.Debug(fmt.Sprintf("Splunk plugin '%s' use URL '%s'", d.Name, d.URL))
-
 	return &protobufs.Empty{}, err
 }
 
 func main() {
-	handshake := plugin.HandshakeConfig{
+	var handshake = plugin.HandshakeConfig{
 		ProtocolVersion:  1,
 		MagicCookieKey:   "CROWDSEC_PLUGIN_KEY",
 		MagicCookieValue: os.Getenv("CROWDSEC_PLUGIN_KEY"),

pkg/acquisition/acquisition.go

@@ -269,7 +269,7 @@ func LoadAcquisitionFromFile(config *csconfig.CrowdsecServiceCfg, prom *csconfig
 
 func GetMetrics(sources []DataSource, aggregated bool) error {
 	var metrics []prometheus.Collector
-	for i := 0; i < len(sources); i++ {
+	for i := range len(sources) {
 		if aggregated {
 			metrics = sources[i].GetMetrics()
 		} else {
@@ -343,7 +343,7 @@ func StartAcquisition(sources []DataSource, output chan types.Event, AcquisTomb
 		return nil
 	}
 
-	for i := 0; i < len(sources); i++ {
+	for i := range len(sources) {
 		subsrc := sources[i] //ensure its a copy
 		log.Debugf("starting one source %d/%d ->> %T", i, len(sources), subsrc)
 

pkg/acquisition/acquisition_test.go

@@ -322,7 +322,7 @@ func (f *MockCat) UnmarshalConfig(cfg []byte) error { return nil }
 func (f *MockCat) GetName() string                  { return "mock_cat" }
 func (f *MockCat) GetMode() string                  { return "cat" }
 func (f *MockCat) OneShotAcquisition(out chan types.Event, tomb *tomb.Tomb) error {
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		evt := types.Event{}
 		evt.Line.Src = "test"
 		out <- evt
@@ -369,7 +369,7 @@ func (f *MockTail) OneShotAcquisition(out chan types.Event, tomb *tomb.Tomb) err
 	return fmt.Errorf("can't run in cat mode")
 }
 func (f *MockTail) StreamingAcquisition(out chan types.Event, t *tomb.Tomb) error {
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		evt := types.Event{}
 		evt.Line.Src = "test"
 		out <- evt
@@ -452,7 +452,7 @@ type MockTailError struct {
 }
 
 func (f *MockTailError) StreamingAcquisition(out chan types.Event, t *tomb.Tomb) error {
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		evt := types.Event{}
 		evt.Line.Src = "test"
 		out <- evt

pkg/acquisition/modules/appsec/appsec.go

@@ -202,7 +202,7 @@ func (w *AppsecSource) Configure(yamlConfig []byte, logger *log.Entry, MetricsLe
 
 	w.AppsecRunners = make([]AppsecRunner, w.config.Routines)
 
-	for nbRoutine := 0; nbRoutine < w.config.Routines; nbRoutine++ {
+	for nbRoutine := range w.config.Routines {
 		appsecRunnerUUID := uuid.New().String()
 		//we copy AppsecRutime for each runner
 		wrt := *w.AppsecRuntime

pkg/acquisition/modules/file/file_test.go

@@ -413,7 +413,7 @@ force_inotify: true`, testPattern),
 				fd, err := os.Create("test_files/stream.log")
 				require.NoError(t, err, "could not create test file")
 
-				for i := 0; i < 5; i++ {
+				for i := range 5 {
 					_, err = fmt.Fprintf(fd, "%d\n", i)
 					if err != nil {
 						t.Fatalf("could not write test file : %s", err)

pkg/acquisition/modules/kinesis/kinesis.go

@@ -208,7 +208,7 @@ func (k *KinesisSource) decodeFromSubscription(record []byte) ([]CloudwatchSubsc
 
 func (k *KinesisSource) WaitForConsumerDeregistration(consumerName string, streamARN string) error {
 	maxTries := k.Config.MaxRetries
-	for i := 0; i < maxTries; i++ {
+	for i := range maxTries {
 		_, err := k.kClient.DescribeStreamConsumer(&kinesis.DescribeStreamConsumerInput{
 			ConsumerName: aws.String(consumerName),
 			StreamARN:    aws.String(streamARN),
@@ -249,7 +249,7 @@ func (k *KinesisSource) DeregisterConsumer() error {
 
 func (k *KinesisSource) WaitForConsumerRegistration(consumerARN string) error {
 	maxTries := k.Config.MaxRetries
-	for i := 0; i < maxTries; i++ {
+	for i := range maxTries {
 		describeOutput, err := k.kClient.DescribeStreamConsumer(&kinesis.DescribeStreamConsumerInput{
 			ConsumerARN: aws.String(consumerARN),
 		})

pkg/acquisition/modules/kinesis/kinesis_test.go

@@ -71,7 +71,7 @@ func WriteToStream(streamName string, count int, shards int, sub bool) {
 	}
 	sess := session.Must(session.NewSession())
 	kinesisClient := kinesis.New(sess, aws.NewConfig().WithEndpoint(endpoint).WithRegion("us-east-1"))
-	for i := 0; i < count; i++ {
+	for i := range count {
 		partition := "partition"
 		if shards != 1 {
 			partition = fmt.Sprintf("partition-%d", i%shards)
@@ -186,7 +186,7 @@ stream_name: stream-1-shard`,
 		//Allow the datasource to start listening to the stream
 		time.Sleep(4 * time.Second)
 		WriteToStream(f.Config.StreamName, test.count, test.shards, false)
-		for i := 0; i < test.count; i++ {
+		for i := range test.count {
 			e := <-out
 			assert.Equal(t, fmt.Sprintf("%d", i), e.Line.Raw)
 		}
@@ -233,7 +233,7 @@ stream_name: stream-2-shards`,
 		time.Sleep(4 * time.Second)
 		WriteToStream(f.Config.StreamName, test.count, test.shards, false)
 		c := 0
-		for i := 0; i < test.count; i++ {
+		for range test.count {
 			<-out
 			c += 1
 		}
@@ -281,7 +281,7 @@ from_subscription: true`,
 		//Allow the datasource to start listening to the stream
 		time.Sleep(4 * time.Second)
 		WriteToStream(f.Config.StreamName, test.count, test.shards, true)
-		for i := 0; i < test.count; i++ {
+		for i := range test.count {
 			e := <-out
 			assert.Equal(t, fmt.Sprintf("%d", i), e.Line.Raw)
 		}

pkg/acquisition/modules/loki/loki_test.go

@@ -276,7 +276,7 @@ func feedLoki(logger *log.Entry, n int, title string) error {
 			},
 		},
 	}
-	for i := 0; i < n; i++ {
+	for i := range n {
 		streams.Streams[0].Values[i] = LogValue{
 			Time: time.Now(),
 			Line: fmt.Sprintf("Log line #%d %v", i, title),

pkg/acquisition/modules/syslog/internal/parser/utils/utils.go

@@ -34,7 +34,7 @@ func isValidHostname(s string) bool {
 	last := byte('.')
 	nonNumeric := false // true once we've seen a letter or hyphen
 	partlen := 0
-	for i := 0; i < len(s); i++ {
+	for i := range len(s) {
 		c := s[i]
 		switch {
 		default:

pkg/apiclient/auth_retry.go

@@ -41,7 +41,7 @@ func (r retryRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)
 		maxAttempts = 1
 	}
 
-	for i := 0; i < maxAttempts; i++ {
+	for i := range maxAttempts {
 		if i > 0 {
 			if r.withBackOff {
 				//nolint:gosec

pkg/apiserver/apic_test.go

@@ -1076,7 +1076,7 @@ func TestAPICPush(t *testing.T) {
 			expectedCalls: 2,
 			alerts: func() []*models.Alert {
 				alerts := make([]*models.Alert, 100)
-				for i := 0; i < 100; i++ {
+				for i := range 100 {
 					alerts[i] = &models.Alert{
 						Scenario:        ptr.Of("crowdsec/test"),
 						ScenarioHash:    ptr.Of("certified"),

pkg/apiserver/controllers/v1/alerts.go

@@ -109,7 +109,7 @@ func FormatAlerts(result []*ent.Alert) models.AddAlertsRequest {
 func (c *Controller) sendAlertToPluginChannel(alert *models.Alert, profileID uint) {
 	if c.PluginChannel != nil {
 	RETRY:
-		for try := 0; try < 3; try++ {
+		for try := range 3 {
 			select {
 			case c.PluginChannel <- csplugin.ProfileAlert{ProfileID: profileID, Alert: alert}:
 				log.Debugf("alert sent to Plugin channel")

pkg/csplugin/watcher_test.go

@@ -34,7 +34,7 @@ func resetWatcherAlertCounter(pw *PluginWatcher) {
 }
 
 func insertNAlertsToPlugin(pw *PluginWatcher, n int, pluginName string) {
-	for i := 0; i < n; i++ {
+	for range n {
 		pw.Inserts <- pluginName
 	}
 }

pkg/exprhelpers/debugger.go

@@ -346,7 +346,7 @@ func (erp ExprRuntimeDebug) ipDebug(ip int, vm *vm.VM, program *vm.Program, part
 }
 
 func (erp ExprRuntimeDebug) ipSeek(ip int) []string {
-	for i := 0; i < len(erp.Lines); i++ {
+	for i := range len(erp.Lines) {
 		parts := strings.Split(erp.Lines[i], "\t")
 		if parts[0] == strconv.Itoa(ip) {
 			return parts

pkg/exprhelpers/helpers.go

@@ -216,7 +216,7 @@ func flatten(args []interface{}, v reflect.Value) []interface{} {
 	}
 
 	if v.Kind() == reflect.Array || v.Kind() == reflect.Slice {
-		for i := 0; i < v.Len(); i++ {
+		for i := range v.Len() {
 			args = flatten(args, v.Index(i))
 		}
 	} else {

pkg/leakybucket/manager_run.go

@@ -298,7 +298,7 @@ func PourItemToHolders(parsed types.Event, holders []BucketFactory, buckets *Buc
 		BucketPourCache["OK"] = append(BucketPourCache["OK"], evt.(types.Event))
 	}
 	//find the relevant holders (scenarios)
-	for idx := 0; idx < len(holders); idx++ {
+	for idx := range len(holders) {
 		//for idx, holder := range holders {
 
 		//evaluate bucket's condition

pkg/parser/node.go

@@ -65,27 +65,26 @@ type Node struct {
 }
 
 func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error {
+
 	//stage is being set automagically
 	if n.Stage == "" {
-		return errors.New("stage needs to be an existing stage")
+		return fmt.Errorf("stage needs to be an existing stage")
 	}
 
 	/* "" behaves like continue */
 	if n.OnSuccess != "continue" && n.OnSuccess != "next_stage" && n.OnSuccess != "" {
 		return fmt.Errorf("onsuccess '%s' not continue,next_stage", n.OnSuccess)
 	}
-
 	if n.Filter != "" && n.RunTimeFilter == nil {
 		return fmt.Errorf("non-empty filter '%s' was not compiled", n.Filter)
 	}
 
 	if n.Grok.RunTimeRegexp != nil || n.Grok.TargetField != "" {
 		if n.Grok.TargetField == "" && n.Grok.ExpValue == "" {
-			return errors.New("grok requires 'expression' or 'apply_on'")
+			return fmt.Errorf("grok requires 'expression' or 'apply_on'")
 		}
-
 		if n.Grok.RegexpName == "" && n.Grok.RegexpValue == "" {
-			return errors.New("grok needs 'pattern' or 'name'")
+			return fmt.Errorf("grok needs 'pattern' or 'name'")
 		}
 	}
 
@@ -94,7 +93,6 @@ func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error {
 			if static.ExpValue == "" {
 				return fmt.Errorf("static %d : when method is set, expression must be present", idx)
 			}
-
 			if _, ok := ectx.Registered[static.Method]; !ok {
 				log.Warningf("the method '%s' doesn't exist or the plugin has not been initialized", static.Method)
 			}
@@ -102,7 +100,6 @@ func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error {
 			if static.Meta == "" && static.Parsed == "" && static.TargetByName == "" {
 				return fmt.Errorf("static %d : at least one of meta/event/target must be set", idx)
 			}
-
 			if static.Value == "" && static.RunTimeValue == nil {
 				return fmt.Errorf("static %d value or expression must be set", idx)
 			}
@@ -113,19 +110,15 @@ func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error {
 		if stash.Name == "" {
 			return fmt.Errorf("stash %d : name must be set", idx)
 		}
-
 		if stash.Value == "" {
 			return fmt.Errorf("stash %s : value expression must be set", stash.Name)
 		}
-
 		if stash.Key == "" {
 			return fmt.Errorf("stash %s : key expression must be set", stash.Name)
 		}
-
 		if stash.TTL == "" {
 			return fmt.Errorf("stash %s : ttl must be set", stash.Name)
 		}
-
 		if stash.Strategy == "" {
 			stash.Strategy = "LRU"
 		}
@@ -134,23 +127,23 @@ func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error {
 			stash.MaxMapSize = 100
 		}
 	}
-
 	return nil
 }
 
-func (n *Node) processFilter(cachedExprEnv map[string]interface{}) (bool, error) {
+func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[string]interface{}) (bool, error) {
+	var NodeState bool
+	var NodeHasOKGrok bool
 	clog := n.Logger
-	if n.RunTimeFilter == nil {
-		clog.Tracef("Node has not filter, enter")
-		return true, nil
-	}
 
+	cachedExprEnv := expressionEnv
+
+	clog.Tracef("Event entering node")
+	if n.RunTimeFilter != nil {
 		//Evaluate node's filter
 		output, err := exprhelpers.Run(n.RunTimeFilter, cachedExprEnv, clog, n.Debug)
 		if err != nil {
 			clog.Warningf("failed to run filter : %v", err)
 			clog.Debugf("Event leaving node : ko")
-
 			return false, nil
 		}
 
@@ -163,26 +156,26 @@ func (n *Node) processFilter(cachedExprEnv map[string]interface{}) (bool, error)
 		default:
 			clog.Warningf("Expr '%s' returned non-bool, abort : %T", n.Filter, output)
 			clog.Debugf("Event leaving node : ko")
-
 			return false, nil
 		}
-
+		NodeState = true
-	return true, nil
+	} else {
+		clog.Tracef("Node has not filter, enter")
+		NodeState = true
 	}
 
-func (n *Node) processWhitelist(cachedExprEnv map[string]interface{}, p *types.Event) (bool, error) {
+	if n.Name != "" {
-	var exprErr error
+		NodesHits.With(prometheus.Labels{"source": p.Line.Src, "type": p.Line.Module, "name": n.Name}).Inc()
-
+	}
+	exprErr := error(nil)
 	isWhitelisted := n.CheckIPsWL(p)
 	if !isWhitelisted {
 		isWhitelisted, exprErr = n.CheckExprWL(cachedExprEnv, p)
 	}
-
 	if exprErr != nil {
 		// Previous code returned nil if there was an error, so we keep this behavior
 		return false, nil //nolint:nilerr
 	}
-
 	if isWhitelisted && !p.Whitelisted {
 		p.Whitelisted = true
 		p.WhitelistReason = n.Whitelist.Reason
@@ -192,46 +185,13 @@ func (n *Node) processWhitelist(cachedExprEnv map[string]interface{}, p *types.E
 			for k := range p.Overflow.Sources {
 				ips = append(ips, k)
 			}
-
+			clog.Infof("Ban for %s whitelisted, reason [%s]", strings.Join(ips, ","), n.Whitelist.Reason)
-			n.Logger.Infof("Ban for %s whitelisted, reason [%s]", strings.Join(ips, ","), n.Whitelist.Reason)
-
 			p.Overflow.Whitelisted = true
 		}
 	}
 
-	return isWhitelisted, nil
-}
-
-func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[string]interface{}) (bool, error) {
-	var NodeHasOKGrok bool
-
-	clog := n.Logger
-
-	cachedExprEnv := expressionEnv
-
-	clog.Tracef("Event entering node")
-
-	NodeState, err := n.processFilter(cachedExprEnv)
-	if err != nil {
-		return false, err
-	}
-
-	if !NodeState {
-		return false, nil
-	}
-
-	if n.Name != "" {
-		NodesHits.With(prometheus.Labels{"source": p.Line.Src, "type": p.Line.Module, "name": n.Name}).Inc()
-	}
-
-	isWhitelisted, err := n.processWhitelist(cachedExprEnv, p)
-	if err != nil {
-		return false, err
-	}
-
 	//Process grok if present, should be exclusive with nodes :)
 	gstr := ""
-
 	if n.Grok.RunTimeRegexp != nil {
 		clog.Tracef("Processing grok pattern : %s : %p", n.Grok.RegexpName, n.Grok.RunTimeRegexp)
 		//for unparsed, parsed etc. set sensible defaults to reduce user hassle
@@ -251,7 +211,6 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 				clog.Warningf("failed to run RunTimeValue : %v", err)
 				NodeState = false
 			}
-
 			switch out := output.(type) {
 			case string:
 				gstr = out
@@ -270,12 +229,10 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 		} else {
 			groklabel = n.Grok.RegexpName
 		}
-
 		grok := n.Grok.RunTimeRegexp.Parse(gstr)
 		if len(grok) > 0 {
 			/*tag explicitly that the *current* node had a successful grok pattern. it's important to know success state*/
 			NodeHasOKGrok = true
-
 			clog.Debugf("+ Grok '%s' returned %d entries to merge in Parsed", groklabel, len(grok))
 			//We managed to grok stuff, merged into parse
 			for k, v := range grok {
@@ -293,6 +250,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 			clog.Debugf("+ Grok '%s' didn't return data on '%s'", groklabel, gstr)
 			NodeState = false
 		}
+
 	} else {
 		clog.Tracef("! No grok pattern : %p", n.Grok.RunTimeRegexp)
 	}
@@ -300,16 +258,12 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 	//Process the stash (data collection) if : a grok was present and succeeded, or if there is no grok
 	if NodeHasOKGrok || n.Grok.RunTimeRegexp == nil {
 		for idx, stash := range n.Stash {
-			var (
+			var value string
-				key   string
+			var key string
-				value string
-			)
-
 			if stash.ValueExpression == nil {
 				clog.Warningf("Stash %d has no value expression, skipping", idx)
 				continue
 			}
-
 			if stash.KeyExpression == nil {
 				clog.Warningf("Stash %d has no key expression, skipping", idx)
 				continue
@@ -353,9 +307,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 			clog.Debugf("Event leaving node : ko")
 			return false, err
 		}
-
 		clog.Tracef("\tsub-node (%s) ret : %v (strategy:%s)", leaf.rn, ret, n.OnSuccess)
-
 		if ret {
 			NodeState = true
 			/* if child is successful, stop processing */
@@ -381,9 +333,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 		if n.Name != "" {
 			NodesHitsKo.With(prometheus.Labels{"source": p.Line.Src, "type": p.Line.Module, "name": n.Name}).Inc()
 		}
-
 		clog.Debugf("Event leaving node : ko")
-
 		return NodeState, nil
 	}
 
@@ -410,7 +360,6 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 	if NodeState {
 		clog.Debugf("Event leaving node : ok")
 		log.Tracef("node is successful, check strategy")
-
 		if n.OnSuccess == "next_stage" {
 			idx := stageidx(p.Stage, ctx.Stages)
 			//we're at the last stage
@@ -426,16 +375,15 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
 	} else {
 		clog.Debugf("Event leaving node : ko")
 	}
-
 	clog.Tracef("Node successful, continue")
-
 	return NodeState, nil
 }
 
 func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 	var err error
+	var valid bool
 
-	valid := false
+	valid = false
 
 	dumpr := spew.ConfigState{MaxDepth: 1, DisablePointerAddresses: true}
 	n.rn = seed.Generate()
@@ -445,11 +393,10 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 	/* if the node has debugging enabled, create a specific logger with debug
 	that will be used only for processing this node ;) */
 	if n.Debug {
-		clog := log.New()
+		var clog = log.New()
 		if err = types.ConfigureLogger(clog); err != nil {
 			log.Fatalf("While creating bucket-specific logger : %s", err)
 		}
-
 		clog.SetLevel(log.DebugLevel)
 		n.Logger = clog.WithFields(log.Fields{
 			"id": n.rn,
@@ -478,15 +425,12 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 	/* handle pattern_syntax and groks */
 	for _, pattern := range n.SubGroks {
 		n.Logger.Tracef("Adding subpattern '%s' : '%s'", pattern.Key, pattern.Value)
-
 		if err = pctx.Grok.Add(pattern.Key.(string), pattern.Value.(string)); err != nil {
 			if errors.Is(err, grokky.ErrAlreadyExist) {
 				n.Logger.Warningf("grok '%s' already registred", pattern.Key)
 				continue
 			}
-
 			n.Logger.Errorf("Unable to compile subpattern %s : %v", pattern.Key, err)
-
 			return err
 		}
 	}
@@ -494,36 +438,28 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 	/* load grok by name or compile in-place */
 	if n.Grok.RegexpName != "" {
 		n.Logger.Tracef("+ Regexp Compilation '%s'", n.Grok.RegexpName)
-
 		n.Grok.RunTimeRegexp, err = pctx.Grok.Get(n.Grok.RegexpName)
 		if err != nil {
 			return fmt.Errorf("unable to find grok '%s' : %v", n.Grok.RegexpName, err)
 		}
-
 		if n.Grok.RunTimeRegexp == nil {
 			return fmt.Errorf("empty grok '%s'", n.Grok.RegexpName)
 		}
-
 		n.Logger.Tracef("%s regexp: %s", n.Grok.RegexpName, n.Grok.RunTimeRegexp.String())
-
 		valid = true
 	} else if n.Grok.RegexpValue != "" {
 		if strings.HasSuffix(n.Grok.RegexpValue, "\n") {
 			n.Logger.Debugf("Beware, pattern ends with \\n : '%s'", n.Grok.RegexpValue)
 		}
-
 		n.Grok.RunTimeRegexp, err = pctx.Grok.Compile(n.Grok.RegexpValue)
 		if err != nil {
 			return fmt.Errorf("failed to compile grok '%s': %v", n.Grok.RegexpValue, err)
 		}
-
 		if n.Grok.RunTimeRegexp == nil {
 			// We shouldn't be here because compilation succeeded, so regexp shouldn't be nil
 			return fmt.Errorf("grok compilation failure: %s", n.Grok.RegexpValue)
 		}
-
 		n.Logger.Tracef("%s regexp : %s", n.Grok.RegexpValue, n.Grok.RunTimeRegexp.String())
-
 		valid = true
 	}
 
@@ -546,7 +482,6 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 				return err
 			}
 		}
-
 		valid = true
 	}
 
@@ -591,18 +526,14 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 		if !n.LeavesNodes[idx].Debug && n.Debug {
 			n.LeavesNodes[idx].Debug = true
 		}
-
 		if !n.LeavesNodes[idx].Profiling && n.Profiling {
 			n.LeavesNodes[idx].Profiling = true
 		}
-
 		n.LeavesNodes[idx].Stage = n.Stage
-
 		err = n.LeavesNodes[idx].compile(pctx, ectx)
 		if err != nil {
 			return err
 		}
-
 		valid = true
 	}
 
@@ -615,7 +546,6 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 				return err
 			}
 		}
-
 		valid = true
 	}
 
@@ -624,15 +554,13 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
 	if err != nil {
 		return err
 	}
-
 	valid = valid || whitelistValid
 
 	if !valid {
 		/* node is empty, error force return */
 		n.Logger.Error("Node is empty or invalid, abort")
 		n.Stage = ""
-
+		return fmt.Errorf("Node is empty")
-		return errors.New("Node is empty")
 	}
 
 	if err := n.validate(pctx, ectx); err != nil {

pkg/parser/parsing_test.go

@@ -129,7 +129,7 @@ func testOneParser(pctx *UnixParserCtx, ectx EnricherCtx, dir string, b *testing
 		count = b.N
 		b.ResetTimer()
 	}
-	for n := 0; n < count; n++ {
+	for range count {
 		if testFile(tests, *pctx, pnodes) != true {
 			return fmt.Errorf("test failed !")
 		}
@@ -239,7 +239,7 @@ func matchEvent(expected types.Event, out types.Event, debug bool) ([]string, bo
 		valid = true
 	}
 
-	for mapIdx := 0; mapIdx < len(expectMaps); mapIdx++ {
+	for mapIdx := range len(expectMaps) {
 		for expKey, expVal := range expectMaps[mapIdx] {
 			if outVal, ok := outMaps[mapIdx][expKey]; ok {
 				if outVal == expVal { //ok entry