Multiple fixes (#1006)

* fix #1005 : timestamp in trigger timemachine buckets * attempt at consistent bucket order for hubtest
2021-10-12 14:09:17 +02:00 · 2021-10-12 14:09:17 +02:00 · 1bd6b8f7b9
commit 1bd6b8f7b9
parent 2961a0ed02
2 changed files with 21 additions and 3 deletions
--- a/pkg/cstest/scenario_assert.go
+++ b/pkg/cstest/scenario_assert.go
@ -7,6 +7,7 @@ import (
 	"os"
 	"regexp"
 	"sort"
+	"strings"

 	"github.com/antonmedv/expr"
 	"github.com/antonmedv/expr/vm"
@ -220,7 +221,8 @@ func (b BucketResults) Len() int {
 }

 func (b BucketResults) Less(i, j int) bool {
-	return b[i].Overflow.Alert.GetScenario() > b[j].Overflow.Alert.GetScenario()
+
+	return b[i].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@") > b[j].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@")
 }

 func (b BucketResults) Swap(i, j int) {
--- a/pkg/leakybucket/trigger.go
+++ b/pkg/leakybucket/trigger.go
@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/crowdsecurity/crowdsec/pkg/types"
+	log "github.com/sirupsen/logrus"
 )

 type Trigger struct {
@ -14,9 +15,24 @@ func (t *Trigger) OnBucketPour(b *BucketFactory) func(types.Event, *Leaky) *type
 	// Pour makes the bucket overflow all the time
 	// TriggerPour unconditionnaly overflows
 	return func(msg types.Event, l *Leaky) *types.Event {
+		if l.Mode == TIMEMACHINE {
+			var d time.Time
+			err := d.UnmarshalText([]byte(msg.MarshaledTime))
+			if err != nil {
+				log.Warningf("Failed unmarshaling event time (%s) : %v", msg.MarshaledTime, err)
+				d = time.Now()
+			}
+			l.logger.Debugf("yay timemachine overflow time : %s --> %s", d, msg.MarshaledTime)
+			l.Last_ts = d
+			l.First_ts = d
+			l.Ovflw_ts = d
+		} else {
+			l.Last_ts = time.Now()
+			l.First_ts = time.Now()
+			l.Ovflw_ts = time.Now()
+		}
 		l.Total_count = 1
-		l.First_ts = time.Now()
-		l.Ovflw_ts = time.Now()
+
 		l.logger.Infof("Bucket overflow")
 		l.Queue.Add(msg)
 		l.Out <- l.Queue