Multiple fixes (#1006)

* fix #1005 : timestamp in trigger timemachine buckets

* attempt at consistent bucket order for hubtest

pkg/cstest/scenario_assert.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"regexp"
 	"sort"
+	"strings"
 
 	"github.com/antonmedv/expr"
 	"github.com/antonmedv/expr/vm"
@@ -220,7 +221,8 @@ func (b BucketResults) Len() int {
 }
 
 func (b BucketResults) Less(i, j int) bool {
-	return b[i].Overflow.Alert.GetScenario() > b[j].Overflow.Alert.GetScenario()
+
+	return b[i].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@") > b[j].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@")
 }
 
 func (b BucketResults) Swap(i, j int) {

pkg/leakybucket/trigger.go

@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/crowdsecurity/crowdsec/pkg/types"
+	log "github.com/sirupsen/logrus"
 )
 
 type Trigger struct {
@@ -14,9 +15,24 @@ func (t *Trigger) OnBucketPour(b *BucketFactory) func(types.Event, *Leaky) *type
 	// Pour makes the bucket overflow all the time
 	// TriggerPour unconditionnaly overflows
 	return func(msg types.Event, l *Leaky) *types.Event {
+		if l.Mode == TIMEMACHINE {
+			var d time.Time
+			err := d.UnmarshalText([]byte(msg.MarshaledTime))
+			if err != nil {
+				log.Warningf("Failed unmarshaling event time (%s) : %v", msg.MarshaledTime, err)
+				d = time.Now()
+			}
+			l.logger.Debugf("yay timemachine overflow time : %s --> %s", d, msg.MarshaledTime)
+			l.Last_ts = d
+			l.First_ts = d
+			l.Ovflw_ts = d
+		} else {
+			l.Last_ts = time.Now()
+			l.First_ts = time.Now()
+			l.Ovflw_ts = time.Now()
+		}
 		l.Total_count = 1
-		l.First_ts = time.Now()
-		l.Ovflw_ts = time.Now()
+
 		l.logger.Infof("Bucket overflow")
 		l.Queue.Add(msg)
 		l.Out <- l.Queue