From 1bd6b8f7b9178ee341f488637f2657fe54d6950f Mon Sep 17 00:00:00 2001 From: "Thibault \"bui\" Koechlin" Date: Tue, 12 Oct 2021 14:09:17 +0200 Subject: [PATCH] Multiple fixes (#1006) * fix #1005 : timestamp in trigger timemachine buckets * attempt at consistent bucket order for hubtest --- pkg/cstest/scenario_assert.go | 4 +++- pkg/leakybucket/trigger.go | 20 ++++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/pkg/cstest/scenario_assert.go b/pkg/cstest/scenario_assert.go index 472bfad7c..a278be048 100644 --- a/pkg/cstest/scenario_assert.go +++ b/pkg/cstest/scenario_assert.go @@ -7,6 +7,7 @@ import ( "os" "regexp" "sort" + "strings" "github.com/antonmedv/expr" "github.com/antonmedv/expr/vm" @@ -220,7 +221,8 @@ func (b BucketResults) Len() int { } func (b BucketResults) Less(i, j int) bool { - return b[i].Overflow.Alert.GetScenario() > b[j].Overflow.Alert.GetScenario() + + return b[i].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@") > b[j].Overflow.Alert.GetScenario()+strings.Join(b[i].Overflow.GetSources(), "@") } func (b BucketResults) Swap(i, j int) { diff --git a/pkg/leakybucket/trigger.go b/pkg/leakybucket/trigger.go index 14f0b3bec..bcdf0e6cc 100644 --- a/pkg/leakybucket/trigger.go +++ b/pkg/leakybucket/trigger.go @@ -4,6 +4,7 @@ import ( "time" "github.com/crowdsecurity/crowdsec/pkg/types" + log "github.com/sirupsen/logrus" ) type Trigger struct { @@ -14,9 +15,24 @@ func (t *Trigger) OnBucketPour(b *BucketFactory) func(types.Event, *Leaky) *type // Pour makes the bucket overflow all the time // TriggerPour unconditionnaly overflows return func(msg types.Event, l *Leaky) *types.Event { + if l.Mode == TIMEMACHINE { + var d time.Time + err := d.UnmarshalText([]byte(msg.MarshaledTime)) + if err != nil { + log.Warningf("Failed unmarshaling event time (%s) : %v", msg.MarshaledTime, err) + d = time.Now() + } + l.logger.Debugf("yay timemachine overflow time : %s --> %s", d, msg.MarshaledTime) + l.Last_ts = d + l.First_ts = d + l.Ovflw_ts = d + } else { + l.Last_ts = time.Now() + l.First_ts = time.Now() + l.Ovflw_ts = time.Now() + } l.Total_count = 1 - l.First_ts = time.Now() - l.Ovflw_ts = time.Now() + l.logger.Infof("Bucket overflow") l.Queue.Add(msg) l.Out <- l.Queue