Merge pull request #45 from satta/time-marshaling

ensure proper time marshaling
DCSO · Aug 6, 2019 · dd443aa · dd443aa
2 parents d16cdf8 + 248b052
commit dd443aa
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/types/eve.go b/types/eve.go
@@ -23,6 +23,10 @@ func (t *suriTime) UnmarshalJSON(b []byte) error {
 	return err
 }
 
+func (t *suriTime) MarshalJSON() ([]byte, error) {
+	return []byte("\"" + t.Time.Format(SuricataTimestampFormat) + "\""), nil
+}
+
 // AlertEvent is am alert sub-object of an EVE entry.
 type AlertEvent struct {
 	Action      string `json:"action"`

diff --git a/types/eve_test.go b/types/eve_test.go
@@ -0,0 +1,48 @@
+package types
+
+// DCSO FEVER
+// Copyright (c) 2019, DCSO GmbH
+
+import (
+	"encoding/json"
+	"testing"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+func TestEVERoundtripTimestamp(t *testing.T) {
+	timeCmp, _ := time.Parse(time.RFC3339, "2019-08-06 13:30:01.690233 +0200 CEST")
+	ee := EveEvent{
+		Timestamp: &suriTime{
+			Time: timeCmp,
+		},
+		EventType: "http",
+		SrcIP:     "1.2.3.4",
+		SrcPort:   2222,
+		DestIP:    "3.4.5.6",
+		DestPort:  80,
+		Proto:     "tcp",
+		HTTP: &HTTPEvent{
+			Hostname: "test",
+			URL:      "/",
+		},
+	}
+
+	out, err := json.Marshal(ee)
+	if err != nil {
+		t.Error(err)
+	}
+
+	var inEVE EveEvent
+	err = json.Unmarshal(out, &inEVE)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !inEVE.Timestamp.Time.Equal(ee.Timestamp.Time) {
+		t.Fatalf("timestamp round-trip failed: %v <-> %v", inEVE.Timestamp, ee.Timestamp)
+	} else {
+		log.Info("timestamps ok")
+	}
+}