Merge pull request #17 from crowdsecurity/bug/durations

fix durations bug
crowdsecurity · Dec 12, 2020 · ba3d4da · ba3d4da
2 parents 3e022ba + e4fef86
commit ba3d4da
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 16 deletions.
diff --git a/docs/contribute.md b/docs/contribute.md
@@ -71,5 +71,5 @@ gh pr create --fill
 #### New release
 
 ```bash
-gh release create vx.x.x
+gh release create --draft vx.x.x
 ```
diff --git a/src/ApiCache.php b/src/ApiCache.php
@@ -8,6 +8,7 @@
 use Symfony\Component\Cache\PruneableInterface;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Cache\Adapter\FilesystemAdapter;
+use \DateTime;
 
 /**
  * The cache mecanism to store every decisions from LAPI/CAPI. Symfony Cache component powered.
@@ -76,7 +77,7 @@ public function configure(
     /**
      * Add remediation to a Symfony Cache Item identified by IP
      */
-    private function addRemediationToCacheItem(string $ip, string $type, int $expiration, int $decisionId): void
+    private function addRemediationToCacheItem(string $ip, string $type, int $expiration, int $decisionId): string
     {
         $item = $this->adapter->getItem($ip);
 
@@ -103,7 +104,7 @@ private function addRemediationToCacheItem(string $ip, string $type, int $expira
         $prioritizedRemediations = Remediation::sortRemediationByPriority($remediations);
 
         $item->set($prioritizedRemediations);
-        $item->expiresAfter($maxLifetime);
+        $item->expiresAt(new DateTime('@' . $maxLifetime));
 
         // Save the cache without committing it to the cache system.
         // Useful to improve performance when updating the cache.
@@ -113,6 +114,7 @@ private function addRemediationToCacheItem(string $ip, string $type, int $expira
                     "$type for $expiration sec, (decision $decisionId)"
             );
         }
+        return $prioritizedRemediations[0][0];
     }
 
     /**
@@ -143,7 +145,7 @@ private function removeDecisionFromRemediationItem(string $ip, int $decisionId):
         // Build the item lifetime in cache and sort remediations by priority
         $maxLifetime = max(array_column($remediations, 1));
         $cacheContent = Remediation::sortRemediationByPriority($remediations);
-        $item->expiresAfter($maxLifetime);
+        $item->expiresAt(new DateTime('@' . $maxLifetime));
         $item->set($cacheContent);
 
         // Save the cache without commiting it to the cache system.
@@ -174,23 +176,23 @@ private static function parseDurationToSeconds(string $duration): int
         };
         $seconds = 0;
         if (isset($matches[2])) {
-            $seconds += ((int) $matches[1]) * 3600; // hours
+            $seconds += ((int) $matches[2]) * 3600; // hours
         }
         if (isset($matches[3])) {
-            $seconds += ((int) $matches[2]) * 60; // minutes
+            $seconds += ((int) $matches[3]) * 60; // minutes
         }
         if (isset($matches[4])) {
-            $seconds += ((int) $matches[1]); // seconds
+            $seconds += ((int) $matches[4]); // seconds
         }
-        if (isset($matches[5])) { // units in milliseconds
+        if ('m' === ($matches[5])) { // units in milliseconds
             $seconds *= 0.001;
         }
-        if (isset($matches[1])) { // negative
+        if ("-" === ($matches[1])) { // negative
             $seconds *= -1;
         }
-        $seconds = round($seconds);
 
-        return (int)$seconds;
+        $seconds = (int)round($seconds);
+        return $seconds;
     }
 
 
@@ -271,8 +273,9 @@ private function removeRemediations(array $decisions): bool
     /**
      * Update the cached remediation of the specified IP from these new decisions.
      */
-    private function saveRemediationsForIp(array $decisions, string $ip): void
+    private function saveRemediationsForIp(array $decisions, string $ip): string
     {
+        $remediationResult = Constants::REMEDIATION_BYPASS;
         if (\count($decisions)) {
             foreach ($decisions as $decision) {
                 if (!in_array($decision['type'], Constants::ORDERED_REMEDIATIONS)) {
@@ -282,13 +285,14 @@ private function saveRemediationsForIp(array $decisions, string $ip): void
                     $decision['type'] = $highestRemediationLevel;
                 }
                 $remediation = $this->formatRemediationFromDecision($decision);
-                $this->addRemediationToCacheItem($ip, $remediation[0], $remediation[1], $remediation[2]);
+                $remediationResult = $this->addRemediationToCacheItem($ip, $remediation[0], $remediation[1], $remediation[2]);
             }
         } else {
             $remediation = $this->formatRemediationFromDecision(null);
-            $this->addRemediationToCacheItem($ip, $remediation[0], $remediation[1], $remediation[2]);
+            $remediationResult = $this->addRemediationToCacheItem($ip, $remediation[0], $remediation[1], $remediation[2]);
         }
         $this->adapter->commit();
+        return $remediationResult;
     }
 
     public function clear(): bool
@@ -364,8 +368,7 @@ private function miss(string $ip): string
             $decisions = $this->apiClient->getFilteredDecisions(['ip' => $ip]);
         }
 
-        $this->saveRemediationsForIp($decisions, $ip);
-        return $this->hit($ip);
+        return $this->saveRemediationsForIp($decisions, $ip);
     }
 
     /**

diff --git a/src/Configuration.php b/src/Configuration.php
@@ -46,6 +46,10 @@ public function getConfigTreeBuilder()
             ->end()
             ->end();
 
+            // TODO P2 add "live_mode_max_cache_duration" to avoid manually cache clear in this use case:
+            // A ban is set for a long period, the decision is manually deleted in the meantime:
+            // With this "live_mode_max_cache_duration" the user has not to wait for the first erroned excessive delay.
+
         return $treeBuilder;
     }
 }