Fix cre report bug (#38)

tonymeehan · web-flow · commit c913861093b1 · 2025-05-14T00:53:02.000-05:00
Co-authored-by: Tony Meehan &lt;tonymeehan@users.noreply.github.com&gt;
diff --git a/internal/pkg/engine/engine.go b/internal/pkg/engine/engine.go
@@ -158,6 +158,16 @@ func compileRule(cf compiler.RuntimeI, data []byte) (compiler.ObjsT, *parser.Rul
 		log.Info().Str("id", rule.Metadata.Id).Str("cre", rule.Cre.Id).Msg("Rule")
 	}
 
+	for i := range rules.Rules {
+		var r = &rules.Rules[i]
+		if r.Metadata.Id == "" {
+			r.Metadata.Id = tree.Nodes[i].Metadata.RuleId
+		}
+		if r.Metadata.Hash == "" {
+			r.Metadata.Hash = tree.Nodes[i].Metadata.RuleHash
+		}
+	}
+
 	nodeObjs, err = compileRuleTree(cf, tree)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to compile rule tree")
@@ -292,6 +302,13 @@ func (r *RuntimeT) AddRules(rules *parser.RulesT) error {
 
 	var ok bool
 	for _, rule := range rules.Rules {
+
+		log.Info().
+			Str("id", rule.Metadata.Id).
+			Str("hash", rule.Metadata.Hash).
+			Str("cre", rule.Cre.Id).
+			Msg("Adding rule")
+
 		if _, ok = r.Rules[rule.Metadata.Hash]; !ok {
 			r.Rules[rule.Metadata.Hash] = rule.Cre
 		} else {
diff --git a/test/missing-ids.log b/test/missing-ids.log
@@ -1,10 +1,15 @@
-2019/02/05 12:07:37 [notice] 1629#1629: signal process started
-2019/02/05 12:07:37 [error] 1629#1629: open() "/run/nginx.pid" failed (2: No such file or directory)
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:80 failed (98: Address already in use)
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() to foo bar
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() to test
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:444 failed (98: Address already in use)
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() just kidding false alarm this is normal
-2019/02/05 12:07:38 [emerg] 1655#1655: bind() to [::]:444 failed (98: Address already in use)
-2019/02/05 12:07:38 [emerg] 1655#1655: still could not bind() to baaaz
-2019/02/05 12:07:41 [alert] 1631#1631: unlink() "/run/nginx.pid" failed (2: No such file or directory)
+2025-03-11 14:00:19.421865+00:00 [erro] <0.229.0> Discarding message {'$gen_cast',{force_event_refresh,#Ref<0.449530684.1179910147.46753>}} from <0.229.0> to <0.3159.0> in an old incarnation (1741605434) of this node (1741701615) <A>
+2025-03-11 14:00:19.421872+00:00 [erro] <0.229.0> Discarding message {'$gen_cast',{force_event_refresh,#Ref<0.449530684.1179910147.46753>}} from <0.229.0> to <0.3156.0> in an old incarnation (1741605434) of this node (1741701615)
+2025-03-11 14:00:19.718868+00:00 [info] <0.519.0> Started message store of type persistent for vhost '/'
+2025-03-11 14:00:20.144956+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.177194+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.217811+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.245309+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.269326+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.295177+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.318874+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:20.341291+00:00 [warn] <0.247.0> Mnesia('rabbit@rabbitmq-0.svc.cluster.local'): ** WARNING ** Mnesia is overloaded: {dump_log,write_threshold}
+2025-03-11 14:00:21.337821+00:00 [info] <0.519.0> Recovering 4540 queues of type rabbit_classic_queue took 1851ms
+2025-03-11 14:00:21.337940+00:00 [info] <0.519.0> Recovering 0 queues of type rabbit_quorum_queue took 0ms
+2025-03-11 14:00:21.338046+00:00 [info] <0.519.0> Recovering 0 queues of type rabbit_stream_queue took 0ms
+2025-03-11 14:00:21.505654+00:00 [info] <0.229.0> Running boot step empty_db_check defined by app rabbit
diff --git a/test/missing-ids.yaml b/test/missing-ids.yaml
@@ -1,15 +1,38 @@
 rules:
   - cre:
-      id: CRE-2025-2222
-      severity: 2
-      title: job failure example
+      id: CRE-2024-7777
+      severity: 0
+      title: RabbitMQ Mnesia overloaded recovering persistent queues
+      category: message-queue-problems
+      author: Prequel
+      description: |
+        - The RabbitMQ cluster is processing a large number of persistent mirrored queues at boot.
+      cause: |
+        - The Erlang process, Mnesia, is overloaded while recovering persistent queues on boot.
+      impact: |
+        - RabbitMQ is unable to process any new messages and can cause outages in consumers and producers.
+      tags:
+        - known-problem
+        - rabbitmq
+      mitigation: |
+        - Adjusting mirroring policies to limit the number of mirrored queues
+        - Remove high-availability policies from queues
+        - Add additional CPU resources and restart the RabbitMQ cluster
+        - Use [lazy queues](https://www.rabbitmq.com/docs/lazy-queues) to avoid incurring the costs of writing data to disk
+      references:
+        - https://groups.google.com/g/rabbitmq-users/c/ekV9tTBRZms/m/1EXw-ruuBQAJ
+      applications:
+        - name: "rabbitmq"
+          version: "3.9.x"
     metadata:
       gen: 1
     rule:
-      set:
-        window: 62s
+      sequence:
+        window: 30s
         event:
-          source: cre.log.app
-        match:
-          - value: "Saw completed job"
-            count: 2
+          source: rabbitmq
+        order:
+          - regex: "Discarding message(.+)in an old incarnation(.+)of this node"
+          - "Mnesia is overloaded"
+        negate:
+          - "SIGTERM received - shutting down"
diff --git a/test/preq_test.go b/test/preq_test.go
@@ -116,6 +116,10 @@ func TestSuccessExamples(t *testing.T) {
 			rulePath: "../examples/29-negate-slide-anchor-1-window.yaml",
 			dataPath: "../examples/29-example-fp-moved.log",
 		},
+		"Missing-IDs": {
+			rulePath: "missing-ids.yaml",
+			dataPath: "missing-ids.log",
+		},
 	}
 
 	ctx := context.Background()
@@ -204,10 +208,6 @@ func TestMissExamples(t *testing.T) {
 			rulePath: "../examples/30-negate-absolute.yaml",
 			dataPath: "../examples/30-example.log",
 		},
-		"Missing-IDs": {
-			rulePath: "missing-ids.yaml",
-			dataPath: "missing-ids.log",
-		},
 	}
 
 	ctx := context.Background()
