Cynet #240
Cynet #240
Conversation
|
/gcbrun |
maximelb
left a comment
maximelb
left a comment
There was a problem hiding this comment.
Code review - see inline suggestions
- Fix cleanupDedupe: queryInterval was adding nanoseconds instead of seconds - Fix resource leak: close response body immediately instead of deferred in retry loop - Add mutex for accessToken to prevent race condition - Move cleanupDedupe call outside pagination loop (once per fetch cycle) - Create fresh context per retry attempt instead of sharing one - Fix formatting alignment in all.go 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
|
|
||
| if syncTime.After(latestTime) { | ||
| latestTime = syncTime | ||
| } |
There was a problem hiding this comment.
Bug: All-duplicate responses cause timestamp to never advance
When all entities in a response are already in alertsDedupe, the continue on line 538 skips the latestTime = syncTime update, leaving latestTime at zero. This causes latestTimestamp.After(a.since) to be false, so a.since never advances. Combined with the 120-second dedup cleanup window, alerts could be re-processed as new after their dedupe entries are removed, resulting in duplicate events being sent downstream.
Additional Locations (1)
When parsing SyncTimeUtc fails, syncTime was falling back to a.since. This caused latestTimestamp.After(a.since) to be false, so a.since never advanced and the adapter would re-fetch the same time window indefinitely. Fix by using time.Now().UTC() as the fallback to ensure progress. Use OnWarning instead of OnError since this is a non-fatal condition. Also changed default lookback from 24 hours to zero (current time). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
|
/gcbrun |
3 participants
Description of the change
Type of change
Related issues
BHISSOC/tracking#22
Note
Adds a Cynet adapter that authenticates and ingests alerts from the Bulk Alerts API with pagination, dedupe, retries, and USP shipping; wired into configs and runner.
cynetadapter (cynet/client.go):CynetAdapter+CynetConfigwith site, credentials, and URL.POST /api/account/token; fetch alerts fromGET /api/alerts/bulk.Limit/Offset) and incrementalLastSeensince tracking.event-type.cynetincontainers/conf/all.go(GeneralConfigs.Cynet).containers/general/tool.goimports andrunAdapter(method == "cynet") with logging-appliedClientOptions.Written by Cursor Bugbot for commit 6586c58. This will update automatically on new commits. Configure here.