[New] tests: --json-report list sort + started_epoch regressions; issue #483

rfxn · rfxn · commit 4b01f8a3a013 · 2026-04-18T18:31:17.000-05:00
[New] tests/31-json-report.bats: 3 new cases — (1) reports[] sorted by
      started_epoch descending across TSV + legacy passes, (2) started_epoch
      present as integer and matches date -d on started string, (3) legacy
      session entries derive started_epoch via pass-2 date fallback.
[Change] CHANGELOG + CHANGELOG.RELEASE: note test coverage in v2.0.1
      Bug Fixes.
diff --git a/CHANGELOG b/CHANGELOG
@@ -334,6 +334,8 @@ v2.0.1 | Mar 25 2026:
 [New] --json-report list: reports[] entries include started_epoch integer
       field for machine-readable absolute timestamps; additive schema
       change (existing "started" string preserved); issue #483
+[New] tests: 3 BATS regressions for --json-report list sort order,
+      started_epoch field, and legacy-session epoch derivation; issue #483
 
 v1.6.6.1 | Feb 25 2025:
 [Fix] find_recentopts incorrectly escaping find options to the right of ( -mtime .. -ctime ); previously normalized by eval; issue #440, pr#442
diff --git a/CHANGELOG.RELEASE b/CHANGELOG.RELEASE
@@ -334,3 +334,5 @@ v2.0.1 | Mar 25 2026:
 [New] --json-report list: reports[] entries include started_epoch integer
       field for machine-readable absolute timestamps; additive schema
       change (existing "started" string preserved); issue #483
+[New] tests: 3 BATS regressions for --json-report list sort order,
+      started_epoch field, and legacy-session epoch derivation; issue #483
diff --git a/tests/31-json-report.bats b/tests/31-json-report.bats
@@ -454,3 +454,125 @@ LEGACY
     [ "$elapsed" -lt 30 ]
     [[ "${lines[0]}" = "{" ]]
 }
+
+# --- Test 28: --json-report list reports[] globally sorted by started_epoch ---
+# Regression guard for issue #483 comment 2: pre-fix code emitted TSV-index
+# entries before legacy entries regardless of date, producing a misordered
+# reports[] (e.g. Mar 29 legacy after Apr 18 TSV). The fix buffers both
+# passes and sorts by started_epoch descending.
+@test "--json-report list reports[] sorted by started_epoch descending" {
+    local sessdir="$LMD_INSTALL/sess"
+    # Inject a legacy session with an OLDER date than any TSV scan we'll run.
+    local oldsid="200101-0100.88881"
+    cat > "$sessdir/session.$oldsid" <<'LEGACY'
+HOST:      testhost.example.com
+SCAN ID:   200101-0100.88881
+STARTED:   Jan 01 2020 01:00:00 +0000
+COMPLETED: Jan 01 2020 01:00:05 +0000
+ELAPSED:   5s [find: 1s]
+PATH:      /home/legacyuser
+TOTAL FILES: 10
+TOTAL HITS:  0
+TOTAL CLEANED: 0
+
+FILE HIT LIST:
+LEGACY
+    # Run a fresh scan — produces a TSV-indexed entry with a recent epoch.
+    cp "$SAMPLES_DIR/eicar.com" "$TEST_DIR/"
+    maldet -a "$TEST_DIR" || true
+
+    run maldet --json-report list
+    rm -f "$sessdir/session.$oldsid"
+    assert_success
+    # Extract started_epoch values in emission order and verify non-increasing.
+    # python3 is available on debian12 + rocky9; skip on images without it.
+    if ! command -v python3 >/dev/null 2>&1; then
+        skip "python3 not available in this image"
+    fi
+    local ordered
+    ordered=$(echo "$output" | python3 -c '
+import sys, json
+d = json.load(sys.stdin)
+eps = [r["started_epoch"] for r in d["reports"]]
+print("OK" if eps == sorted(eps, reverse=True) else "FAIL: " + repr(eps))
+')
+    [[ "$ordered" == "OK" ]]
+}
+
+# --- Test 29: --json-report list reports[] include started_epoch integer ---
+# Regression guard for issue #483 comment 1: machine consumers need an
+# unambiguous absolute timestamp. Asserts the field is present, is an
+# integer (not a quoted string), and matches date -d on the started string.
+@test "--json-report list reports[] include started_epoch matching started" {
+    cp "$SAMPLES_DIR/eicar.com" "$TEST_DIR/"
+    maldet -a "$TEST_DIR" || true
+    run maldet --json-report list
+    assert_success
+    assert_output --partial '"started_epoch"'
+    # Integer — no quotes around the value. Matches lines like:
+    #   "started_epoch": 1744116606,
+    [[ "$output" =~ \"started_epoch\":[[:space:]]+[0-9]+ ]]
+    # If python3 available, cross-check epoch equals date -d on started.
+    if command -v python3 >/dev/null 2>&1; then
+        local check
+        check=$(echo "$output" | python3 -c '
+import sys, json, subprocess
+d = json.load(sys.stdin)
+bad = []
+for r in d["reports"]:
+    s, e = r.get("started"), r.get("started_epoch")
+    if s is None or e is None or e == 0:
+        continue
+    p = subprocess.run(["date", "-d", s, "+%s"], capture_output=True, text=True)
+    if p.returncode != 0:
+        continue
+    want = int(p.stdout.strip())
+    if want != e:
+        bad.append((r["scan_id"], s, e, want))
+print("OK" if not bad else "FAIL: " + repr(bad))
+')
+        [[ "$check" == "OK" ]]
+    fi
+}
+
+# --- Test 30: --json-report list legacy entries carry started_epoch ---
+# Regression guard for issue #483: pass 2 (legacy session files not in
+# session.index) must derive started_epoch from scan_start_hr, not silently
+# omit the field. Also asserts the legacy "source" tag is still emitted.
+@test "--json-report list legacy session reports[] include started_epoch" {
+    local sessdir="$LMD_INSTALL/sess"
+    local sid="991231-2359.99990"
+    cat > "$sessdir/session.$sid" <<'LEGACY'
+HOST:      testhost.example.com
+SCAN ID:   991231-2359.99990
+STARTED:   Dec 31 2099 23:59:59 +0000
+COMPLETED: Jan 01 2100 00:00:05 +0000
+ELAPSED:   6s [find: 1s]
+PATH:      /home/testuser
+TOTAL FILES: 42
+TOTAL HITS:  0
+TOTAL CLEANED: 0
+
+FILE HIT LIST:
+LEGACY
+    run maldet --json-report list
+    rm -f "$sessdir/session.$sid"
+    assert_success
+    assert_output --partial '"991231-2359.99990"'
+    assert_output --partial '"source": "legacy"'
+    # Epoch of Dec 31 2099 23:59:59 UTC = 4102444799. Non-zero value proves
+    # pass 2 derivation ran. Loose assertion (just >= year-2099 epoch) to
+    # avoid timezone-induced brittleness on test runners.
+    if command -v python3 >/dev/null 2>&1; then
+        local got
+        got=$(echo "$output" | python3 -c '
+import sys, json
+d = json.load(sys.stdin)
+e = next((r["started_epoch"] for r in d["reports"]
+          if r["scan_id"] == "991231-2359.99990"), None)
+print(e if e is not None else "MISSING")
+')
+        [[ "$got" != "MISSING" ]]
+        [[ "$got" -gt 4000000000 ]]
+    fi
+}
