ffalor
commented
1 year ago Thank you for your detailed report. I'll need some time to check internally to see what the desired behavior of those fields are.
Closed rquinlivan closed 1 year ago
ffalor
commented
1 year ago Thank you for your detailed report. I'll need some time to check internally to see what the desired behavior of those fields are.
Expected behavior
In the
streaming_models.EventItemmodel struct returned from gofalcon client, the client should represent optional/missing fields in the REST endpoint response asnilby using a pointer type in the field.Observed behavior
EventItemtreats some fields as always present in the response, when they are actually optional. I am not sure this is a complete list but the following appear to fall under this condition:UTCTimestampProcessStartTimeProcessEndTimeStartTimestampEndTimestampTimestampThese fields may or may not appear in a response JSON, depending on the type of event returned.
Problem
An application using gofalcon receives the data from the
stream.Eventschannel as an unmarshaledstreaming_models.Event(which contains astreaming_models.EventItem). Timestamp fields that are missing are unmarshalled as the default value (0). At that point, it is not possible to tell whether the timestamp field set to0was actually present in the REST endpoint response, or whether it was missing.Proposed Change
The client returned
EventItemstruct should accurately reflect the contents of the JSON response. This can be achieved by changing the field types to a pointer. E.g.:For example, the "RemoteResponseSessionStartEvent" event type does not return a
UTCTimestampin the JSON response so having this field set tonilin that case would more accurately reflect the API response.