Dynamic SQL query building fixed (negating conditions)

Auth for sending events fixed

Dynamic SQL query building fixed (negating conditions)
f50d1104 · Michal Kostenec · f83b3adb · f50d1104 · f50d1104
Commit f50d1104 authored 10 years ago by Michal Kostenec
--- a/warden3/warden_client/warden_client_test.py
+++ b/warden3/warden_client/warden_client_test.py
@@ -76,6 +76,7 @@ def gen_random_idea(client_name="cz.example.warden.test"):
       "EventTime": get_precise_timestamp(),
       "CeaseTime": get_precise_timestamp(),
       "Category": ["Abusive.Spam","Fraud.Copyright","Test"],
+       # "Category": ["Abusive.Spam","Fraud.Copyright"],
       "Ref": ["cve:CVE-%s-%s" % (randstr(string.digits, 4), randstr()), "http://www.example.com/%s" % randstr()],
       "Confidence": random(),
       "Note": "Random event",
@@ -143,8 +144,10 @@ def main():
    print "=== Getting 10 events ==="
    start = time()

-    cat = ['Availability', 'Abusive.Spam','Attempt.Login']
-    nocat = ['Fraud.Scam','Malware.Virus']
+    # cat = ['Availability', 'Abusive.Spam','Attempt.Login']
+    # cat = ['Attempt', 'Information','Fraud.Scam','Malware.Virus']
+    cat = ['Attempt']
+    nocat = ['Availability', 'Information', 'Fraud.Scam']

    tag = ['Log', 'Data']
    notag = ['Flow', 'Datagram']
@@ -152,8 +155,8 @@ def main():
    group = ['cz.tul.ward.kippo','cz.vsb.buldog.kippo']
    nogroup = ['cz.zcu.civ.afrodita','cz.vutbr.net.bee.hpscan']

-    ret = wclient.getEvents(count=10, cat=cat, nocat=None, tag=tag, notag=None, group=None, nogroup=nogroup)
-    #ret = wclient.getEvents(count=10)
+    ret = wclient.getEvents(count=10, cat=None, nocat=None, tag=None, notag=None, group=None, nogroup=nogroup)
+    ret = wclient.getEvents(count=10)
    print "Time: %f" % (time()-start)
    print "Got %i events" % len(ret)
    for e in ret:

--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -307,8 +307,10 @@ class X509Authenticator(NoAuthenticator):
                return None

            test = 'Test' in event.get('Category', [])
-            if not test:
-                logging.info("authorize: failed, service %i (%s) does not send Test category in event" % (service["service_id"], identity))
+            # if not test:
+            #     logging.info("authorize: failed, service %i (%s) does not send Test category in event" % (service["service_id"], identity))
+            if test and not service['test']:
+                logging.info("authorize: failed, service %i (%s) is not allowed to send Test category in event" % (service["service_id"], identity))
                return None
        
        return client
@@ -442,8 +444,13 @@ class MySQL(ObjectReq):
            else:
                parent_cats.append(mapped_id)
    
-        format_strings = ','.join(['%s'] * len(variables_id))
-        temp_string = query_string % format_strings
+        temp_string = ""
+
+        if len(variables_id) > 0:
+            format_strings = ','.join(['%s'] * len(variables_id))
+            logging.debug("query_string: %s" % query_string)
+            logging.debug("format_strings: %s" % format_strings)
+            temp_string = query_string % format_strings
        
        return temp_string, variables_id

@@ -472,20 +479,18 @@ class MySQL(ObjectReq):
        sqlparams.append(id or 0)

        if cat or nocat:
-            not_op = "" if cat else "NOT"
            parent_cats = []
-            sqltemp, sqlpar = self.generateDynamicQuery(self.catmap, "category_id %s IN (%%s)" % not_op, (cat or nocat), parent_cats)
-            for pcats in parent_cats:
-                sqltemp += " %s category_id DIV %s = 1 " % (("OR" if sqltemp else ""), pcats)
-                
-            sqlwhere.append(" AND e.id IN (SELECT event_id FROM event_category_mapping WHERE %s)" % sqltemp)
+            sqltemp, sqlpar = self.generateDynamicQuery(self.catmap, "category_id IN (%s)", (cat or nocat), parent_cats)
+            for pcat in parent_cats:
+                sqltemp += " %s (category_id > %s AND category_id < %s) " % (("OR" if sqltemp else ""), pcat, pcat + 100)
+             
+            sqlwhere.append(" AND e.id %s IN (SELECT event_id FROM event_category_mapping WHERE %s)" % (("NOT" if nocat else ""), sqltemp))
            sqlparams.extend(sqlpar)

        if tag or notag:
-            not_op = "" if tag else "NOT"
-            sqltemp, sqlpar = self.generateDynamicQuery(self.tagmap, "tag_id %s IN (%%s)" % not_op, (tag or notag))
-            
-            sqlwhere.append(" AND e.id IN (SELECT event_id FROM event_tag_mapping WHERE %s)" % sqltemp)
+            sqltemp, sqlpar = self.generateDynamicQuery(self.tagmap, "tag_id IN (%s)", (tag or notag))
+
+            sqlwhere.append(" AND e.id %s IN (SELECT event_id FROM event_tag_mapping WHERE %s)" % (("NOT" if notag else ""), sqltemp))
            sqlparams.extend(sqlpar)

        if group or nogroup:
@@ -766,7 +771,7 @@ class WardenHandler(ObjectReq):
            try:
                id = self.db.getLastReceivedId(self.req.client)
            except Exception, e:
-                logging.info("cannot getLastReceivedId - " + type(e).__name__ + ": " + e)
+                logging.info("cannot getLastReceivedId - " + type(e).__name__ + ": " + str(e))
                
        if id is None:
            # First access, remember the guy and get him last event