def extract_login_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "/pc/login/member.action" not in httpmsg.uri:
return
properties = extract_common_properties(httpmsg)
result = "F"
uid = ""
body = httpmsg.resp_body or ""
if body:
try:
body = get_json_obj(body)
code = body["code"]
if code == 1000:
result = "T"
uid = str(body["msg"]["uid"])
elif code == 1038:
result = "N"
elif code == 1039:
result = "F"
except Exception as err:
pass
properties["login_result"] = result
properties["password"] = get_md5(
extract_value_from_body(l_passwd_pattern, httpmsg.req_body))
properties["login_name"] = extract_value_from_body(l_name_pattern,
httpmsg.req_body)
properties["login_type"] = "pc"
properties["auth_msg"] = ""
properties["autologin"] = False
properties["captcha"] = ""
properties["uid"] = uid
properties["deviceid"] = ""
return Event("nebula", "loginlog", "", millis_now(), properties)
def __init__(self,
interface,
ports=None,
embedded_bro=True,
bro_home=None,
idx=1,
start_port=None,
bpf_filter=""):
Driver.__init__(self)
if ports is None:
ports = [80, 81, 1080, 3128, 8000, 8080, 8888, 9001]
self.embedded_bro = embedded_bro
self.bro_home = get_bro_home(bro_home)
self.interface = interface
self.bpf_filter = bpf_filter
self.logger = settings.init_logging('bro.{}'.format(idx))
self.ports = configcontainer.get_config("sniffer").get_string(
"filter.traffic.server_ports", "") or ports
self.ports = expand_ports(self.ports)
self.idx = idx
self.bro_port = start_port + idx
self.last_netstat_ts = millis_now()
self.sub_task = None
self.client_task = None
self.last_update = 0
self.filtered_clients = []
self.encrypt_keys = []
self.encrypt_salt = ""
#bro broker
self.ep = None
self.sub = None
self.ss = None
#
self.data_mr = None
self.error_mr = None
self.running = False
def accept(self):
while self.running:
try:
request_mail = self._receiver.get(True, 0.5)
request_mail = Mail.from_json(request_mail)
accept_ts = millis_now()
self.worker_pool.apply(self.process_mail,
[(request_mail, accept_ts)])
except Queue.Empty:
pass
except Exception as error:
tags = {"type": "accept"}
tags.update(self.metrics_tags)
ServiceServer.error_metrics.record(1, tags)
print error
self._receiver.close()
for request_mail in self._receiver.dump_cache():
self.worker_pool.apply(self.process_mail, request_mail)
def extract_modify_newmobile_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "modify_newmobile.aspx" not in httpmsg.uri_stem:
return
properties = extract_common_properties(httpmsg)
if "alert('修改成功')" in httpmsg.resp_body:
result = "T"
else:
result = "F"
properties["result"] = result
properties["new_bind_mob"] = extract_value_from_body(
newmobile_mobile_pattern, httpmsg.req_body)
properties["auth_msg"] = extract_value_from_body(newmobile_code_pattern,
httpmsg.req_body)
return Event("nebula", "bind_mob_modify", httpmsg.source_ip, millis_now(),
properties)
def get_es(self):
es_enabled = get_config("nebula.eslog.enabled", "false")
if es_enabled != "true":
return
current = millis_now()
if current - self.es_last_create < 10000:
return self.es
es_host = get_config("nebula.eslog.host", "")
es_port = int(get_config("nebula.eslog.port", "9200"))
if not es_host:
self.es = None
else:
self.es = elasticsearch.Elasticsearch([{
"host": es_host,
"port": es_port
}])
self.es_last_create = current
return self.es
def extract_mob_verify_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "submobile.aspx" not in httpmsg.uri_stem:
return
properties = extract_common_properties(httpmsg)
if "window.parent.location.href = '/myht/modify_newmobile.aspx'" in httpmsg.resp_body:
result = "T"
else:
result = "F"
properties["result"] = result
properties["password"] = get_md5(
extract_value_from_body(mobverify_passwd_pattern, httpmsg.req_body))
properties["auth_msg"] = extract_value_from_body(mobverify_code_pattern,
httpmsg.req_body)
return Event("nebula", "bind_mob_verify", httpmsg.source_ip, millis_now(),
properties)
def __init__(self, config, period):
"""
:param config: the decorated config object
:param period: the period that the config could expire(in seconds)
"""
parent = self
super(PeriodicalConfig,
self).__init__(None,
None,
cb_after_load=lambda: parent.__setattr__(
"last_load_ts", millis_now()))
assert config, "config is null"
assert isinstance(config, Config), "should be an Config instance"
self.period = period
self.config = config
# the timestamp for last loading
self.last_load_ts = 0
def send(request, key, block=True, timeout=10):
global successing_timeout, frozen_until
now = millis_now()
if now < frozen_until:
print "frozen now"
return False, None
result = old_send(request, key, block, timeout)
if result[0]:
# success
successing_timeout = 0
frozen_until = 0
else:
# timeout
successing_timeout += 1
if successing_timeout >= 3:
frozen_until = now + 30 * 1000 # block 30 seconds
successing_timeout = 0
return result
def extract_http_log_msg(textmsg):
if not textmsg:
return None
server_ip, remote_ip, status, request_time, upstream_response_time, log = textmsg.split(
"|||")
parts = extract_nginx_log_parts(log)
if len(parts) != 14:
raise RuntimeError("invalid log")
user_agent = parts[8] or ""
method, uri = parts[4].split(" ")[:2]
# get full uri
if "?" not in uri:
uri_stem = uri
uri_query = ""
else:
uri_stem, uri_query = uri.split("?", 1)
properties = dict()
properties["c_ip"] = remote_ip
properties["c_ipc"] = ".".join(remote_ip.split(".")[:3])
properties["c_port"] = 0
properties["uri_stem"] = uri_stem
properties["uri_query"] = uri_query
properties["host"] = ""
properties["useragent"] = user_agent
properties["status"] = int(status)
properties["referer"] = ""
properties["c_body"] = ""
properties["c_bytes"] = int(parts[10])
properties["s_ip"] = server_ip
properties["s_ipc"] = ".".join(server_ip.split(".")[:3])
properties["s_port"] = 0
properties["s_body"] = ""
properties["s_bytes"] = int(parts[6])
properties["cookie"] = ""
properties["method"] = method
# print properties
return Event("nebula", "httplog", "", millis_now(), properties)
def extract_order_submit_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "order/submitbookingform" not in httpmsg.uri_stem:
return
properties = extract_common_properties(httpmsg)
if "订单提交成功" in httpmsg.resp_body:
result = "T"
else:
result = "F"
body_json = get_json_obj(httpmsg.resp_body)
properties["result"] = result
properties["merchant"] = extract_value_from_body(
ordersubmit_hotelid_pattern, httpmsg.req_body)
properties["orderid"] = body_json["Data"]["BookingResult"]["PmsResvNo"]
properties["spu"] = ""
properties["sku"] = extract_value_from_body(ordersubmit_sku_pattern,
httpmsg.req_body)
properties["sku_count"] = extract_value_from_body(
ordersubmit_skucount_pattern, httpmsg.req_body)
reservation = extract_value_from_body(ordersubmit_reservation_pattern,
httpmsg.req_body)
if reservation:
reservation = datetime.datetime.strptime(reservation,
"%Y-%m-%d").timetuple()
reservation = time.mktime(reservation) * 1000
reservation = long(reservation)
else:
reservation = 0
properties["reservation_time"] = reservation
properties["c_name"] = extract_value_from_body(ordersubmit_cname_pattern,
httpmsg.req_body)
properties["email"] = extract_value_from_body(ordersubmit_cmail_pattern,
httpmsg.req_body)
properties["mobile"] = extract_value_from_body(ordersubmit_mobile_pattern,
httpmsg.req_body)
return Event("nebula", "order_submit", httpmsg.source_ip, millis_now(),
properties)
def extract_login_log_event(httpmsg):
r"""
Login event extractor
"""
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "auth-web/authorize" not in httpmsg.uri:
return
properties = extract_common_properties(httpmsg)
result = "F"
body = httpmsg.resp_body
try:
body = json.loads(body)
if body.get("msg_code") == "0":
result = "T"
except:
pass
properties["result"] = result
body = httpmsg.req_body or ""
password = ""
user = ""
try:
body = json.loads(body)
password = body["password"]
user = body["user_acct"]
except:
pass
properties["password"] = get_md5(password)
properties["login_name"] = user
properties["login_type"] = "pc"
properties["auth_msg"] = ""
properties["autologin"] = False
properties["captcha"] = ""
return Event("nebula", "loginlog", "", millis_now(), properties)
def get_offline_merged_variable(keys, dimension, var_list, fromtime, endtime):
"""
获取一段时间内变量的聚合数据
:return:
"""
data = dict()
data['app'] = 'nebula'
data['keys'] = keys
if isinstance(var_list, list):
data['var_list'] = var_list
elif isinstance(var_list, (str, unicode)):
data['var_list'] = var_list.split(',')
else:
return dict()
fromtime = int(fromtime) / 3600000 * 3600000
endtime = int(endtime) / 3600000 * 3600000
time_list = range(fromtime, endtime + 1, 3600000)
data["dimension"] = dimension
data["time_list"] = time_list
req = Event("nebula", "offline_merge_variablequery_request", '__GLOBAL__',
millis_now(), data)
response = OfflineMergeClient.send(req, '', block=False, timeout=5)
if response[0]:
if isinstance(response[1], list):
result = dict()
for r in response[1]:
logger.debug(DEBUG_PREFIX + "返回的一个event:%s", r)
result = dict_merge(
result,
r.property_values.get("result", {}) or dict())
else:
result = response[1].property_values.get("result", {})
logger.debug(DEBUG_PREFIX + "有返回的结果是:%s, 返回的结果是%s", response, result)
return result
else:
logger.debug(DEBUG_PREFIX + "当前没有事件..., 返回的是%s", response)
def extract_password_modify_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != '/m/updatepwd.html':
return
properties = extract_common_properties(httpmsg)
body = httpmsg.resp_body or ""
result = get_result(body)
properties["result"] = result
properties["old_password"] = get_md5(
extract_value_from_body(pwmodify_oldpwd_pattern, httpmsg.req_body))
properties["new_password"] = get_md5(
extract_value_from_body(pwmodify_newpwd_pattern, httpmsg.req_body))
return Event("nebula", "password_modify", httpmsg.source_ip, millis_now(),
properties)
def from_dict(risk_incident):
return RiskIncidentModel(
ip=risk_incident["ip"],
associated_events=json_dumps(risk_incident.get(
"associated_events") or '[]'), # 风险事件关联事件id
start_time=risk_incident["start_time"],
strategies=json_dumps(risk_incident["strategies"]),
hit_tags=json_dumps(risk_incident["hit_tags"]),
risk_score=risk_incident["risk_score"],
uri_stems=json_dumps(risk_incident["uri_stems"]),
hosts=json_dumps(risk_incident["hosts"]),
most_visited=risk_incident["most_visited"],
peak=risk_incident.get("peak"), # 风险事件关联IP访问峰值
dids=json_dumps(risk_incident["dids"]),
associated_users=json_dumps(risk_incident["associated_users"] or '{}'),
users_count=risk_incident["users_count"],
associated_orders=json_dumps(
risk_incident.get("associated_orders") or '{}'),
status=risk_incident.get("status", 0),
last_modified=millis_now()
)
def get_profile_crawler_page_risk(current_day, pages):
"""
爬虫dashboard pages们的分时分析
new in 2.11
不支持polling
Return:
(sucess, dict or string)
False, error message(string)
True, data(any type)
"""
bn = "ProfileCrawlerRiskClient"
property_values = {'current_day': current_day, 'pages': pages}
event = Event('nebula_web', 'profile_crawler_page_risk', '', millis_now(),
property_values)
try:
success, res = ProfileCrawlerPageRiskClient.send(event, '', True, 10)
except Exception:
msg = "Exception During %s Babel Request: %s", bn, traceback.format_exc(
)
logger.error(msg)
return False, msg
# babel request fail
if not success:
msg = u"%s Babel request fail, event: %s" % (bn, event)
logger.error(msg)
return False, msg
# bad request
_ = res.property_values
if _:
if _.has_key("status"):
msg = u"Bad %s response event: %s, status: %s, msg:%s " % (\
bn, event, _.get("status"), _.get("msg"))
logger.error(msg)
return False, msg
return True, _
return False, "%s Babel event's property_values is blank." % bn
def test_restore(self):
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
print "start sleep"
import time
time.sleep(10)
print "finish sleep"
import sys
try:
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
except Exception as err:
print err
sys.stdout.flush()
pass
try:
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
except Exception as err:
print err
sys.stdout.flush()
pass
try:
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
except Exception as err:
print err
sys.stdout.flush()
pass
print "start sleep 2"
import time
time.sleep(10)
print "finish sleep 2"
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
self.m.add_metrics("MetricsTest", "test_metrics", {"tag1": "tag1"}, 1.0, 60)
print list(self.m.query("MetricsTest", "test_metrics", "sum", millis_now()-600000, millis_now(), 600, []).itervalues())[0]
def get_trigger_events(self, key, strategy, **kwargs):
"""
查询风险名单触发事件详情
"""
fromtime = kwargs.get('fromtime', None)
endtime = kwargs.get('endtime', None)
check_types = kwargs.get('check_types', None)
scene_types = kwargs.get('scene_types', None)
decisions = kwargs.get('decisions', None)
filter_expire = kwargs.get('filter_expire', False)
test = kwargs.get('test', None)
query = self.session.query(Model.trigger_event).order_by(Model.timestamp.desc())
query = query.filter(Model.key == key).filter(Model.strategy_name == strategy)
if filter_expire:
now = millis_now()
query = query.filter(Model.expire >= now)
if decisions:
query = query.filter(Model.decision.in_(decisions))
if check_types:
query = query.filter(Model.check_type.in_(check_types))
if scene_types:
query = query.filter(Model.scene_name.in_(scene_types))
if fromtime and fromtime > 0:
query = query.filter(Model.timestamp >= fromtime)
if endtime and endtime > 0:
query = query.filter(Model.timestamp <= endtime)
if test is not None:
test = True if test == 'true' else False
query = query.filter(Model.test == test)
return [json.loads(_[0]) for _ in query.all()]
def extract_regist_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != "/member/register":
return
properties = extract_common_properties(httpmsg)
if "err" in httpmsg.resp_body:
result = "F"
else:
result = "T"
properties["result"] = result
body = httpmsg.req_body or ""
properties["email"] = ""
properties["regist_name"] = extract_value_from_body(r_mobile_pattern, body)
properties["password"] = ""
properties["captcha"] = ""
return Event("nebula", "registlog", "", millis_now(), properties)
def get_result(self, full_respond):
result = dict()
result["success"] = True
result["seq_id"] = 1
result["error_code"] = ""
result["scene_type"] = "login"
result["final_rule_hit"] = "test_rule"
result["final_decision"] = "reject"
result["final_key_hit"] = "ip"
result["final_value_hit"] = "192.168.0.1"
result["final_desc"] = "黑名单说明"
result["expire_time"] = millis_now() + 3600 * 1000
result["rule_hits"] = []
if full_respond:
result["rule_hits"] = [{
"rule_name": "test_rule",
"key_hit": "ip",
"key_value": "192.168.0.1",
"decision": "reject",
"remark": "黑名单说明"
}]
return result
def extract_password_verify_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "asp.maininfo" in httpmsg.uri_stem and "_method=checkpassword" in httpmsg.uri_query:
pass
else:
return
if "false" == httpmsg.resp_body:
result = "F"
else:
result = "T"
properties = extract_common_properties(httpmsg)
properties["result"] = result
properties["password"] = get_md5(
extract_value_from_body(pwverify_pwd_pattern, httpmsg.req_body))
return Event("nebula", "password_verify", httpmsg.source_ip, millis_now(),
properties)
def extract_auth_msg_send_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != "web/sendsmscode":
return
properties = extract_common_properties(httpmsg)
result = "F"
resp_body = httpmsg.resp_body or ""
try:
b = json.loads(resp_body)
if b.get("status") == 0:
result = "T"
except Exception as ignore:
pass
properties["result"] = result
body = httpmsg.req_body or ""
properties["mobile"] = extract_value_from_body(a_name_pattern, body)
return Event("nebula", "auth_msg_send", "", millis_now(), properties)
def __init__(self, interface="lo0", ports=(80, 8080, 8443),
key_place="/Users/lw/sslprivatekey/server.key.unencrypted", bpf_filter=None):
Driver.__init__(self, "tshark.{}".format(interface))
self.ports = configcontainer.get_config("sniffer").get_string("filter.traffic.server_ports", "") \
or ports
self.ports = expand_ports(self.ports)
self.key_place = key_place
self.interface = interface
self.bpf_filter = bpf_filter
self.sub_task = None
self.client_task = None
self.running = False
# cache used for building the http message
self.cache = Cache(50000, ttl=30)
self.TIMEOUT = 30 # 30s timeout
self.last_check = millis_now()
self.data_mr = None
self.error_mr = None
self.fixed_tags = {"ports": str(self.ports), "interface": self.interface}
def extract_regist_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != "/web/checkregister":
return
properties = extract_common_properties(httpmsg)
result = "F"
resp_body = httpmsg.resp_body or ""
try:
b = json.loads(resp_body)
if b.get("status") == 0:
result = "T"
except Exception as ignore:
pass
properties["regist_result"] = result
body = httpmsg.req_body or ""
properties["email"] = ""
properties["regist_name"] = extract_value_from_body(r_name_pattern, body)
properties["mobile"] = extract_value_from_body(r_name_pattern, body)
properties["password"] = get_md5(
get_md5(
get_md5(
get_md5(
get_md5(extract_value_from_body(r_passwd_pattern,
body))))))
properties["captcha"] = ""
properties["auth_code"] = get_md5(
get_md5(
get_md5(
get_md5(
get_md5(extract_value_from_body(r_verify_pattern,
body))))))
return Event("nebula", "registlog", "", millis_now(), properties)
def extract_pay_submit_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "services/order/buy.json" not in httpmsg.uri:
return
properties = extract_common_properties(httpmsg)
body = httpmsg.resp_body
result = ""
try:
body = json.loads(body)
if body.get("msg_code") == "0":
result = "T"
except:
pass
properties["result"] = result
body = httpmsg.req_body or ""
pay_type = ""
pay_id = ""
amount = ""
mobile = ""
try:
body = json.loads(body)
pay_type = body["data"]["s_type"]
pay_id = body["data"]["lot_id"]
amount = float(body["data"]["total_money"])
mobile = body["token"]
except:
pass
properties["pay_type"] = pay_type
properties["pay_id"] = pay_id
properties["amount"] = amount
properties["mobile"] = mobile
return Event("nebula", "pay_submit", "", millis_now(), properties)
def _run(self):
"""
请求_global__variableglobalvalue_request,得到http_count五分钟请求数量,记录metrics
"""
now = millis_now()
property_values = dict(count=1, varnames=[''])
request = Event('__all__', '_global__variableglobalvalue_request', '',
now, property_values)
response = self.client.send(request, 'nebula', False, 10)
value = 0
if response[0]:
for resultEvent in response[1]:
if resultEvent.property_values.get('count') > 0 and \
resultEvent.property_values.get('varvalues')[0] is not None:
value += resultEvent.property_values.get('varvalues')[0]
self.metrics_recorder.add_metrics('default',
'web.network', {},
int(value),
86400 * 7,
timestamp=now)
def get_global_statistic(keys, var_list):
data = {"app": "nebula", "var_list": var_list, "keys": keys}
key = '__GLOBAL__'
request = Event("__all__", "globalslotquery_request", key, millis_now(),
data)
response = GlobalSlotQueryClient.send(request, key, block=False, timeout=5)
if response[0] and isinstance(response[1], list):
values = [event.property_values.get("result") for event in response[1]]
logger.debug(DEBUG_PREFIX + "有返回的结果是:%s, 返回的结果是%s", response, values)
result = None
if values:
if isinstance(values[0], (int, float)):
result = sum(values)
elif isinstance(values[0], dict):
result = dict()
for value in values:
result = dict_merge(result, value)
else:
logger.debug(DEBUG_PREFIX + "当前没有事件..., 返回的是%s", response)
result = dict()
return result
def extract_order_cancel_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if "ajax/ordermanage" in httpmsg.uri_stem and "_method=cancelpms" in httpmsg.uri_query:
# need process
pass
else:
return
properties = extract_common_properties(httpmsg)
if "true" in httpmsg.resp_body:
result = "T"
else:
result = "F"
properties["result"] = result
properties["merchant"] = extract_value_from_body(
ordercancel_hotelid_pattern, httpmsg.req_body)
properties["orderid"] = extract_value_from_body(
ordercancel_orderid_pattern, httpmsg.req_body)
return Event("nebula", "order_cancel", httpmsg.source_ip, millis_now(),
properties)
def extract_regist_log_event(httpmsg):
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != "/register.aspx":
return
properties = extract_common_properties(httpmsg)
if "<title>登录注册 -华住酒店集团官网</title>" in httpmsg.resp_body:
result = "T"
else:
result = "F"
properties["regist_result"] = result
body = httpmsg.req_body or ""
properties["email"] = extract_value_from_body(r_email_pattern, body)
properties["regist_name"] = extract_value_from_body(r_name_pattern, body)
properties["password"] = get_md5(
extract_value_from_body(r_passwd_pattern, body))
properties["captcha"] = extract_value_from_body(r_captcha_pattern, body)
return Event("nebula", "registlog", "", millis_now(), properties)
def extract_app_login_log_event(httpmsg):
r"""
App login event extractor
"""
if not isinstance(httpmsg, HttpMsg):
return
if httpmsg.method != "POST":
return
if httpmsg.uri != "/api/c1_login":
return
properties = extract_common_properties(httpmsg)
result = "F"
try:
j = json.loads(httpmsg.resp_body)
if j["err"] is None:
result = "T"
except:
pass
properties["result"] = result
body = httpmsg.req_body or ""
properties["password"] = get_md5(
get_md5(
get_md5(
get_md5(
get_md5(extract_value_from_body(app_l_passwd_pattern,
body))))))
properties["login_name"] = extract_value_from_body(app_l_name_pattern,
body)
properties["login_type"] = "pc"
properties["auth_msg"] = ""
properties["autologin"] = False
properties["captcha"] = ""
return Event("nebula", "loginlog", "", millis_now(), properties)
def get(self):
"""
获取当前小时tags的统计
@API
summary: 获取当前小时tags的统计
description: ''
tags:
- platform
"""
tag_statistics = []
temp_statistics = {}
try:
# 查询风险名单数据库,统计命中策略变量
from_time = utils.get_hour_start() * 1000
end_time = millis_now()
ret = NoticeDao().get_statistic_scene(from_time, end_time)
# 根据命中策略查询策略包含的tags,并统计命中每一个tag的数量
strategy_weigh = cache.Strategy_Weigh_Cache
for strategy, count in ret:
tags = strategy_weigh.get(strategy, {}).get('tags', [])
for tag in tags:
utils.dict_merge(temp_statistics, {tag: count})
# tags根据命中数量排序
sorted_tags = sorted(temp_statistics.items(),
lambda x, y: cmp(x[1], y[1]),
reverse=True)[:10]
tag_statistics = [{
'name': tag,
'count': count
} for tag, count in sorted_tags]
self.finish(json_dumps(tag_statistics))
except Exception as e:
logger.error(e)
self.finish(json_dumps(tag_statistics))