Exemple #1
0
def apply_parameters(template, parameters, data_source):
    query = SQLQuery(template).apply(parameters)

    # for now we only log `SQLInjectionError` to detect false positives
    try:
        text = query.text
    except SQLInjectionError:
        record_event({
            'action': 'sql_injection',
            'object_type': 'query',
            'query': template,
            'parameters': parameters,
            'timestamp': time.time(),
            'org_id': data_source.org_id
        })
    finally:
        text = query.query

    return text
Exemple #2
0
def apply_parameters(template, parameters, data_source):
    query = SQLQuery(template).apply(parameters)

    # for now we only log `SQLInjectionError` to detect false positives
    try:
        text = query.text
    except SQLInjectionError:
        record_event({
            'action': 'sql_injection',
            'object_type': 'query',
            'query': template,
            'parameters': parameters,
            'timestamp': time.time(),
            'org_id': data_source.org_id
        })
    except Exception as e:
        logging.info(u"Failed applying parameters for query %s: %s", gen_query_hash(query.query), e.message)
    finally:
        text = query.query

    return text
Exemple #3
0
def outdated_queries():
    manager_status = redis_connection.hgetall('redash:status')
    query_ids = json_loads(manager_status.get('query_ids', '[]'))
    if query_ids:
        outdated_queries = (
            models.Query.query.outerjoin(models.QueryResult)
                              .filter(models.Query.id.in_(query_ids))
                              .order_by(models.Query.created_at.desc())
        )
    else:
        outdated_queries = []

    record_event({
        'action': 'list',
        'object_type': 'outdated_queries',
    })

    response = {
        'queries': QuerySerializer(outdated_queries, with_stats=True, with_last_modified_by=False).serialize(),
        'updated_at': manager_status['last_refresh_at'],
    }
    return json_response(response)
Exemple #4
0
def apply_parameters(template, parameters, data_source):
    query = SQLQuery(template).apply(parameters)

    # for now we only log `SQLInjectionError` to detect false positives
    try:
        text = query.text
    except SQLInjectionError:
        record_event({
            'action': 'sql_injection',
            'object_type': 'query',
            'query': template,
            'parameters': parameters,
            'timestamp': time.time(),
            'org_id': data_source.org_id
        })
    except Exception as e:
        logging.info(u"Failed applying parameters for query %s: %s",
                     gen_query_hash(query.query), e.message)
    finally:
        text = query.query

    return text
Exemple #5
0
def outdated_queries():
    manager_status = redis_connection.hgetall('redash:status')
    query_ids = json.loads(manager_status.get('query_ids', '[]'))
    if query_ids:
        outdated_queries = (
            models.Query.query.outerjoin(models.QueryResult)
                              .filter(models.Query.id.in_(query_ids))
                              .order_by(models.Query.created_at.desc())
        )
    else:
        outdated_queries = []

    record_event({
        'action': 'list',
        'object_type': 'outdated_queries',
    })

    response = {
        'queries': QuerySerializer(outdated_queries, with_stats=True, with_last_modified_by=False).serialize(),
        'updated_at': manager_status['last_refresh_at'],
    }
    return json_response(response)
Exemple #6
0
def queries_tasks():
    record_event({
        'action': 'list',
        'object_id': 'admin/tasks',
        'object_type': 'celery_tasks'
    })

    global_limit = int(request.args.get('limit', 50))
    waiting_limit = int(request.args.get('waiting_limit', global_limit))
    progress_limit = int(request.args.get('progress_limit', global_limit))
    done_limit = int(request.args.get('done_limit', global_limit))

    waiting = QueryTaskTracker.all(QueryTaskTracker.WAITING_LIST, limit=waiting_limit)
    in_progress = QueryTaskTracker.all(QueryTaskTracker.IN_PROGRESS_LIST, limit=progress_limit)
    done = QueryTaskTracker.all(QueryTaskTracker.DONE_LIST, limit=done_limit)

    response = {
        'waiting': [t.data for t in waiting if t is not None],
        'in_progress': [t.data for t in in_progress if t is not None],
        'done': [t.data for t in done if t is not None]
    }

    return json_response(response)
Exemple #7
0
def queries_tasks():
    record_event({
        'action': 'list',
        'object_id': 'admin/tasks',
        'object_type': 'celery_tasks'
    })

    global_limit = int(request.args.get('limit', 50))
    waiting_limit = int(request.args.get('waiting_limit', global_limit))
    progress_limit = int(request.args.get('progress_limit', global_limit))
    done_limit = int(request.args.get('done_limit', global_limit))

    waiting = QueryTaskTracker.all(QueryTaskTracker.WAITING_LIST, limit=waiting_limit)
    in_progress = QueryTaskTracker.all(QueryTaskTracker.IN_PROGRESS_LIST, limit=progress_limit)
    done = QueryTaskTracker.all(QueryTaskTracker.DONE_LIST, limit=done_limit)

    response = {
        'waiting': [t.data for t in waiting if t is not None],
        'in_progress': [t.data for t in in_progress if t is not None],
        'done': [t.data for t in done if t is not None]
    }

    return json_response(response)