def post(self, task_id):
args = self.reqparse.parse_args()
new_time = models.Time(
task_id,
current_user.id,
args['start'].replace(tzinfo=None),
None if args['stop'] is None else args['stop'].replace(tzinfo=None)
)
models.db.session.add(new_time)
models.db.session.commit()
return self.schema.dump(new_time).data
def insertQuery(self, source_id, date, expr, category=1, query_id=None):
'''
Insert/Update query.
'''
#self.qglogger.debug('In %s' % sys._getframe().f_code.co_name)
# get the hash of expr to check if the query is updated or not.
md5hash = hashlib.md5()
md5hash.update(str(expr) + str(source_id))
checksum = md5hash.hexdigest()
query = self.store.find(Query, (Query.source_id == source_id) &
(Query.checksum == unicode(checksum)) &
(Query.category == category)).one()
if not query:
'''
Insert new query.
'''
try:
query = Query()
query.source_id = source_id
query.checksum = unicode(checksum)
time_id = self.store.find(models.Time.id,
models.Time.time == date).one()
if time_id:
query.creation_time_id = time_id
query.update_time_id = time_id
else:
time = models.Time()
time.time = date
self.store.add(time)
self.store.flush()
query.update_time_id = time.id
query.creation_time_id = time.id
query.type_id = 1
query.category_id = category
self.store.add(query)
self.store.flush()
q_packet = QueryPacket()
if category == 1:
self.qglogger.info(
colored('Inserting validation query.',
'green',
attrs=['bold']))
q_packet.validation_id = query.id
else:
q_packet.validation_id = query_id
q_packet.query_id = query.id
self.store.add(q_packet)
self.store.flush()
except Exception, e:
self.qglogger.warning(e)
sys.exit()
return
'''
Every filter table has its own index from 0 to 15.
Query type is determined by generating an array with
existing fields of the query.
For example if a query has info in src_ip and dst_port tables,
its type will be '0,3' in query table.
'''
self.query_type = ''
plugins = self.store.find(Plugin)
if 'src_ip' and 'dst_ip' in expr.keys():
src_ip = expr['src_ip']
dst_ip = expr['dst_ip']
for plugin in list(plugins):
if IPAddress(src_ip) and IPAddress(dst_ip) in list(
IPNetwork(plugin.prefix.prefix)):
md5hash = hashlib.md5()
md5hash.update(str(src_ip) + str(dst_ip))
checksum = md5hash.hexdigest()
alert_ = self.store.find(
Alert, Alert.checksum == unicode(checksum),
Alert.identified_plugin_id == int(plugin.id),
Alert.query_id == int(query.id)).one()
if alert_ is None:
time_ = int(timestamp.time())
alert_info = {
'identified_plugin_id': int(plugin.id),
'timewindow_start': time_,
'timewindow_end': time_,
'timestamp': time_,
'checksum': unicode(checksum),
'query_id': int(query.id),
'alert_type': 1
}
self.insertAlert(alert_info)
if 'src_ip' in expr.keys():
src_ip = expr['src_ip']
for plugin in list(plugins):
if IPAddress(src_ip) in list(
IPNetwork(plugin.prefix.prefix)):
md5hash = hashlib.md5()
md5hash.update(str(src_ip))
checksum = md5hash.hexdigest()
alert_ = self.store.find(
Alert, Alert.checksum == unicode(checksum),
Alert.identified_plugin_id == int(plugin.id),
Alert.query_id == int(query.id)).one()
if alert_ is None:
time_ = int(timestamp.time())
alert_info = {
'identified_plugin_id': int(plugin.id),
'timewindow_start': time_,
'timewindow_end': time_,
'timestamp': time_,
'checksum': unicode(checksum),
'query_id': int(query.id),
'alert_type': 0
}
self.insertAlert(alert_info)
if 'dst_ip' in expr.keys():
dst_ip = expr['dst_ip']
for plugin in list(plugins):
if IPAddress(dst_ip) in list(
IPNetwork(plugin.prefix.prefix)):
md5hash = hashlib.md5()
md5hash.update(str(dst_ip))
checksum = md5hash.hexdigest()
alert_ = self.store.find(
Alert, Alert.checksum == checksum,
Alert.identified_plugin_id == int(plugin.id),
Alert.query_id == int(query.id)).one()
if alert_ is None:
time_ = int(timestamp.time())
alert_info = {
'identified_plugin_id': int(plugin.id),
'timewindow_start': time_,
'timewindow_end': int(time.time()),
'timestamp': time_,
'checksum': unicode(checksum),
'query_id': int(query.id),
'alert_type': 1
}
self.insertAlert(alert_info)
for filter in expr.keys():
try:
# src_ip
if filter == 'src_ip':
self.insertSrcIP(expr['src_ip'], query.id)
# src_port
elif filter == 'src_port':
self.insertSrcPort(expr['src_port'], query.id)
#dst_ip
elif filter == 'dst_ip':
self.insertDstIP(expr['dst_ip'], query.id)
# dst_port
elif filter == 'dst_port':
self.insertDstPort(expr['dst_port'], query.id)
#proto
elif filter == 'proto':
self.insertProto(expr['proto'], query.id)
# protocol version
elif filter == 'protocol_version':
self.insertProtocolVersion(expr['protocol_version'],
query.id)
# packets
elif filter == 'packets':
self.insertPackets(expr['packets'], query.id)
# bytes
elif filter == 'bytes':
self.insertBytes(expr['bytes'], query.id)
# duration
elif filter == 'duration':
self.insertDuration(expr['duration'], query.id)
#flags
elif filter == 'flags':
self.insertFlags(expr['flags'], query.id)
# tos
elif filter == 'tos':
self.insertTOS(expr['tos'], query.id)
# pps
elif filter == 'pps':
self.insertPPS(expr['pps'], query.id)
# bps
elif filter == 'bps':
self.insertBPS(expr['bps'], query.id)
# bpp
elif filter == 'bpp':
self.insertBPP(expr['bpp'], query.id)
# AS
elif filter == 'AS':
self.insertAS(expr['AS'], query.id)
# scale
elif filter == 'scale':
self.insertScale(expr['scale'], query.id)
except Exception, e:
self.qglogger.warning(e)
return
return
else:
'''
Update update_time of the query.
'''
self.qglogger.debug(
colored('Query exists in the database.',
'green',
attrs=['bold']))
try:
update_time_id = self.store.find(
models.Time.id, models.Time.time == date).one()
if update_time_id:
query.update_time_id = update_time_id
else:
time = models.Time()
time.time = date
self.store.add(time)
self.store.flush()
query.update_time_id = time.id
self.store.commit()
self.qglogger.debug('Query time is updated')
#self.qglogger.info('query_id : %d' % query.id)
except Exception, e:
self.qglogger.warning(e)
return
# Check if this optional or mandatory query is derived
# from this validation query -> qid
if not category == 1: