示例#1
0
def assemble_distributed_queries(node):
    '''
    Retrieve all distributed queries assigned to a particular node
    in the NEW state. This function will change the state of the
    distributed query to PENDING, however will not commit the change.
    It is the responsibility of the caller to commit or rollback on the
    current database session.
    '''
    now = dt.datetime.utcnow()
    pending_query_count = 0
    query_recon_count = db.session.query(db.func.count(DistributedQueryTask.id)) \
        .filter(
        DistributedQueryTask.node == node,
        DistributedQueryTask.status == DistributedQueryTask.NEW,
        DistributedQueryTask.priority == DistributedQueryTask.HIGH,

    )
    for r in query_recon_count:
        pending_query_count = r[0]
    if pending_query_count > 0:
        query = db.session.query(DistributedQueryTask) \
            .join(DistributedQuery) \
            .filter(
            DistributedQueryTask.node == node,
            DistributedQueryTask.status == DistributedQueryTask.NEW,
            DistributedQuery.not_before < now,
            DistributedQueryTask.priority == DistributedQueryTask.HIGH,

        ).options(
            db.lazyload('*'),
            db.contains_eager(DistributedQueryTask.distributed_query)
        )
    else:
        query = db.session.query(DistributedQueryTask) \
            .join(DistributedQuery) \
            .filter(
            DistributedQueryTask.node == node,
            DistributedQueryTask.status == DistributedQueryTask.NEW,
            DistributedQuery.not_before < now,
            DistributedQueryTask.priority == DistributedQueryTask.LOW,
        ).options(
            db.lazyload('*'),
            db.contains_eager(DistributedQueryTask.distributed_query)
        ).limit(1)

    queries = {}
    for task in query:
        if task.sql:
            queries[task.guid] = task.sql
        else:
            queries[task.guid] = task.distributed_query.sql
        task.update(status=DistributedQueryTask.PENDING,
                    timestamp=now,
                    commit=False)

        # add this query to the session, but don't commit until we're
        # as sure as we possibly can be that it's been received by the
        # osqueryd client. unfortunately, there are no guarantees though.
        db.session.add(task)
    return queries
示例#2
0
def assemble_packs(node, config_json=None):
    if config_json:
        packs = {}
        for pack in node.packs.join(querypacks).join(Query) \
                .options(db.contains_eager(Pack.queries)).all():
            packs[pack.name] = pack.to_dict()
        if config_json:
            packs = merge_two_dicts(packs, config_json.get('packs'))
    else:
        packs = []
        for pack in node.packs.join(querypacks).join(Query) \
                .options(db.contains_eager(Pack.queries)).all():
            packs.append(pack.to_dict())
    return packs
示例#3
0
def assemble_packs(node):
    packs = {}
    for pack in node.packs.join(querypacks).join(Query) \
            .options(db.contains_eager(Pack.queries)).all():
        packs[pack.name] = pack.to_dict()
    return packs