code linted
This commit is contained in:
Lorenzo Venerandi
@@ -1061,9 +1061,9 @@ class DatabaseManager:
|
||||
row = base.one()
|
||||
|
||||
# Honeypot unique IPs (separate query for distinct on filtered subset)
|
||||
hp_query = session.query(
|
||||
func.count(distinct(AccessLog.ip))
|
||||
).filter(AccessLog.is_honeypot_trigger == True)
|
||||
hp_query = session.query(func.count(distinct(AccessLog.ip))).filter(
|
||||
AccessLog.is_honeypot_trigger == True
|
||||
)
|
||||
hp_query = self._public_ip_filter(hp_query, AccessLog.ip, server_ip)
|
||||
honeypot_ips = hp_query.scalar() or 0
|
||||
|
||||
@@ -1653,7 +1653,9 @@ class DatabaseManager:
|
||||
)
|
||||
|
||||
# Get paginated access logs with attack detections
|
||||
query = session.query(AccessLog).join(AttackDetection).distinct(AccessLog.id)
|
||||
query = (
|
||||
session.query(AccessLog).join(AttackDetection).distinct(AccessLog.id)
|
||||
)
|
||||
|
||||
if sort_by == "timestamp":
|
||||
query = query.order_by(
|
||||
|
||||
@@ -41,7 +41,6 @@ from deception_responses import (
|
||||
from wordlists import get_wordlists
|
||||
from logger import get_app_logger, get_access_logger, get_credential_logger
|
||||
|
||||
|
||||
# --- Auto-tracking dependency ---
|
||||
# Records requests that match attack patterns or honeypot trap paths.
|
||||
|
||||
@@ -63,6 +62,7 @@ async def _track_honeypot_request(request: Request):
|
||||
|
||||
if body:
|
||||
import urllib.parse
|
||||
|
||||
decoded_body = urllib.parse.unquote(body)
|
||||
attack_findings.extend(tracker.detect_attack_type(decoded_body))
|
||||
|
||||
@@ -401,7 +401,9 @@ async def trap_page(request: Request, path: str):
|
||||
|
||||
# Record access unless the router dependency already handled it
|
||||
# (attack pattern or honeypot path → already recorded by _track_honeypot_request)
|
||||
if not tracker.detect_attack_type(full_path) and not tracker.is_honeypot_path(full_path):
|
||||
if not tracker.detect_attack_type(full_path) and not tracker.is_honeypot_path(
|
||||
full_path
|
||||
):
|
||||
tracker.record_access(
|
||||
ip=client_ip,
|
||||
path=full_path,
|
||||
|
||||
@@ -42,9 +42,7 @@ def main():
|
||||
cutoff = datetime.now() - timedelta(days=retention_days)
|
||||
|
||||
# Delete attack detections linked to old access logs first (FK constraint)
|
||||
old_log_ids = session.query(AccessLog.id).filter(
|
||||
AccessLog.timestamp < cutoff
|
||||
)
|
||||
old_log_ids = session.query(AccessLog.id).filter(AccessLog.timestamp < cutoff)
|
||||
detections_deleted = (
|
||||
session.query(AttackDetection)
|
||||
.filter(AttackDetection.access_log_id.in_(old_log_ids))
|
||||
|
||||
@@ -40,9 +40,7 @@ def main():
|
||||
|
||||
stats_after = tracker.get_memory_stats()
|
||||
|
||||
visits_reduced = (
|
||||
stats_before["ip_page_visits"] - stats_after["ip_page_visits"]
|
||||
)
|
||||
visits_reduced = stats_before["ip_page_visits"] - stats_after["ip_page_visits"]
|
||||
|
||||
if visits_reduced > 0:
|
||||
app_logger.info(
|
||||
|
||||
@@ -573,7 +573,9 @@ class AccessTracker:
|
||||
try:
|
||||
ban_time = datetime.fromisoformat(ban_timestamp)
|
||||
time_diff = (current_time - ban_time).total_seconds()
|
||||
effective_duration = self.ban_duration_seconds * data.get("ban_multiplier", 1)
|
||||
effective_duration = self.ban_duration_seconds * data.get(
|
||||
"ban_multiplier", 1
|
||||
)
|
||||
if time_diff > effective_duration:
|
||||
data["count"] = 0
|
||||
data["ban_timestamp"] = None
|
||||
|
||||
@@ -243,13 +243,13 @@ def fetch_geolocation_from_api(ip: str, app_logger) -> tuple:
|
||||
"""
|
||||
try:
|
||||
geoloc_data = extract_geolocation_from_ip(ip)
|
||||
|
||||
|
||||
if geoloc_data:
|
||||
country_code = geoloc_data.get("country_code")
|
||||
city = geoloc_data.get("city")
|
||||
asn = geoloc_data.get("asn")
|
||||
asn_org = geoloc_data.get("org")
|
||||
|
||||
|
||||
return (country_code, city, asn, asn_org)
|
||||
except requests.RequestException as e:
|
||||
app_logger.warning(f"Failed to fetch geolocation for {ip}: {e}")
|
||||
|
||||
Reference in New Issue
Block a user