Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use placeholders and remove MySQL built-in functions usage

This commit is contained in:
Nicolas Rouvière 2016-02-18 22:59:58 +01:00 committed by Michel Oosterhof
parent 92d35462c3
commit e0229241b8
1 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
cowrie/output/sqlite.py
View File

@ -17,11 +17,13 @@ class Output(cowrie.core.output.Output):
def start(self):
"""
Start sqlite3 logging module using Twisted ConnectionPool.
Need to be started with check_same_thread=False. See
https://twistedmatrix.com/trac/ticket/3629.
"""
sqlite_file = self.cfg.get('output_sqlite', 'db_file')
try:
self.db = adbapi.ConnectionPool('sqlite3',
database = sqlite_file)
database = sqlite_file, check_same_thread=False)
except sqlite3.OperationalError as e:
log.msg(e)
@ -37,7 +39,8 @@ class Output(cowrie.core.output.Output):
"""
docstring here
"""
log.err( 'sqlite3 Error:', error.value )
log.err('sqlite error')
error.printTraceback()
def simpleQuery(self, sql, args):
"""
@ -55,97 +58,97 @@ class Output(cowrie.core.output.Output):
if entry["eventid"] == 'cowrie.session.connect':
r = yield self.db.runQuery(
"SELECT `id` FROM `sensors` WHERE `ip` = %s", (self.sensor,))
if r:
"SELECT `id` FROM `sensors` WHERE `ip` = ?", (self.sensor,))
if r and r[0][0]:
sensorid = r[0][0]
else:
yield self.db.runQuery(
'INSERT INTO `sensors` (`ip`) VALUES (%s)', (self.sensor,))
r = yield self.db.runQuery('SELECT LAST_INSERT_ID()')
'INSERT INTO `sensors` (`ip`) VALUES (?)', (self.sensor,))
r = yield self.db.runQuery('SELECT LAST_INSERT_ROWID()')
sensorid = int(r[0][0])
self.simpleQuery(
"INSERT INTO `sessions` (`id`, `starttime`, `sensor`, `ip`)"
+ " VALUES (%s, STR_TO_DATE(%s, %s), %s, %s)",
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
+ " VALUES (?, ?, ?, ?)",
(entry["session"], entry["timestamp"],
sensorid, entry["src_ip"]))
elif entry["eventid"] == 'cowrie.login.success':
self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \
', `username`, `password`, `timestamp`)' + \
' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))',
' VALUES (?, ?, ?, ?, ?)',
(entry["session"], 1, entry['username'], entry['password'],
entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ'))
entry["timestamp"]))
elif entry["eventid"] == 'cowrie.login.failed':
self.simpleQuery('INSERT INTO `auth` (`session`, `success`' + \
', `username`, `password`, `timestamp`)' + \
' VALUES (%s, %s, %s, %s, STR_TO_DATE(%s, %s))',
' VALUES (?, ?, ?, ?, ?)',
(entry["session"], 0, entry['username'], entry['password'],
entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ'))
entry["timestamp"]))
elif entry["eventid"] == 'cowrie.command.success':
print str(entry)
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `success`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
' VALUES (?, ?, ?, ?)',
(entry["session"], entry["timestamp"],
1, entry["input"]))
elif entry["eventid"] == 'cowrie.command.failed':
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `success`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
' VALUES (?, ?, ?, ?)',
(entry["session"], entry["timestamp"],
0, entry["input"]))
elif entry["eventid"] == 'cowrie.session.file_download':
self.simpleQuery('INSERT INTO `downloads`' + \
' (`session`, `timestamp`, `url`, `outfile`, `shasum`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s, %s, %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
' VALUES (?, ?, ?, ?, ?)',
(entry["session"], entry["timestamp"],
entry['url'], entry['outfile'], entry['shasum']))
elif entry["eventid"] == 'cowrie.session.file_download':
self.simpleQuery('INSERT INTO `input`' + \
' (`session`, `timestamp`, `realm`, `input`)' + \
' VALUES (%s, STR_TO_DATE(%s, %s), %s , %s)',
(entry["session"], entry["timestamp"], '%Y-%m-%dT%H:%i:%s.%fZ',
' VALUES (?, ?, ?, ?)',
(entry["session"], entry["timestamp"],
entry["realm"], entry["input"]))
elif entry["eventid"] == 'cowrie.client.version':
r = yield self.db.runQuery(
'SELECT `id` FROM `clients` WHERE `version` = %s', \
'SELECT `id` FROM `clients` WHERE `version` = ?', \
(entry['version'],))
if r:
if r and r[0][0]:
id = int(r[0][0])
else:
yield self.db.runQuery(
'INSERT INTO `clients` (`version`) VALUES (%s)', \
'INSERT INTO `clients` (`version`) VALUES (?)', \
(entry['version'],))
r = yield self.db.runQuery('SELECT LAST_INSERT_ID()')
r = yield self.db.runQuery('SELECT LAST_INSERT_ROWID()')
id = int(r[0][0])
self.simpleQuery(
'UPDATE `sessions` SET `client` = %s WHERE `id` = %s',
'UPDATE `sessions` SET `client` = ? WHERE `id` = ?',
(id, entry["session"]))
elif entry["eventid"] == 'cowrie.client.size':
self.simpleQuery(
'UPDATE `sessions` SET `termsize` = %s WHERE `id` = %s',
'UPDATE `sessions` SET `termsize` = ? WHERE `id` = ?',
('%sx%s' % (entry['width'], entry['height']),
entry["session"]))
elif entry["eventid"] == 'cowrie.session.closed':
self.simpleQuery(
'UPDATE `sessions` SET `endtime` = STR_TO_DATE(%s, %s)' + \
' WHERE `id` = %s', (entry["timestamp"],
'%Y-%m-%dT%H:%i:%s.%fZ', entry["session"]))
'UPDATE `sessions` SET `endtime` = ?' + \
' WHERE `id` = ?', (entry["timestamp"], entry["session"]))
elif entry["eventid"] == 'cowrie.log.closed':
self.simpleQuery(
'INSERT INTO `ttylog` (`session`, `ttylog`, `size`) VALUES (%s, %s, %s)',
'INSERT INTO `ttylog` (`session`, `ttylog`, `size`) VALUES (?, ?, ?)',
(entry["session"], entry["ttylog"], entry["size"]))
elif entry["eventid"] == 'cowrie.client.fingerprint':
self.simpleQuery(
'INSERT INTO `keyfingerprints` (`session`, `username`, `fingerprint`) VALUES (%s, %s, %s)',
'INSERT INTO `keyfingerprints` (`session`, `username`, `fingerprint`) VALUES (?, ?, ?)',
(entry["session"], entry["username"], entry["fingerprint"]))