s){R%ddlZddlZddlZddlmZmZmZmZmZm Z m Z m Z m Z ddl mZddlmZmZddlmZddlmZddlmZmZGdd eZGd d eZGd d eZGddeZdS)N) CompositeKey DoesNotExistForeignKeyField IntegerFieldJOINPrimaryKeyField TextField CharFieldSQL)reduce)instanceModel)apply_order_by)Country)IPList IPListPurposeceZdZdZGddZeZedZe dZ edZ edZ e dZe dZe dZe dZe dZe dZedZedZedZedZe dZedZe d d Zed ZdS) Proactivez$Proactive defense php plugin events.c$eZdZejZdZdZdS)Proactive.Meta proactiveN)__name__ __module__ __qualname__r dbdatabasedb_tableschemaJ/opt/imunify360/venv/lib/python3.11/site-packages/im360/model/proactive.pyMetars;r r"FnullTcVtj|jktjzSN)rip is_expired)clss r! _iplist_joinzProactive._iplist_join@s" SV#):)<)<(<==r Nc ||j|j|j|j|j|j|j|j|j tj ttj|} g} |dkr| |j|k|| |j|k|| |j|k|~| |j||j|z|j |z|j|z| rr| |jfd| D} | rrg}g}| D]/}|d||d0d |}| t)d|d|| r/t+t,j| }| |} |t3||| } || |} || |} g}| D]D}|d rt;j|d n|d |d <||E|S) Nonrc~g|]9}t|tk"|7|:Sr)len startswith).0p site_searchs r! z#Proactive.fetch..ysMq66C ,,,,k1J1J,,,,r zpath NOT LIKE ?%z AND ()listnamepurpose)selectid timestampr'actionhostpathcountrule_id rule_namerr8joinr LEFT_OUTERr*appenduidcontainsr0r r operatorand_whererlimitoffsetdictsrlistname2purpose)r)rFsincetorKrLsearchorder_byr3 user_siteskwargsqwhere_conditions longer_paths sql_chunks sql_paramsr?combined_sql_string final_clauseresultitems ` r!fetchzProactive.fetchDs* JJ F M F J H H I K M O  $vt3+;+;+=+=$ > > " !88  # #CGsN 3 3 3    # #CMU$: ; ; ; >  # #CMR$7 8 8 8    # #!!&))(##F++,-((001&//&))*     +   # #CH$7$7 $D$D E E E#L    (22D%%&7888%%jjj1111&-ll:&>&># ''2/222J??  &!(-1ABBL %%A  xa00A  A    AGGII  D  #& .tJ/?@@@*% O MM$     r cf||j|j|j|j|j|j|j|j|j |j tj tjd tt"j|tt"j|jtjk|j|k}|dkr||j|k}|}|dkrt2t5t7|}t8t8jt8jt8j|dk }tC||d<|drtEj#|dn|d|d<|S) Ncountryr,rr;envr8r9)$r:r;r<r' descriptionurlr=r?r@rArBrr8rcodealiasrCrrDr*switch ip_country_idrJrFrMrnextiter ProactiveEnvnamevalueevent_idtuplesdictrrN)r)r;rFrUevents r!detailszProactive.detailss JJ      ""9--  T&$/c.>.>.@.@T A A VXX Tc.?7:.MU36R< ) , !883''A GGII 7799q== T!WW     1<3E F F U<(E$K7 8 8 VXX Awwe Z  #M *5+< = = =z" i  r )NNNNNNNN)rrr__doc__r"rr;rr<r r'ip_int ip_versionr rhrcr=r>r?rdr@rFgidrArB classmethodr*r^rrrr r!rrs..   B %(((I    B \t $ $ $F4(((JI4(((M)&&&K YE " " "F 9$   D 9% D )   C Le $ $ $E ,E " " "C ,E " " "Cl%%%G u%%%I>>[> ^^^[^@(([(((r rcteZdZdZedZedZedZGddZ dS)rkz3Proactive defence php plugin environment variables.Fr#Tc>eZdZejZdZdZedddZ dS)ProactiveEnv.Meta proactive_envrrnrlrmN) rrrr rrrrr primary_keyrr r!r"rzs2;""l:vw?? r r"N) rrrrsrrnr rlrmr"rr r!rkrks==|'''H 9% D I4 E@@@@@@@@@@r rkceZdZdZeddZedejZGddZ e d d Z e dd Z dS)ProactiveIgnoredPathz"Ignore list for proactive defence.FT)r$r|)r$defaultc eZdZejZdZdS)ProactiveIgnoredPath.Metaproactive_ignored_pathN)rrrr rrrrr r!r"rs;+r r"Nct|g}g}|jj}d|D}|D]C\}}t||d}|+||r|n|D|D])}||vr#|t||*|t j|j|S)z To be able to use itertools.groupby, we need result to be sorted by both path and timestamp, so in this method we add this fields to order_by if they was not passed by caller Ncg|]\}}|Srr)r1f_s r!r4z5ProactiveIgnoredPath._apply_order..s222A1222r )_metasorted_field_namesgetattrrEdescProactiveIgnoredRulerBrR) r)rUrRorderfieldsorder_by_fields field_namerfields r! _apply_orderz!ProactiveIgnoredPath._apply_orders  H-22222 ( > > JCT22E  Tz,ProactiveIgnoredPath.fetch..)sai;%@r )keyc@g|]}|d |d|ddS)rANrB)r;rlr)r1rows r!r4z.ProactiveIgnoredPath.fetch..1s=""" #"9~9$'y>3{;KLL999r )r?r<rulesra)r:r?r<rrArBrCrrDrJr0strrGr itertoolsgroupbyrMr/rE)r) limit_homedirrOrPrQrRrKrLrUr\ max_countr2gr?r<s r!r^zProactiveIgnoredPath.fetchs JJ H M ( *   $#T_ 5 5  $++C ,>,>??@@A  ))&1122A   .//A > +,,A   Q ) ) % GGII@@     DAqV###f++*=*="#i $%.""'("""    NII&  r r&)NNNNNrr) rrrrsr r?rtimer<r"rwrr^rr r!r~r~s,, 9%T 2 2 2D %;;;I,,,,,,,,"""["0 2!2!2![2!2!2!r r~czeZdZdZeedddZedZe dZ GddZ d S) rzSpecific rules ignored.FCASCADEr)r$ on_delete related_namer#c$eZdZejZdZdZdS)ProactiveIgnoredRule.Metaproactive_ignored_rule)))r?rATN)rrrr rrrindexesrr r!r"rMs;+0r r"N) rrrrsrr~r?rrAr rBr"rr r!rr=s!! ?     Dl&&&G u%%%I1111111111r r)rrrHpeeweerrrrrrr r r functoolsr defence360agent.modelr r$defence360agent.model.simplificationrim360.model.countryrim360.model.firewallrrrrkr~rrr r!rs                       11111111??????''''''66666666wwwwwwwwt@@@@@5@@@"X!X!X!X!X!5X!X!X!v11111511111r