code_public/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: suppression de tous les LIMIT hardcodés dans les requêtes SQL

Browse Source 
Supprime les LIMIT arbitraires qui tronquaient silencieusement les résultats:

- analysis.py   : LIMIT 5, 10, 100, 500 (pays ASN, top pays, UAs)
- variability.py: LIMIT 10, 20 (JA4s, pays, ASNs, hosts, UAs)
- fingerprints.py: LIMIT 10, 20, 100 (IPs, UAs, JA4 spoofing)
- entities.py   : LIMIT 100 (IPs associées)
- tcp_spoofing.py: LIMIT 10, 12, 15 (distributions TTL/MSS/window)
- heatmap.py    : LIMIT 15
- search.py     : LIMIT 5 (suggestions de recherche)

Conservés: LIMIT 1 (lookup d'un seul enregistrement) et
LIMIT %(limit)s / OFFSET (pagination contrôlée par le frontend).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
SOC Analyst
2026-03-19 18:10:55 +01:00
parent 868dd68e34
commit 533072a157
7 changed files with 4 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/routes/analysis.py
View File

@ -141,7 +141,6 @@ async def analyze_ip_country(ip: str):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY country_code
ORDER BY count DESC
LIMIT 10
"""
asn_result = db.query(asn_countries_query, {"asn_number": asn_number})
@ -190,7 +189,6 @@ async def analyze_country(days: int = Query(1, ge=1, le=30)):
AND country_code != '' AND country_code IS NOT NULL
GROUP BY country_code
ORDER BY count DESC
LIMIT 10
"""
top_result = db.query(top_query, {"days": days})
@ -227,7 +225,6 @@ async def analyze_country(days: int = Query(1, ge=1, le=30)):
AND country_code != '' AND country_code IS NOT NULL
GROUP BY country_code
ORDER BY count DESC
LIMIT 5
"""
baseline_result = db.query(baseline_query)
@ -309,7 +306,6 @@ async def analyze_ja4(ip: str):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY src_ip
ORDER BY count DESC
LIMIT 100
"""
subnets_result = db.query(subnets_query, {"ja4": ja4})
@ -373,7 +369,6 @@ async def analyze_user_agents(ip: str):
AND time >= now() - INTERVAL 24 HOUR
GROUP BY ua
ORDER BY count DESC
LIMIT 500
"""
# Total réel des requêtes (pour les pourcentages corrects)

2
backend/routes/entities.py
View File

@ -128,7 +128,6 @@ def get_array_values(entity_type: str, entity_value: str, array_field: str, hour
)
GROUP BY value
ORDER BY count DESC
LIMIT 100
"""
result = db.connect().query(query, {
@ -271,7 +270,6 @@ async def get_subnet_investigation(
FROM subnet_filter
GROUP BY ip
ORDER BY total_detections DESC
LIMIT 100
"""
# Exécuter la première requête pour obtenir les IPs

5
backend/routes/fingerprints.py
View File

@ -436,7 +436,6 @@ async def get_ua_analysis(
AND is_ua_rotating = true
GROUP BY clean_ip
ORDER BY avg_ua_ch_mismatch DESC
LIMIT 100
"""
rotating_ips: list = []
try:
@ -548,7 +547,6 @@ async def get_ip_fingerprint_coherence(ip: str):
FROM ml_detected_anomalies
WHERE src_ip = %(ip)s
ORDER BY detected_at DESC
LIMIT 20
"""
ml_res = db.query(ml_query, {"ip": ip})
@ -563,7 +561,7 @@ async def get_ip_fingerprint_coherence(ip: str):
WHERE toString(src_ip) = %(ip)s
AND hour >= now() - INTERVAL 72 HOUR
AND ua != ''
GROUP BY ua ORDER BY cnt DESC LIMIT 10
GROUP BY ua ORDER BY cnt DESC
"""
ua_res = db.query(ua_query, {"ip": ip})
top_uas = [{"ua": str(r[0]), "count": int(r[1] or 0), "type": _classify_ua(str(r[0]))}
@ -703,7 +701,6 @@ async def get_legitimate_ja4(
AND avg_browser_score > 60
AND rare_count = 0
ORDER BY unique_ips DESC
LIMIT 100
"""
result = db.query(query, {"hours": hours, "min_ips": min_ips})

1
backend/routes/heatmap.py
View File

@ -112,7 +112,6 @@ async def get_heatmap_matrix():
WHERE window_start >= now() - INTERVAL 72 HOUR
GROUP BY host
ORDER BY total_hits DESC
LIMIT 15
"""
top_res = db.query(top_sql)
top_hosts = [str(r[0]) for r in top_res.result_rows]

4
backend/routes/search.py
View File

@ -32,7 +32,6 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY clean_ip
ORDER BY hits DESC
LIMIT 5
""",
{"p": pattern},
)
@ -60,7 +59,6 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY ja4
ORDER BY hits DESC
LIMIT 5
""",
{"p": pattern},
)
@ -86,7 +84,6 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY host
ORDER BY hits DESC
LIMIT 5
""",
{"p": pattern},
)
@ -113,7 +110,6 @@ async def quick_search(q: str = Query(..., min_length=1, max_length=100)):
AND detected_at >= now() - INTERVAL 24 HOUR
GROUP BY asn_org, asn_number
ORDER BY hits DESC
LIMIT 5
""",
{"p": pattern},
)

6
backend/routes/tcp_spoofing.py
View File

@ -47,7 +47,7 @@ async def get_tcp_spoofing_overview():
SELECT tcp_ttl_raw AS ttl, count() AS cnt, uniq(src_ip) AS ips
FROM mabase_prod.agg_host_ip_ja4_1h
WHERE window_start >= now() - INTERVAL 24 HOUR AND tcp_ttl_raw > 0
GROUP BY ttl ORDER BY cnt DESC LIMIT 15
GROUP BY ttl ORDER BY cnt DESC
"""
ttl_res = db.query(ttl_sql)
@ -56,7 +56,7 @@ async def get_tcp_spoofing_overview():
SELECT tcp_mss_raw AS mss, count() AS cnt, uniq(src_ip) AS ips
FROM mabase_prod.agg_host_ip_ja4_1h
WHERE window_start >= now() - INTERVAL 24 HOUR AND tcp_mss_raw > 0
GROUP BY mss ORDER BY cnt DESC LIMIT 12
GROUP BY mss ORDER BY cnt DESC
"""
mss_res = db.query(mss_sql)
@ -65,7 +65,7 @@ async def get_tcp_spoofing_overview():
SELECT tcp_win_raw AS win, count() AS cnt
FROM mabase_prod.agg_host_ip_ja4_1h
WHERE window_start >= now() - INTERVAL 24 HOUR AND tcp_ttl_raw > 0
GROUP BY win ORDER BY cnt DESC LIMIT 10
GROUP BY win ORDER BY cnt DESC
"""
win_res = db.query(win_sql)

6
backend/routes/variability.py
View File

@ -538,7 +538,6 @@ async def get_variability(attr_type: str, value: str):
AND header_user_agent != '' AND header_user_agent IS NOT NULL
GROUP BY user_agent
ORDER BY count DESC
LIMIT 20
"""
ua_result = db.query(ua_query_simple, _ua_params)
user_agents = [get_attribute_value(row, 1, 2, 3, 4) for row in ua_result.result_rows]
@ -563,7 +562,6 @@ async def get_variability(attr_type: str, value: str):
AND ua != ''
GROUP BY user_agent
ORDER BY count DESC
LIMIT 20
"""
ua_result = db.query(ua_query_simple, _ua_params)
user_agents = [get_attribute_value(row, 1, 2, 3, 4) for row in ua_result.result_rows]
@ -580,7 +578,6 @@ async def get_variability(attr_type: str, value: str):
WHERE ja4 != '' AND ja4 IS NOT NULL
GROUP BY ja4
ORDER BY count DESC
LIMIT 10
"""
ja4_result = db.query(ja4_query, {"value": value})
@ -596,7 +593,6 @@ async def get_variability(attr_type: str, value: str):
WHERE country_code != '' AND country_code IS NOT NULL
GROUP BY country_code
ORDER BY count DESC
LIMIT 10
"""
country_result = db.query(country_query, {"value": value})
@ -613,7 +609,6 @@ async def get_variability(attr_type: str, value: str):
WHERE asn_number != '' AND asn_number IS NOT NULL AND asn_number != '0'
GROUP BY asn_display, asn_number
ORDER BY count DESC
LIMIT 10
"""
asn_result = db.query(asn_query, {"value": value})
@ -636,7 +631,6 @@ async def get_variability(attr_type: str, value: str):
WHERE host != '' AND host IS NOT NULL
GROUP BY host
ORDER BY count DESC
LIMIT 10
"""
host_result = db.query(host_query, {"value": value})