code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sql+api): fix view column mismatches and ClickHouse 24.8 JOIN issue

Browse Source 
- view_form_bruteforce_detected: add post_count, distinct_paths, first_seen, last_seen
- view_host_ip_ja4_rotation: add host, distinct_ja4, ja4_list, window_start
- Replace uniqExact/groupUniqArray with count()/groupArray (no nested-agg error)
- api.py campaigns/graph: move a.src_ip < b.src_ip from JOIN ON to WHERE
  (ClickHouse 24.8 forbids cross-table inequality in JOIN ON condition)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
2026-04-10 01:05:04 +02:00
parent 040437921c
commit 7a04e47041
2 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/dashboard/backend/routes/api.py
View File

@ -972,8 +972,8 @@ async def campaigns_graph() -> dict[str, Any]:
f"FROM {_DB}.ml_detected_anomalies a "
f"INNER JOIN {_DB}.ml_detected_anomalies b "
"ON a.ja4 = b.ja4 AND a.campaign_id = b.campaign_id "
"AND a.src_ip < b.src_ip "
"WHERE a.campaign_id >= 0 "
"AND a.src_ip < b.src_ip "
"AND a.detected_at >= now() - INTERVAL 7 DAY "
"AND b.detected_at >= now() - INTERVAL 7 DAY "
"LIMIT 2000"