PyPI - mdbq - Versions diffs - 4.2.23__tar.gz → 4.2.24__tar.gz - Mend

mdbq 4.2.23tar.gz → 4.2.24tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mdbq might be problematic. Click here for more details.

Files changed (46) hide show

{mdbq-4.2.23 → mdbq-4.2.24}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: mdbq
-Version: 4.2.23
+Version: 4.2.24
 Home-page: https://pypi.org/project/mdbq
 Author: xigua,
 Author-email: 2587125111@qq.com

mdbq-4.2.24/mdbq/__version__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ VERSION = '4.2.24'

{mdbq-4.2.23 → mdbq-4.2.24}/mdbq/route/monitor.py RENAMED Viewed

@@ -21,7 +21,7 @@ import functools
 import hashlib
 import socket
 from datetime import datetime, timedelta
-from typing import Dict, Any, Optional
+from typing import Dict, Any, Optional, List
 from dbutils.pooled_db import PooledDB # type: ignore
 from flask import request, g
@@ -437,6 +437,138 @@ class RouteMonitor:
         except Exception:
             return None
+    def calculate_risk_score(self, client_ip: str, date: datetime.date) -> int:
+        """
+        计算 IP 风险评分（0-100）
+        风险评分基于以下维度：
+        1. 请求频率异常（30分）：单日请求数超过阈值
+        2. 失败率异常（25分）：失败请求比例过高
+        3. 访问模式异常（20分）：短时间访问大量不同接口
+        4. 时间分布异常（15分）：非正常时间段高频访问
+        5. 响应时间异常（10分）：平均响应时间过长（可能是攻击）
+        Args:
+            client_ip: 客户端 IP 地址
+            date: 统计日期
+        Returns:
+            int: 风险评分（0-100），分数越高风险越大
+        """
+        risk_score = 0
+        try:
+            connection = self.pool.connection()
+            try:
+                with connection.cursor() as cursor:
+                    self.ensure_database_context(cursor)
+                    # 获取该 IP 当日的统计数据
+                    cursor.execute("""
+                        SELECT
+                            `请求总数`, `成功次数`, `失败次数`,
+                            `平均耗时`, `首次访问`, `最后访问`, `访问接口数`
+                        FROM `api_ip记录`
+                        WHERE `客户端ip` = %s AND `统计日期` = %s
+                    """, (client_ip, date))
+                    ip_stats = cursor.fetchone()
+                    if not ip_stats:
+                        return 0  # 无数据，无风险
+                    total_requests = ip_stats['请求总数']
+                    success_count = ip_stats['成功次数']
+                    failure_count = ip_stats['失败次数']
+                    avg_time = float(ip_stats['平均耗时']) if ip_stats['平均耗时'] else 0
+                    first_access = ip_stats['首次访问']
+                    last_access = ip_stats['最后访问']
+                    endpoint_count = ip_stats['访问接口数'] or 0
+                    # 1. 请求频率异常检测（30分）
+                    # 阈值：正常用户单日请求 < 1000，可疑 1000-5000，高风险 > 5000
+                    if total_requests > 10000:
+                        risk_score += 30  # 极高频率
+                    elif total_requests > 5000:
+                        risk_score += 25  # 高频率
+                    elif total_requests > 2000:
+                        risk_score += 18  # 中等频率
+                    elif total_requests > 1000:
+                        risk_score += 10  # 略高
+                    # 2. 失败率异常检测（25分）
+                    # 高失败率可能是暴力破解、SQL注入等攻击
+                    if total_requests > 0:
+                        failure_rate = failure_count / total_requests
+                        if failure_rate > 0.8:
+                            risk_score += 25  # 80%以上失败
+                        elif failure_rate > 0.5:
+                            risk_score += 20  # 50%-80%失败
+                        elif failure_rate > 0.3:
+                            risk_score += 12  # 30%-50%失败
+                        elif failure_rate > 0.15:
+                            risk_score += 5   # 15%-30%失败
+                    # 3. 访问模式异常检测（20分）
+                    # 短时间访问大量不同接口可能是扫描行为
+                    if endpoint_count > 0:
+                        # 计算平均每个接口的访问次数
+                        avg_per_endpoint = total_requests / endpoint_count
+                        if endpoint_count > 50 and avg_per_endpoint < 5:
+                            risk_score += 20  # 访问50+接口，每个接口少于5次（扫描特征）
+                        elif endpoint_count > 30 and avg_per_endpoint < 10:
+                            risk_score += 15  # 访问30+接口
+                        elif endpoint_count > 20 and avg_per_endpoint < 15:
+                            risk_score += 10  # 访问20+接口
+                        elif endpoint_count > 10 and avg_per_endpoint < 20:
+                            risk_score += 5   # 访问10+接口
+                    # 4. 时间分布异常检测（15分）
+                    # 查询该 IP 的小时分布，检测是否有非正常时间段高频访问
+                    cursor.execute("""
+                        SELECT
+                            HOUR(`请求时间`) as hour,
+                            COUNT(*) as count
+                        FROM `api_访问日志`
+                        WHERE `客户端ip` = %s
+                        AND DATE(`请求时间`) = %s
+                        GROUP BY HOUR(`请求时间`)
+                        HAVING count > 100
+                        ORDER BY count DESC
+                    """, (client_ip, date))
+                    hourly_distribution = cursor.fetchall()
+                    # 检测是否有凌晨时段（0-5点）的异常高频访问
+                    night_requests = sum(h['count'] for h in hourly_distribution if 0 <= h['hour'] <= 5)
+                    if night_requests > 500:
+                        risk_score += 15  # 凌晨大量请求（可能是爬虫/攻击）
+                    elif night_requests > 200:
+                        risk_score += 10
+                    elif night_requests > 100:
+                        risk_score += 5
+                    # 5. 响应时间异常检测（10分）
+                    # 过长的响应时间可能是 DDoS 攻击或资源耗尽攻击
+                    if avg_time > 5000:  # > 5秒
+                        risk_score += 10
+                    elif avg_time > 3000:  # > 3秒
+                        risk_score += 7
+                    elif avg_time > 2000:  # > 2秒
+                        risk_score += 4
+                    # 限制评分范围在 0-100
+                    risk_score = min(100, max(0, risk_score))
+            finally:
+                connection.close()
+        except Exception as e:
+            # 计算失败时返回 0（保守策略）
+            return 0
+        return risk_score
     # ==================== 核心数据收集 ====================
     def collect_request_data(self, request) -> Dict[str, Any]:
@@ -685,6 +817,9 @@ class RouteMonitor:
                     ))
                     # 2. 更新 IP 统计表
+                    client_ip = request_data.get('客户端ip', '')
+                    # 首先更新基础统计
                     cursor.execute("""
                         INSERT INTO `api_ip记录` (
                             `统计日期`, `客户端ip`, `请求总数`, `成功次数`, `失败次数`,
@@ -695,13 +830,13 @@ class RouteMonitor:
                             `请求总数` = `请求总数` + 1,
                             `成功次数` = `成功次数` + %s,
                             `失败次数` = `失败次数` + %s,
-                        `平均耗时` = (
-                            (`平均耗时` * `请求总数` + %s) / (`请求总数` + 1)
-                        ),
+                            `平均耗时` = (
+                                (`平均耗时` * `请求总数` + %s) / (`请求总数` + 1)
+                            ),
                             `最后访问` = %s
                     """, (
                         date,
-                        request_data.get('客户端ip', ''),
+                        client_ip,
                         is_success, is_error,
                         response_time, now, now,
                         is_success, is_error,
@@ -709,8 +844,46 @@ class RouteMonitor:
                         now
                     ))
+                    # 计算该 IP 访问的不同接口数量
+                    cursor.execute("""
+                        SELECT COUNT(DISTINCT `路由地址`) as endpoint_count
+                        FROM `api_访问日志`
+                        WHERE `客户端ip` = %s AND DATE(`请求时间`) = %s
+                    """, (client_ip, date))
+                    endpoint_result = cursor.fetchone()
+                    endpoint_count = endpoint_result['endpoint_count'] if endpoint_result else 0
+                    # 更新访问接口数
+                    cursor.execute("""
+                        UPDATE `api_ip记录`
+                        SET `访问接口数` = %s
+                        WHERE `客户端ip` = %s AND `统计日期` = %s
+                    """, (endpoint_count, client_ip, date))
                 connection.commit()
+                # 3. 计算并更新风险评分（在事务外执行，避免影响主流程性能）
+                try:
+                    risk_score = self.calculate_risk_score(client_ip, date)
+                    if risk_score > 0:
+                        # 重新获取连接更新风险评分
+                        connection2 = self.pool.connection()
+                        try:
+                            with connection2.cursor() as cursor2:
+                                self.ensure_database_context(cursor2)
+                                cursor2.execute("""
+                                    UPDATE `api_ip记录`
+                                    SET `风险评分` = %s
+                                    WHERE `客户端ip` = %s AND `统计日期` = %s
+                                """, (risk_score, client_ip, date))
+                            connection2.commit()
+                        finally:
+                            connection2.close()
+                except Exception:
+                    # 风险评分计算失败不影响主流程
+                    pass
             finally:
                 connection.close()

{mdbq-4.2.23 → mdbq-4.2.24}/mdbq.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: mdbq
-Version: 4.2.23
+Version: 4.2.24
 Home-page: https://pypi.org/project/mdbq
 Author: xigua,
 Author-email: 2587125111@qq.com