search

CreditEaseDBA / Themis

数据库审核平台
Apache License 2.0
346 stars 167 forks source link

big_table_by_size和big_schema_by_table_num规则判定错误 #2

Closed dikang123 closed 7 years ago

dikang123 commented 7 years ago

使用的是针对mysql数据库进行审核请参考dev分支 规则big_table_by_size会导致themis-analysis模块报错:

[2017-04-12 18:49:57,859: ERROR/MainProcess] Task task_other.analysis[27274002-2828-4bae-b590-7c3e5b220155] raised unexpected: InvalidDocument("Cannot encode object: Decimal('0.00')",) Traceback (most recent call last): File "/home/themis-test/python-project/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task R = retval = fun(*args, *kwargs) File "/home/themis-test/python-project/lib/python2.7/site-packages/celery/app/trace.py", line 438, in __protected_call__ return self.run(args, kwargs) File "/home/themis-test/Themis/task_other.py", line 15, in analysis command.run_analysis(args) File "/home/themis-test/Themis/command.py", line 218, in run_analysis instance_name, task_ip, task_port) File "/home/themis-test/Themis/command.py", line 256, in save_result themis.mongo_client.insert_one("results", job_record) File "/home/themis-test/Themis/rule_analysis/db/mongo_operat.py", line 56, in insert_one object_id = self.get_collection(collection).insert_one(sql, condition) File "/home/themis-test/python-project/lib/python2.7/site-packages/pymongo/collection.py", line 657, in insert_one bypass_doc_val=bypass_document_validation), File "/home/themis-test/python-project/lib/python2.7/site-packages/pymongo/collection.py", line 562, in _insert check_keys, manipulate, write_concern, op_id, bypass_doc_val) File "/home/themis-test/python-project/lib/python2.7/site-packages/pymongo/collection.py", line 543, in _insert_one check_keys=check_keys) File "/home/themis-test/python-project/lib/python2.7/site-packages/pymongo/pool.py", line 424, in command self._raise_connection_failure(error) File "/home/themis-test/python-project/lib/python2.7/site-packages/pymongo/pool.py", line 552, in _raise_connection_failure raise error InvalidDocument: Cannot encode object: Decimal('0.00')

后端mongodb用的是3.4.3版本。

另外规则big_schema_by_table_num判断出错,规则的定义是超过5000张才算违法规则,但是实际判断的时候出错: image

tuteng commented 7 years ago

https://github.com/CreditEaseDBA/Themis/blob/master/rule_analysis/rule/obj/big_table_by_size.py
https://github.com/CreditEaseDBA/Themis/blob/master/rule_analysis/rule/obj/big_schema_by_table_num.py 看一下里边的sql,替换掉具体的变量,去数据库里执行一下,看一下结果

dikang123 commented 7 years ago

SELECT TABLE_NAME, ROUND(DATA_LENGTH / 1024 / 1024 / 1024, 2) FROM information_schema.TABLES WHERE TABLE_SCHEMA = 'xxxx' AND CREATE_OPTIONS <> 'partitioned' AND DATA_LENGTH > 10 1024 1024 1024 UNION ALL SELECT CONCAT(TABLE_NAME, ':', PARTITION_NAME), ROUND(DATA_LENGTH / 1024 / 1024 / 1024, 2) FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = 'xxxx' AND TABLE_NAME NOT IN (SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA = 'xxxx' AND CREATE_OPTIONS <> 'partitioned') AND DATA_LENGTH > 10 1024 1024 1024

因为是非生产环境,因此查出来没有结果(因为目前没有表的大小超过10GB)

SELECT 'xxxx', count(*) FROM information_schema.tables WHERE table_schema='xxxx'

这个查出来的结果是7,也就是只有7张表!

tuteng commented 7 years ago

big_schema_by_table_num这个规则前端显示有些歧义,虽然显示的是有违反的,但是并没有扣分,也就是实际没有违反,可以重点关注有扣分选项的 big_table_by_size应该是由于数据为空,对异常处理的不够完善 后面会修复这些问题 为了不影响后面的审核,对于出问题的规则可以临时性的关闭

dikang123 commented 7 years ago

临时性的关闭

是直接将这条规则删除对吧?

tuteng commented 7 years ago

不是。 在规则管理界面有相应的off选项,在审核的时候就会跳过这条规则