[Snort-devel] Am I on the right track here?

Mike Andersen mike at ...31...
Tue Sep 12 06:05:10 EDT 2000

What I want to achieve is to make the application(s) more independent of
the database, and to be able to use database specific features without
changing anything in the application(s).

How?  The idea is to let the database itself contain the knowledge of
how the application should access the data.  In other words, I want the
database to contain all the SQL queries, and the application to get them
from the database.

For example, Oracle can use views, MySQL can not.  Both gives you the
same data in return, but te SQL query is different.  Where should the
knowledge about the SQL query be stored?  In the application,
configuration file or the database?  I'm trying the database:

The table contain three fields: name of the query, the query itself and
which fields that are returned.  Here is the table that I will use in
the example code:

# Table structure for table 'stdquery'
CREATE TABLE stdquery (
  id int(10) unsigned DEFAULT '0' NOT NULL,
  name varchar(255) DEFAULT '' NOT NULL,
  query text NOT NULL,
  retur text NOT NULL

# Dumping data for table 'stdquery'
(1,'std_iphdr_all','select * from iphdr;','sid,cid,ip_src,ip_src0,ip_src1,ip_src2,ip_src3,ip_dst,ip_dst0,ip_dst1,ip_dst2,ip_dst3,ip_ver,ip_hlen,ip_tos,ip_len,ip_id,ip_flags,ip_off,ip_ttl,ip_proto,ip_csum');

INSERT INTO stdquery VALUES (2,'std_icmphdr_all','select * from icmphdr','sid,cid,icmp_type,icmp_code,icmp_csum,icmp_id,icmp_seq');

So, when the database module is initiating a connection against the
database, it reads all the entries in this table and store them
internally for later use.

The "application" will then call for the 'std_icmphdr_all' query, which
then will be translated into the SQL query and executed.

I guess it's easier to understand what I mean when you see the following

# Author(s):   Mike Andersen   <mike at ...31...> 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

## # 	$Id: snortdb.py,v 1.2 2000/09/08 09:58:59 mike Exp $	

''' Common function for communicating with snort\'s database '''

import string
import MySQLdb

class connectdb:
    ''' Create a connection to the snort database '''
    def __init__(self,db='snort',user='root',passwd=''):
        self.query = {}
        tmp_cursor=self.connector.cursor()     # connecting
        tmp_query = 'select * from stdquery'   # the one query we need to know
        tmp_cursor.execute(tmp_query)          # execute it...
        self.querylist = tmp_cursor.fetchall() # ...and get the data.
        for line in self.querylist:            # create a dictionary of all queries
            tmp_name = line[1]
            tmp_query = line[2]
            tmp_names = tuple(string.split(line[3],','))
            self.query[tmp_name] = (tmp_query,tmp_names)

    def cursor(self):
        return self.connector.cursor()
class cursor:
    def __init__(self,connector):
        self.connector = connector
    def query(self,query):
        self.query = query
        sql = self.connector.query[query][0]
    def fetchtest(self):
        tmpdata = self.cursor.fetchone()
        tmplist = self.connector.query[self.query][1]
        print "fetchtest, tmplist: ", tmplist
        print "fetchtest, tmpdata: ", tmpdata
        tmpret = {}
        counter = 0
        for entry in tmplist:
            tmpret[tmplist[counter]] = tmpdata[counter]
            counter = counter + 1
        return tmpret

if __name__ == '__main__':
    #queryname = 'std_iphdr_all'
    queryname = 'std_icmphdr_all'
    db = connectdb()
    cur = cursor(db)

    line =  cur.fetchtest()

    print "\nThis is what the module returns:\n "
    print line

So, am I on the right track here? 

A language that doesn't affect the way you think about programming is
not worth knowing.

More information about the Snort-devel mailing list