Merge pull request #15 from DominicTWHV/dev

DominicTWHV · web-flow · commit 5b6049fd8ee0 · 2026-01-05T00:10:48.000-07:00
Merge a few experimental/WIP code into main
diff --git a/edge/database/driver.py b/edge/database/driver.py
@@ -7,7 +7,7 @@
 
 from edge.logger.context import db_logger
 
-from edge.registry.database import PrimaryDBConf, SecurityDBConf
+from edge.registry.database import PrimaryDBConf, SecurityDBConf, MetadataDBConf
 
 class DBInitManager:
     @staticmethod
@@ -33,6 +33,7 @@ async def _init_sqlite(db_type: Literal["primary", "security_core", "security_ge
             "primary": (PrimaryDBConf.sqlite_schema_path),
             "security_core": (SecurityDBConf.sqlite_schema_path_core),
             "security_generic": (SecurityDBConf.sqlite_schema_path_generic),
+            "metadata": (MetadataDBConf.sqlite_schema_path),
         }
         
         schema_path = config_map[db_type]
diff --git a/edge/database/schema/metadata_tracker.sql b/edge/database/schema/metadata_tracker.sql
@@ -0,0 +1,14 @@
+CREATE TABLE IF NOT EXISTS `dataset_metadata` (
+    `repository` VARCHAR, -- github repository, ex: DominicTWHV/CTI-DB-DUMP | If using a txt dataset, the url will be stored if the dataset isn't on github.
+    `licensing` VARCHAR, -- dataset licensing
+    `dataset_type` VARCHAR, -- cockatoo_core, text (like traditional url blocklists)
+    `remote_update_interval` INT, -- in hours, how often the remote updates
+
+    `num_of_url_entries` INT,
+    `num_of_file_entries` INT,
+    `num_of_invite_entries` INT,
+
+    `enabled` INT DEFAULT 0, -- whether this dataset is enabled (1 = true, 0 = false)
+
+    `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/edge/database/schema/primary.sql b/edge/database/schema/primary.sql
@@ -9,17 +9,6 @@ CREATE TABLE IF NOT EXISTS `configs` (
     `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 );
 
-CREATE TABLE IF NOT EXISTS `datasets` (
-    `security_repository` VARCHAR PRIMARY KEY, -- github repository for security dataset, ex: DominicTWHV/CTI-DB-DUMP
-
-    `in_use` INT DEFAULT 0, -- whether this dataset is actively being used (1 = true, 0 = false)
-    `locked` INT DEFAULT 0, -- whether this dataset is locked from deletion (manually)
-
-    `remote_update_interval` INT DEFAULT 0, -- how often in minutes is this dataset updates by the remote peer (set automatically, do not manually edit)
-    
-    `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
 CREATE TABLE IF NOT EXISTS `actions` (
     `server_id` VARCHAR PRIMARY KEY, -- server identifier
 
diff --git a/edge/database/schema/security_generic.sql b/edge/database/schema/security_generic.sql
@@ -1,16 +1,3 @@
-CREATE TABLE IF NOT EXISTS `dataset_metadata` (
-    `repository` VARCHAR, -- github repository, ex: DominicTWHV/CTI-DB-DUMP | If using a txt dataset, the url will be stored if the dataset isn't on github.
-    `licensing` VARCHAR, -- dataset licensing
-    `dataset_type` VARCHAR, -- cockatoo_core, text (like traditional url blocklists)
-    `remote_update_interval` INT, -- in hours, how often the remote updates
-
-    `num_of_url_entries` INT,
-    `num_of_file_entries` INT,
-    `num_of_invite_entries` INT,
-
-    `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
 CREATE TABLE IF NOT EXISTS `url_cache` (
   `id` INTEGER PRIMARY KEY AUTOINCREMENT,
 
@@ -19,18 +6,24 @@ CREATE TABLE IF NOT EXISTS `url_cache` (
   `url_hash` VARCHAR(64) NOT NULL,
 
   `times_seen` INT DEFAULT 1, -- how many times this url has been seen by core
+
+  `mother_set_name` VARCHAR, -- the dataset this url originated from
   
   `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP -- auto timestamp for last seen time
 );
 
 CREATE TABLE IF NOT EXISTS `file_hash_cache` (
   `sha256` VARCHAR PRIMARY KEY,
 
+  `mother_set_name` VARCHAR, -- the dataset this url originated from
+
   `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP -- auto timestamp for last seen time
 );
 
 CREATE TABLE IF NOT EXISTS `invite_cache` (
   `invite` VARCHAR PRIMARY KEY, -- will be a sha256 hash
 
+  `mother_set_name` VARCHAR, -- the dataset this url originated from
+
   `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP -- auto timestamp for last seen time
 );
diff --git a/edge/database/sqlite/metadata.db b/edge/database/sqlite/metadata.db
diff --git a/edge/database/sqlite/security_core.db b/edge/database/sqlite/security_core.db
diff --git a/edge/database/sqlite/security_generic.db b/edge/database/sqlite/security_generic.db
diff --git a/edge/helper/DBFunctions.py b/edge/helper/DBFunctions.py
@@ -4,7 +4,7 @@
 
 from edge.database.driver import SQLiteDriver, DBInitManager
 
-from edge.registry.database import PrimaryDBConf, SecurityDBConf
+from edge.registry.database import PrimaryDBConf, SecurityDBConf, MetadataDBConf
 
 class AutoDBMgr:
     
@@ -13,5 +13,9 @@ async def init_db() -> None: #initializes static db instances. Not used for data
 
         for db_path, db_type in [
             (PrimaryDBConf.sqlite_db_path, "primary"),
+            (SecurityDBConf.sqlite_db_path_core, "security_core"),
+            (SecurityDBConf.sqlite_db_path_generic, "security_generic"),
+            (MetadataDBConf.sqlite_db_path, "metadata"),
+            
         ]:
             await DBInitManager.init_db(db_type=db_type, db_path=db_path)
diff --git a/edge/helper/downloadMgr.py b/edge/helper/downloadMgr.py
@@ -39,7 +39,7 @@ class DownloadManager:
     
     @staticmethod
     async def download_file(url: str, dos_protection: bool = SessionConfigs.dos_protection, max_size: int = SessionConfigs.max_file_size) -> str:
-        session = SessionFactory().grab_session()
+        session = await SessionFactory().grab_session()
         async with session.get(url) as response:
 
             if SessionConfigs.raise_for_status:
diff --git a/edge/helper/setOrchestrator.py b/edge/helper/setOrchestrator.py
@@ -0,0 +1,74 @@
+import magic # file type identification\
+import tldextract #domain extraction
+
+from edge.helper.downloadMgr import URLParser, DownloadManager
+from edge.helper.aiohttpSessionFactory import SessionFactory
+
+from edge.logger.context import networking_logger
+
+from edge.registry.networking import DatasetDownloadConfigs, FileSourceIdentConfigs
+
+class Ident:
+
+    @staticmethod
+    async def remote_file_type(url: str) -> str:
+        session = await SessionFactory().grab_session()
+        async with session.get(url) as response:
+            mime_header = response.headers.get('Content-Type', '').lower()
+
+            chunk = await response.content.read(DatasetDownloadConfigs.read_chunk_size)  #read a certain amount of bytes for identification
+
+            detected_type = magic.from_buffer(chunk, mime=True) #json, text/plain, etc.
+
+            networking_logger.debug(f"File Type Identification: Detected type: {detected_type}, Mime Header: {mime_header}")
+
+            return detected_type, mime_header
+        
+    @staticmethod
+    async def file_source(url: str) -> str:
+        extracted = tldextract.extract(url)
+        
+        domain = extracted.registered_domain.lower()
+
+        if domain in FileSourceIdentConfigs.github_domains:
+            networking_logger.debug(f"URL {url} identified as GitHub domain: {domain}")
+            return "github"
+        
+        networking_logger.debug(f"URL {url} source is non-GitHub domain: {domain}")
+        return "unknown"
+    
+class Verify:
+
+    @staticmethod
+    async def file_type_allowed(detected_type: str) -> bool:
+        if not DatasetDownloadConfigs.validate_file_type:
+            networking_logger.debug(f"File Type Verification: Validation disabled. Bypassing checks. File type: {detected_type}")
+            return True
+
+        if detected_type in DatasetDownloadConfigs.allowed_mime_types:
+            networking_logger.info(f"File Type Verification: Detected type {detected_type} is allowed.")
+            return True
+        
+        else:
+            networking_logger.warning(f"File Type Verification: Detected type {detected_type} is NOT allowed.")
+            return False
+    
+class DSDownload:
+
+    @staticmethod
+    async def pipeline(url: str) -> str:
+        detected_type, mime_header = await Ident.remote_file_type(url)
+        source = await Ident.file_source(url)
+
+        if not await Verify.file_type_allowed(detected_type):
+            networking_logger.error(f"Dataset Download Pipeline: File type {detected_type} not allowed. Aborting download for safety. URL: {url}")
+            return
+        
+        if source == "github": #parse out the raw github content url (raw.githubusercontent.com links will NOT be identified as github)
+            raw_url = await URLParser.parse_github_url(url)
+            url = raw_url.append("metadata.json") #append the standard dataset filename for Cockatoo Core dataset format
+
+            content = await DownloadManager.download_file(url) #download the mnetadata file into a variable
+
+        else:
+            content = await DownloadManager.download_file(url) # -> this is the set as not using cockatoo core dataset format
diff --git a/edge/registry/database.py b/edge/registry/database.py
@@ -6,4 +6,9 @@ class SecurityDBConf:
     sqlite_schema_path_core = "edge/database/schema/security_core.sql" #the schema layout for dataset generated by Cockatoo Core
     sqlite_schema_path_generic = "edge/database/schema/security_generic.sql" #the schema layout for a generic txt dataset split by newlines
 
-    # db path will be dynamically adjusted based on the dataset repository on GitHub.
+    sqlite_db_path_core = "edge/database/sqlite/security_core.db" #database for datasets generated by Cockatoo Core
+    sqlite_db_path_generic = "edge/database/sqlite/security_generic.db" #database for generic txt datasets
+
+class MetadataDBConf:
+    sqlite_db_path = "edge/database/sqlite/metadata.db"
+    sqlite_schema_path = "edge/database/schema/metadata_tracker.sql"
diff --git a/edge/registry/networking.py b/edge/registry/networking.py
@@ -17,4 +17,27 @@ class SessionConfigs:
 
 class UserAgents:
     #declare identity to websites when connecting
-    primary = "aiohttp (compatible; CockatooEdge/1.0; +https://github.com/DominicTWHV/Cockatoo_Edge; dataset-download)"
+    primary = "aiohttp (compatible; CockatooEdge/1.0; +https://github.com/DominicTWHV/Cockatoo_Edge; dataset-download)"
+
+class DatasetDownloadConfigs:
+    
+    # this is a protection mechanism to avoid downloading files that are not in the allowed mime types
+    # recommended to keep enabled unless you have a specific reason to not enable it.
+    # when enabled, Cockatoo will perform an automated check of the file type based on the mime type header to ensure it matches expected types.
+    # not foolproof, always use caution when downloading files from untrusted sources.
+    validate_file_type = True
+
+    allowed_mime_types = [
+        "application/json", #Cockatoo Core dataset format are in JSON
+        "text/plain", #generic filtering lists are usually txt based
+    ]
+
+    read_chunk_size = 1024 #1 KB chunk size for reading files
+
+class FileSourceIdentConfigs:
+
+    #some github domains that may be used for file hosting, excluded gist and githubusercontent
+    github_domains = [
+        "github.com",
+        "www.github.com"
+    ]
diff --git a/main.py b/main.py
@@ -82,6 +82,8 @@ async def setup_hook(self) -> None:
 
         self.status_task.start()
 
+        self.logger.info("Initialization complete.")
+
     # events ----------------------------------------------------------
 
     async def on_ready(self):
diff --git a/requirements.txt b/requirements.txt
@@ -13,7 +13,7 @@ idna>=3.10
 multidict>=6.6.4
 propcache>=0.3.2
 python-dotenv>=1.1.1
-python-magic-bin>=0.4.14
+python-magic>=0.4.14
 requests>=2.32.5
 requests-file>=3.0.1
 tldextract>=5.3.1
