Adds reporting around requests made by AI bots#23870
Conversation
sgiehl
force-pushed
the
aiassistants
branch
7 times, most recently
from
5e512c1 to
e590f05
Compare
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| COUNT(DISTINCT(CASE WHEN log_action.type = ? THEN log_action.name END)) AS uniq_downloads | ||
| FROM `$table` AS bot | ||
| LEFT JOIN `$actionTable` AS log_action ON log_action.idaction = bot.idaction_url | ||
| WHERE bot.bot_type = ? AND $where |
There was a problem hiding this comment.
Potential SQL injection via string-based query concatenation - critical severity
SQL injection might be possible in these locations, especially if the strings being concatenated are controlled via user input.
Remediation: If possible, rebuild the query to use prepared statements or an ORM. If that is not possible, make sure the user input is verified or sanitized. As an added layer of protection, we also recommend installing a WAF that blocks SQL injection attacks.
View details in Aikido Security
| $where = $logAggregator->getWhereStatement('log_visit', 'visit_last_action_time'); | ||
|
|
||
| $visitsSql = sprintf( | ||
| "SELECT COUNT(*) FROM `%s` log_visit WHERE referer_type = ? AND $where", |
There was a problem hiding this comment.
Potential SQL injection via string-based query concatenation - critical severity
SQL injection might be possible in these locations, especially if the strings being concatenated are controlled via user input.
Remediation: If possible, rebuild the query to use prepared statements or an ORM. If that is not possible, make sure the user input is verified or sanitized. As an added layer of protection, we also recommend installing a WAF that blocks SQL injection attacks.
View details in Aikido Security
| GROUP BY `referer_name`", | ||
| Common::prefixTable('log_visit'), | ||
| Common::REFERRER_TYPE_AI_ASSISTANT, | ||
| $where |
There was a problem hiding this comment.
Potential SQL injection via string-based query concatenation - high severity
SQL injection might be possible in these locations, especially if the strings being concatenated are controlled via user input.
Remediation: If possible, rebuild the query to use prepared statements or an ORM. If that is not possible, make sure the user input is verified or sanitized. As an added layer of protection, we also recommend installing a WAF that blocks SQL injection attacks.
View details in Aikido Security
* Adds archiving for new report(s) * Add API methods for new report * Add report classes * Move AI Agent reports to bottom * Add system tests for new report * Adds UI tests for new report * updates expected UI test files * fix other tests * do not double count acquired visits * remove explicit plugin loading from ui tests * updates expected UI test file
* Use a ranking query for bot requests * try using with rollup again * update with rollup implementation after fixes * Fix sorting in database query
* Adds leaf row count functionality * Adds archiving for new overview metrics * Adds new overview reports and API * add / adjust tests * updates expected test files * fix report category * updates expected test files * use ranking query for action type reports * directly query all metrics for day archives * include 410 in not found requests * do not process and show unique pages and documents metrics for periods other than day * updates expected test files * Adjust tests * remove pages & document report archiving
2 participants
Description
This PR aims to gather all reporting related PRs for AI bots
Checklist
Review