Changed QueryMode to handle whether queries should check detection po…

…int thresholds (attacks) or not (events)

storage-providers/appsensor-storage-influxdb/src/main/java/org/owasp/appsensor/storage/influxdb/InfluxDbAttackStore.java

@@ -98,7 +98,7 @@ public Collection<Attack> findAttacks(SearchCriteria criteria) {
     Collection<String> detectionSystemIds = criteria.getDetectionSystemIds();
     DateTime earliest = DateUtils.fromString(criteria.getEarliest());
 
-    String influxQL = Utils.constructInfluxQL(Utils.ATTACKS, user, detectionPoint, rule, detectionSystemIds, earliest, Utils.QueryMode.CONSIDER_DETECTION_POINT_OR_RULE);
+    String influxQL = Utils.constructInfluxQL(Utils.ATTACKS, user, detectionPoint, rule, detectionSystemIds, earliest, Utils.QueryMode.CONSIDER_THRESHOLDS);
     Query query = new Query(influxQL, Utils.DATABASE);
 
     QueryResult results = influxDB.query(query);

storage-providers/appsensor-storage-influxdb/src/main/java/org/owasp/appsensor/storage/influxdb/InfluxDbEventStore.java

@@ -74,9 +74,6 @@ public void addEvent(Event event) {
         .tag(Utils.DETECTION_SYSTEM, event.getDetectionSystem().getDetectionSystemId())
         .tag(Utils.CATEGORY, event.getDetectionPoint().getCategory())
         .tag(Utils.LABEL, event.getDetectionPoint().getLabel())
-        .tag(Utils.THRESHOLD_COUNT, String.valueOf(event.getDetectionPoint().getThreshold().getCount()))
-		.tag(Utils.THRESHOLD_INTERVAL_DURATION, String.valueOf( event.getDetectionPoint().getThreshold().getInterval().getDuration() ) )
-		.tag(Utils.THRESHOLD_INTERVAL_UNIT, event.getDetectionPoint().getThreshold().getInterval().getUnit())
         .field(Utils.JSON_CONTENT, gson.toJson(event))
         .build();
 
@@ -106,7 +103,7 @@ public Collection<Event> findEvents(SearchCriteria criteria) {
       detectionPoint, null,
       detectionSystemIds,
       earliest,
-      Utils.QueryMode.CONSIDER_DETECTION_POINT_OR_RULE);
+      Utils.QueryMode.IGNORE_THRESHOLDS);
 
     if (rule != null) {
       influxQL += " AND (";
@@ -116,7 +113,7 @@ public Collection<Event> findEvents(SearchCriteria criteria) {
         influxQL += (i == 0) ? "" : " OR ";
 
         influxQL += "(";
-        influxQL += Utils.constructDetectionPointSqlString(point);
+        influxQL += Utils.constructDetectionPointSqlString(point, Utils.QueryMode.IGNORE_THRESHOLDS);
         influxQL += ")";
 
         i++;

storage-providers/appsensor-storage-influxdb/src/main/java/org/owasp/appsensor/storage/influxdb/InfluxDbResponseStore.java

@@ -101,7 +101,7 @@ public Collection<Response> findResponses(SearchCriteria criteria) {
     Collection<String> detectionSystemIds = criteria.getDetectionSystemIds();
     DateTime earliest = DateUtils.fromString(criteria.getEarliest());
 
-    String influxQL = Utils.constructInfluxQL(Utils.RESPONSES, user, detectionPoint, rule, detectionSystemIds, earliest, Utils.QueryMode.IGNORE_DETECTION_POINT_OR_RULE);
+    String influxQL = Utils.constructInfluxQL(Utils.RESPONSES, user, detectionPoint, rule, detectionSystemIds, earliest, Utils.QueryMode.CONSIDER_THRESHOLDS);
 
     Query query = new Query(influxQL, Utils.DATABASE);
 

storage-providers/appsensor-storage-influxdb/src/main/java/org/owasp/appsensor/storage/influxdb/Utils.java

@@ -56,7 +56,7 @@ public class Utils {
   public static final String INFLUXDB_PASSWORD = "APPSENSOR_INFLUXDB_PASSWORD";
 
   // query mode, whether or not to look for detection point related search criteria
-  public enum QueryMode {IGNORE_DETECTION_POINT_OR_RULE, CONSIDER_DETECTION_POINT_OR_RULE}
+  public enum QueryMode {IGNORE_THRESHOLDS, CONSIDER_THRESHOLDS}
 
   public synchronized static void createDatabaseIfNotExists(InfluxDB influxDB) {
     Preconditions.checkNotNull(influxDB, "InfluxDB reference must not be null");
@@ -99,14 +99,12 @@ public static String constructInfluxQL(String measurement,
       clauses.add(Utils.DETECTION_SYSTEM + " = '" + detectionSystemIds.iterator().next() + "'");
     }
 
-    if(QueryMode.CONSIDER_DETECTION_POINT_OR_RULE == queryMode) {
-      if (detectionPoint != null) {
-        clauses.add(constructDetectionPointSqlString(detectionPoint));
-      }
+	if (detectionPoint != null) {
+		clauses.add(constructDetectionPointSqlString(detectionPoint, queryMode));
+	}
 
-      if (rule != null) {
-	     clauses.addAll(constructRuleSqlClauses(rule));
-      }
+    if (rule != null) {
+    	clauses.addAll(constructRuleSqlClauses(rule));
     }
 
     if(earliest != null) {
@@ -127,7 +125,7 @@ public static String constructInfluxQL(String measurement,
     return sql;
   }
 
-  protected static String constructDetectionPointSqlString(DetectionPoint detectionPoint) {
+  protected static String constructDetectionPointSqlString(DetectionPoint detectionPoint, QueryMode mode) {
     List<String> clauses = new ArrayList<>();
     String sql = "";
 
@@ -139,18 +137,20 @@ protected static String constructDetectionPointSqlString(DetectionPoint detectio
       clauses.add(Utils.LABEL + " = '" + detectionPoint.getLabel() + "'");
     }
 
-    if (detectionPoint.getThreshold() != null) {
-      clauses.add(Utils.THRESHOLD_COUNT + " = '" + detectionPoint.getThreshold().getCount() + "'");
+    if (QueryMode.CONSIDER_THRESHOLDS == mode) {
+	    if (detectionPoint.getThreshold() != null) {
+	      clauses.add(Utils.THRESHOLD_COUNT + " = '" + detectionPoint.getThreshold().getCount() + "'");
 
-      if (detectionPoint.getThreshold().getInterval() != null) {
-        clauses.add(
-            Utils.THRESHOLD_INTERVAL_DURATION + " = '" + detectionPoint.getThreshold().getInterval().getDuration() + "'");
+	      if (detectionPoint.getThreshold().getInterval() != null) {
+	        clauses.add(
+	            Utils.THRESHOLD_INTERVAL_DURATION + " = '" + detectionPoint.getThreshold().getInterval().getDuration() + "'");
 
-        if (detectionPoint.getThreshold().getInterval().getUnit() != null) {
-          clauses
-              .add(Utils.THRESHOLD_INTERVAL_UNIT + " = '" + detectionPoint.getThreshold().getInterval().getUnit() + "'");
-        }
-      }
+	        if (detectionPoint.getThreshold().getInterval().getUnit() != null) {
+	          clauses
+	              .add(Utils.THRESHOLD_INTERVAL_UNIT + " = '" + detectionPoint.getThreshold().getInterval().getUnit() + "'");
+	        }
+	      }
+	    }
     }
 
     int i = 0;