C Parameter

The compound query functionality of an IMAT appliance allows users to run a series of queries and complex operations to generate results and reports. Compound queries can do anything from returning a list of search results (similar to a simple query) to generating statistical charts and graphs. Compound queries provide simple objects for processing query information with the Python programming language. They are run through the REST API in the same way as "simple" Lucene-like queries.

Example Query

To execute the code should be URL encoded, and used as the c parameter in the search API

https://<appliance_ip>/search?c=<Code Here>&start=0&limit=10&report=approxtotal

Basic Python Syntax

Compound Query allows the user to specify small programs to process data, and compute statistics and reports. This is accomplished using simple python objects, along with normal python programming constructs. More information on the Python programming language can be found at the Python Language's Website. The code provided in the c parameter, is placed into a template of code provided by the system. This surrounding code sets up the execution environment and provides a set of functionality used to capture and return the results. All code provided through the API is checked for a subset of language constructs that are not allowed for security reasons, these constructs are listed below.

Illegal syntax

Exec not allowed: exec keyword and execfile function
Eval not allowed: eval function
File operations: open and file functions
Operating system modules: sys and os module calls
Direct calls to the search server API
Direct references to the globals or locals dictionaries
Double underscores: __ is not allowed to prevent access to operator overloads and python internals.
Imports: the import and from import statements are not allowed.
getattr and setattr functions are not allowed to prevent object tampering.
Overwriting variables used for internal security checks is not allowed.
These checks are enforced before the code is executed. When an error occurs a 500 error and XML message containing "Illegal syntax: reason" will be returned.

Adding allowed constructs

The plugin architecture of the system allows administrators to add functions and modules so that a user may create reports on the disk, and use extended Python functionality, such as regular expressions, date and time processing functions, and other important libraries. The administrator should take care to test and validate that these functions and modules do not allow users to bypass normal security constraints and obtain data that they are not otherwise authorized to access.