From df0aa020bf29c6280b4b1e9d610e69d2f8be582f Mon Sep 17 00:00:00 2001
From: anadahz <andz@torproject.org>
Date: Thu, 9 Nov 2017 22:21:12 +0000
Subject: [PATCH] Add WatchGuard HTTP Proxy vendor id

References:
* https://explorer.ooni.torproject.org/measurement/
20170825T124715Z_AS6471_xEE1vddMfSEcjRD8XyJeEHVGUczPXnGwbx1vZ5uvA7pzgILJzj
* https://explorer.ooni.torproject.org/measurement/
20170913T205948Z_AS8167_bCSzXOsg4EtXuVNVfZEh2XlMjikkIaH4SpqM4rQ1tIRl2MnEIr
---
 pipeline/batch/sql_tasks.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/pipeline/batch/sql_tasks.py b/pipeline/batch/sql_tasks.py
index 667b054c..2bbbaca6 100644
--- a/pipeline/batch/sql_tasks.py
+++ b/pipeline/batch/sql_tasks.py
@@ -224,6 +224,23 @@ def identified_vendors(metrics_table):
                 LIKE '%Privoxy%'
             OR {metrics_table}.test_keys -> 'received' ->> 3
                 LIKE '%Privoxy%')
+UNION
+ SELECT {metrics_table}.test_start_time,
+    {metrics_table}.probe_cc,
+    {metrics_table}.probe_asn,
+    {metrics_table}.report_id,
+    'watchguard' AS vendor
+   FROM {metrics_table}
+  WHERE {metrics_table}.test_name = 'http_invalid_request_line'
+        AND {metrics_table}.test_keys -> 'tampering' = 'true'
+        AND ({metrics_table}.test_keys -> 'received' ->> 0
+                LIKE '%WatchGuard%'::text
+            OR {metrics_table}.test_keys -> 'received' ->> 1
+                LIKE '%WatchGuard%'
+            OR {metrics_table}.test_keys -> 'received' ->> 2
+                LIKE '%WatchGuard%'
+            OR {metrics_table}.test_keys -> 'received' ->> 3
+                LIKE '%WatchGuard%')
 
 ;
 """.format(metrics_table=metrics_table)