From 175417fcdae49562c7149f045c9c7aec19dff2a3 Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Tue, 27 Dec 2022 23:04:38 +0100
Subject: [PATCH 1/8] Disallow degenerate queries

---
 src/app.py                                    | 15 ++++++++++++++-
 src/mqueryfront/src/query/QueryParseStatus.js | 18 +++++++++++-------
 src/mqueryfront/src/status/BackendStatus.js   |  2 +-
 src/schema.py                                 |  1 +
 4 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/app.py b/src/app.py
index 13aa4183..1cb73ef4 100644
--- a/src/app.py
+++ b/src/app.py
@@ -326,7 +326,7 @@ def query(
         )
 
     if not rules:
-        raise HTTPException(status_code=400, detail=f"No rule was specified.")
+        raise HTTPException(status_code=400, detail="No rule was specified.")
 
     if data.method == RequestQueryMethod.parse:
         return [
@@ -335,11 +335,24 @@ def query(
                 rule_author=rule.author,
                 is_global=rule.is_global,
                 is_private=rule.is_private,
+                is_degenerate=rule.parse().is_degenerate,
                 parsed=rule.parse().query,
             )
             for rule in rules
         ]
 
+    degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
+    if degenerate_rules:
+        degenerate_rule_names = ", ".join(degenerate_rules)
+        doc_url = "https://cert-polska.github.io/mquery/docs/yara.html"
+        raise HTTPException(status_code=400, detail=(
+            "Invalid query. "
+            "Some of the rules would require a Yara scan of every indexed "
+            "file, and this is not allowed by this instance. "
+            f"Problematic rules: {degenerate_rule_names}. "
+            f"Read {doc_url} for more details."
+        ))
+
     active_agents = db.get_active_agents()
 
     for agent, agent_spec in active_agents.items():
diff --git a/src/mqueryfront/src/query/QueryParseStatus.js b/src/mqueryfront/src/query/QueryParseStatus.js
index 7566f5f6..bfb2533c 100644
--- a/src/mqueryfront/src/query/QueryParseStatus.js
+++ b/src/mqueryfront/src/query/QueryParseStatus.js
@@ -6,14 +6,18 @@ const QueryParseStatus = (props) => {
     if (!queryPlan) return null;
 
     const parseResult = queryPlan.map((rule) => {
-        const { is_private, is_global, rule_name, parsed } = rule;
+        const { is_private, is_global, is_degenerate, rule_name, parsed } = rule;
 
-        const badge =
-            is_private || is_global ? (
-                <span className="badge badge-info">
-                    {is_private ? "private" : "global"}
-                </span>
+        const private_badge =is_private ?(
+                <span className="badge bg-info">private</span>
             ) : null;
+        const global_badge =is_global?(
+                <span className="badge bg-info">private</span>
+            ) : null;
+        const degenerate_badge =is_degenerate?(
+                <span className="badge bg-danger">degenerate</span>
+            ) : null;
+        const badges = <>{private_badge} {global_badge} {degenerate_badge}</>;
 
         return (
             <div key={rule_name} className="mt-3">
@@ -22,7 +26,7 @@ const QueryParseStatus = (props) => {
                         <span className="me-2 font-weight-bold">
                             {rule_name}
                         </span>
-                        {badge}
+                        {badges}
                     </label>
                     <div className="jumbotron text-monospace text-break p-2">
                         {parsed}
diff --git a/src/mqueryfront/src/status/BackendStatus.js b/src/mqueryfront/src/status/BackendStatus.js
index c64ec3af..76696465 100644
--- a/src/mqueryfront/src/status/BackendStatus.js
+++ b/src/mqueryfront/src/status/BackendStatus.js
@@ -32,7 +32,7 @@ class AgentStatus extends Component {
         let badge = null;
         if (!this.props.alive) {
             badge = (
-                <span className="badge badge-secondary badge-sm">offline</span>
+                <span className="badge bg-secondary badge-sm">offline</span>
             );
         }
 
diff --git a/src/schema.py b/src/schema.py
index b3de7c57..0f4a33a2 100644
--- a/src/schema.py
+++ b/src/schema.py
@@ -76,6 +76,7 @@ class ParseResponseSchema(BaseModel):
     rule_author: str
     is_global: bool
     is_private: bool
+    is_degenerate: bool
     parsed: str
 
 

From 527aacd1043fc17df562e1445d693fd69d927651 Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Thu, 29 Dec 2022 01:19:33 +0100
Subject: [PATCH 2/8] Disallow degenerate queries

---
 src/app.py                                    | 20 +++++++-----
 src/db.py                                     |  2 ++
 src/mqueryfront/src/config/ConfigEntries.js   |  1 +
 src/mqueryfront/src/query/QueryParseStatus.js | 32 ++++++++++++-------
 4 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/src/app.py b/src/app.py
index 1cb73ef4..d8e3f98a 100644
--- a/src/app.py
+++ b/src/app.py
@@ -342,16 +342,20 @@ def query(
         ]
 
     degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
-    if degenerate_rules:
+    disallow_degenerate = db.get_mquery_config_key("query_disallow_degenerate")
+    if degenerate_rules and (disallow_degenerate == "true"):
         degenerate_rule_names = ", ".join(degenerate_rules)
         doc_url = "https://cert-polska.github.io/mquery/docs/yara.html"
-        raise HTTPException(status_code=400, detail=(
-            "Invalid query. "
-            "Some of the rules would require a Yara scan of every indexed "
-            "file, and this is not allowed by this instance. "
-            f"Problematic rules: {degenerate_rule_names}. "
-            f"Read {doc_url} for more details."
-        ))
+        raise HTTPException(
+            status_code=400,
+            detail=(
+                "Invalid query. "
+                "Some of the rules would require a Yara scan of every indexed "
+                "file, and this is not allowed by this instance. "
+                f"Problematic rules: {degenerate_rule_names}. "
+                f"Read {doc_url} for more details."
+            ),
+        )
 
     active_agents = db.get_active_agents()
 
diff --git a/src/db.py b/src/db.py
index e8760a84..39456d82 100644
--- a/src/db.py
+++ b/src/db.py
@@ -331,6 +331,8 @@ def get_core_config(self) -> Dict[str, str]:
             "openid_url": "OpenID Connect base url",
             "openid_client_id": "OpenID client ID",
             "openid_secret": "Secret used for JWT token verification",
+            # Query and performance config
+            "query_disallow_degenerate": "Reject any queries that will end up scanning the whole malware collection",
         }
 
     def get_config(self) -> List[ConfigSchema]:
diff --git a/src/mqueryfront/src/config/ConfigEntries.js b/src/mqueryfront/src/config/ConfigEntries.js
index beb6d551..0bda2607 100644
--- a/src/mqueryfront/src/config/ConfigEntries.js
+++ b/src/mqueryfront/src/config/ConfigEntries.js
@@ -10,6 +10,7 @@ const KNOWN_RULES = {
     openid_url: R_URL,
     auth_enabled: R_BOOL,
     auth_default_roles: R_ROLES,
+    query_disallow_degenerate: R_BOOL,
 };
 
 class ConfigRow extends Component {
diff --git a/src/mqueryfront/src/query/QueryParseStatus.js b/src/mqueryfront/src/query/QueryParseStatus.js
index bfb2533c..cc9b7340 100644
--- a/src/mqueryfront/src/query/QueryParseStatus.js
+++ b/src/mqueryfront/src/query/QueryParseStatus.js
@@ -6,18 +6,28 @@ const QueryParseStatus = (props) => {
     if (!queryPlan) return null;
 
     const parseResult = queryPlan.map((rule) => {
-        const { is_private, is_global, is_degenerate, rule_name, parsed } = rule;
+        const {
+            is_private,
+            is_global,
+            is_degenerate,
+            rule_name,
+            parsed,
+        } = rule;
 
-        const private_badge =is_private ?(
-                <span className="badge bg-info">private</span>
-            ) : null;
-        const global_badge =is_global?(
-                <span className="badge bg-info">private</span>
-            ) : null;
-        const degenerate_badge =is_degenerate?(
-                <span className="badge bg-danger">degenerate</span>
-            ) : null;
-        const badges = <>{private_badge} {global_badge} {degenerate_badge}</>;
+        const private_badge = is_private ? (
+            <span className="badge bg-info">private</span>
+        ) : null;
+        const global_badge = is_global ? (
+            <span className="badge bg-info">private</span>
+        ) : null;
+        const degenerate_badge = is_degenerate ? (
+            <span className="badge bg-danger">degenerate</span>
+        ) : null;
+        const badges = (
+            <>
+                {private_badge} {global_badge} {degenerate_badge}
+            </>
+        );
 
         return (
             <div key={rule_name} className="mt-3">

From fcb9088b8128b4b7e8e925f610a1bc27bfd8d812 Mon Sep 17 00:00:00 2001
From: msm-code <msm@tailcall.net>
Date: Thu, 29 Dec 2022 19:17:06 +0100
Subject: [PATCH 3/8] Update src/app.py
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Michał Praszmo <michalpr@cert.pl>
---
 src/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app.py b/src/app.py
index d8e3f98a..6ab1e1c4 100644
--- a/src/app.py
+++ b/src/app.py
@@ -343,7 +343,7 @@ def query(
 
     degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
     disallow_degenerate = db.get_mquery_config_key("query_disallow_degenerate")
-    if degenerate_rules and (disallow_degenerate == "true"):
+    if degenerate_rules and disallow_degenerate == "true":
         degenerate_rule_names = ", ".join(degenerate_rules)
         doc_url = "https://cert-polska.github.io/mquery/docs/yara.html"
         raise HTTPException(

From b23a95d943b0f1e2db5389277a7214a7f7f51e3b Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Wed, 4 Jan 2023 19:33:29 +0100
Subject: [PATCH 4/8] WIP allow force-running a slow query (and merge)

---
 src/app.py                                    | 22 +++++++++++++------
 src/mqueryfront/src/query/QueryField.js       |  1 +
 .../src/query/QueryLayoutManager.js           | 22 +++++++++++--------
 src/mqueryfront/src/query/QueryNavigation.js  |  6 ++++-
 src/mqueryfront/src/query/QueryPage.js        | 11 ++++++++++
 src/mqueryfront/src/query/QuerySubmitNav.js   | 16 ++++++++------
 src/schema.py                                 |  1 +
 7 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/src/app.py b/src/app.py
index 6ab1e1c4..1b7a1853 100644
--- a/src/app.py
+++ b/src/app.py
@@ -18,7 +18,7 @@
 from starlette.staticfiles import StaticFiles  # type: ignore
 from zmq import Again
 
-from lib.yaraparse import parse_yara
+from lib.yaraparse import YaraRuleData, parse_yara
 
 from util import mquery_version
 from db import Database, JobId
@@ -342,17 +342,25 @@ def query(
         ]
 
     degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
-    disallow_degenerate = db.get_mquery_config_key("query_disallow_degenerate")
-    if degenerate_rules and disallow_degenerate == "true":
+    if degenerate_rules and not data.force_slow_queries:
+        allow_degenerate = (
+            db.get_mquery_config_key("query_disallow_degenerate") != "true"
+        )
+        if allow_degenerate:
+            # Warning: "You can force a slow query" literal is used to
+            # pattern match on the error message in the frontend.
+            help_message = "You can force a slow query if you want."
+        else:
+            help_message = "This is not allowed by this server."
         degenerate_rule_names = ", ".join(degenerate_rules)
         doc_url = "https://cert-polska.github.io/mquery/docs/yara.html"
         raise HTTPException(
             status_code=400,
             detail=(
-                "Invalid query. "
-                "Some of the rules would require a Yara scan of every indexed "
-                "file, and this is not allowed by this instance. "
-                f"Problematic rules: {degenerate_rule_names}. "
+                "Invalid query. Some of the rules require a full Yara scan of"
+                "every indexed file. "
+                f"{help_message} "
+                f"Slow rules: {degenerate_rule_names}. "
                 f"Read {doc_url} for more details."
             ),
         )
diff --git a/src/mqueryfront/src/query/QueryField.js b/src/mqueryfront/src/query/QueryField.js
index 7ece5438..d45e24de 100644
--- a/src/mqueryfront/src/query/QueryField.js
+++ b/src/mqueryfront/src/query/QueryField.js
@@ -12,6 +12,7 @@ const QueryField = (props) => (
             onTaintSelect={props.onTaintSelect}
             availableTaints={props.availableTaints}
             selectedTaints={props.selectedTaints}
+            forceSlowQueries={props.forceSlowQueries}
         />
         <div className="mt-2 monaco-container">
             <QueryMonaco
diff --git a/src/mqueryfront/src/query/QueryLayoutManager.js b/src/mqueryfront/src/query/QueryLayoutManager.js
index 155f9b92..6ef29dda 100644
--- a/src/mqueryfront/src/query/QueryLayoutManager.js
+++ b/src/mqueryfront/src/query/QueryLayoutManager.js
@@ -27,14 +27,9 @@ const QueryLayoutManager = (props) => {
         onYaraUpdate,
         parsedError,
         selectedTaints,
+        forceSlowQueries,
     } = props;
 
-    const queryParse = queryError ? (
-        <ErrorPage error={queryError} />
-    ) : queryPlan ? (
-        <QueryParseStatus queryPlan={queryPlan} />
-    ) : null;
-
     const queryResults = job ? (
         <div>
             <button
@@ -57,10 +52,18 @@ const QueryLayoutManager = (props) => {
         <LoadingPage />
     );
 
-    const queryResultOrParse = qhash ? queryResults : queryParse;
+    const resultsTab = queryError ? (
+        <ErrorPage error={queryError} />
+    ) : queryPlan ? (
+        <QueryParseStatus queryPlan={queryPlan} />
+    ) : qhash ? (
+        queryResults
+    ) : null;
+
+    // const queryResultOrParse = qhash ? queryResults : queryParse;
 
     const queryFieldPane = isCollapsed ? null : (
-        <div className={queryResultOrParse ? "col-md-6" : "col-md-12"}>
+        <div className={resultsTab ? "col-md-6" : "col-md-12"}>
             <QueryField
                 readOnly={!!qhash}
                 onSubmitQuery={onSubmitQuery}
@@ -72,6 +75,7 @@ const QueryLayoutManager = (props) => {
                 onYaraUpdate={onYaraUpdate}
                 parsedError={parsedError}
                 selectedTaints={selectedTaints}
+                forceSlowQueries={forceSlowQueries}
             />
         </div>
     );
@@ -87,7 +91,7 @@ const QueryLayoutManager = (props) => {
                             : "col-md-6 order-first order-md-last"
                     }
                 >
-                    {queryResultOrParse}
+                    {resultsTab}
                 </div>
             </div>
         </div>
diff --git a/src/mqueryfront/src/query/QueryNavigation.js b/src/mqueryfront/src/query/QueryNavigation.js
index a8fe60e3..d4f87aa2 100644
--- a/src/mqueryfront/src/query/QueryNavigation.js
+++ b/src/mqueryfront/src/query/QueryNavigation.js
@@ -12,11 +12,15 @@ const QueryNavigation = (props) => {
         isEditActive,
         availableTaints,
         selectedTaints,
+        forceSlowQueries,
     } = props;
 
     return (
         <div className="btn-group" role="group">
-            <QuerySubmitNav onClick={onSubmitQuery} />
+            <QuerySubmitNav
+                onClick={onSubmitQuery}
+                forceMode={forceSlowQueries}
+            />
             <QueryEditParseNav
                 isEditActive={isEditActive}
                 onEditQuery={onEditQuery}
diff --git a/src/mqueryfront/src/query/QueryPage.js b/src/mqueryfront/src/query/QueryPage.js
index 7c24d5b7..a6af5045 100644
--- a/src/mqueryfront/src/query/QueryPage.js
+++ b/src/mqueryfront/src/query/QueryPage.js
@@ -15,6 +15,7 @@ const INITIAL_STATE = {
     selectedTaints: [],
     job: null,
     activePage: 1,
+    forceSlowQueries: false,
 };
 
 const PAGE_SIZE = 20;
@@ -94,6 +95,9 @@ class QueryPageInner extends Component {
     };
 
     handleYaraUpdate(value) {
+        this.setState({
+            forceSlowQueries: false,
+        });
         this.setState({ rawYara: value });
     }
 
@@ -167,6 +171,7 @@ class QueryPageInner extends Component {
                 method: method,
                 priority: priority,
                 taints: taints,
+                force_slow_queries: this.state.forceSlowQueries,
             });
             if (method === "query") {
                 this.props.navigate(`/query/${response.data.query_hash}`);
@@ -183,6 +188,11 @@ class QueryPageInner extends Component {
                     : error.toString(),
                 queryPlan: null,
             });
+            if (this.state.queryError.match(/You can force a slow query/)) {
+                this.setState({
+                    forceSlowQueries: true,
+                });
+            }
         }
     }
 
@@ -249,6 +259,7 @@ class QueryPageInner extends Component {
                     onYaraUpdate={this.handleYaraUpdate}
                     parsedError={this.parsedError}
                     selectedTaints={this.state.selectedTaints}
+                    forceSlowQueries={this.state.forceSlowQueries}
                 />
             </ErrorBoundary>
         );
diff --git a/src/mqueryfront/src/query/QuerySubmitNav.js b/src/mqueryfront/src/query/QuerySubmitNav.js
index c1fadb19..63b7659c 100644
--- a/src/mqueryfront/src/query/QuerySubmitNav.js
+++ b/src/mqueryfront/src/query/QuerySubmitNav.js
@@ -1,23 +1,25 @@
 import React from "react";
 
 const QuerySubmitNav = (props) => {
-    const { onClick } = props;
+    const { onClick, forceMode } = props;
+
+    const label = forceMode ? "Force query (may be very slow!)" : "Query";
+    const style = forceMode ? "btn-danger" : "btn-success";
 
     return (
         <React.Fragment>
             <button
                 type="button"
-                className="btn btn-success btn-sm"
+                className={"btn btn-sm " + style}
                 onClick={() => onClick("medium")}
             >
-                Query
+                {label}
             </button>
-            <div className="btn-group" role="group">
+            <div className="btn-group">
                 <button
                     type="button"
-                    className="btn btn-success dropdown-toggle"
-                    data-toggle="dropdown"
-                    aria-haspopup="true"
+                    className={"btn dropdown-toggle " + style}
+                    data-bs-toggle="dropdown"
                     aria-expanded="false"
                 />
                 <div className="dropdown-menu">
diff --git a/src/schema.py b/src/schema.py
index 0f4a33a2..e1588e2d 100644
--- a/src/schema.py
+++ b/src/schema.py
@@ -65,6 +65,7 @@ class QueryRequestSchema(BaseModel):
     files_limit: Optional[int]
     reference: Optional[str]  # arbitrary data specified by the user
     required_plugins: List[str] = Field([])
+    force_slow_queries: bool = False
 
 
 class QueryResponseSchema(BaseModel):

From 8a9f3370f5f5c7fef5c97f3c3c47179b7259f39c Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Wed, 4 Jan 2023 23:37:02 +0100
Subject: [PATCH 5/8] Calm down flake8

---
 src/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app.py b/src/app.py
index 1b7a1853..52fadecd 100644
--- a/src/app.py
+++ b/src/app.py
@@ -18,7 +18,7 @@
 from starlette.staticfiles import StaticFiles  # type: ignore
 from zmq import Again
 
-from lib.yaraparse import YaraRuleData, parse_yara
+from lib.yaraparse import parse_yara
 
 from util import mquery_version
 from db import Database, JobId

From 8318280e25c5cb2ed730589ddd8800ddcaa0ebe4 Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Thu, 5 Jan 2023 15:05:45 +0100
Subject: [PATCH 6/8] Some name changes

---
 docs/yara.md                                | 22 +++++++++++++++++++++
 src/app.py                                  |  8 ++++----
 src/db.py                                   |  2 +-
 src/mqueryfront/src/config/ConfigEntries.js |  2 +-
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/docs/yara.md b/docs/yara.md
index a5f64ccb..929b98d4 100644
--- a/docs/yara.md
+++ b/docs/yara.md
@@ -215,3 +215,25 @@ the rule could cripple mquery performance.
 Remember that parser is your friend. If your query runs too slow, click "parse" instead
 of "query" and investigate if the query looks reasonable.
 
+## Slow Yara rules.
+
+Some yara rules cannot be optimised by mquery and will end up scanning the whole
+malware collection. One example of such rule is:
+
+```
+rule UnluckyExample
+{
+    strings:
+        $code = {48 8b 0? 0f b6 c? 48 8b 4? 34 50}
+
+    condition:
+        all of them and pe.imphash() == "b8bb385806b89680e13fc0cf24f4431e"
+}
+```
+
+This is not necessarily a bad rule, but there's not a single full 3gram that can
+be used to narrow the set of suspected files. Due to how mquery works, this will
+yara scan every malware file in the dataset, and will be very slow. Becaue of this,
+such queries are by defauly disasllowed. They can be enabled by setting
+`query_allow_slow` config key to true. In this case mquery will allow such
+queries, but it'll ask for confirmation first.
diff --git a/src/app.py b/src/app.py
index 52fadecd..f0c61722 100644
--- a/src/app.py
+++ b/src/app.py
@@ -343,10 +343,10 @@ def query(
 
     degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
     if degenerate_rules and not data.force_slow_queries:
-        allow_degenerate = (
-            db.get_mquery_config_key("query_disallow_degenerate") != "true"
+        allow_slow_queries = (
+            db.get_mquery_config_key("query_allow_slow") == "true"
         )
-        if allow_degenerate:
+        if allow_slow_queries:
             # Warning: "You can force a slow query" literal is used to
             # pattern match on the error message in the frontend.
             help_message = "You can force a slow query if you want."
@@ -357,7 +357,7 @@ def query(
         raise HTTPException(
             status_code=400,
             detail=(
-                "Invalid query. Some of the rules require a full Yara scan of"
+                "Invalid query. Some of the rules require a full Yara scan of "
                 "every indexed file. "
                 f"{help_message} "
                 f"Slow rules: {degenerate_rule_names}. "
diff --git a/src/db.py b/src/db.py
index 39456d82..432043cc 100644
--- a/src/db.py
+++ b/src/db.py
@@ -332,7 +332,7 @@ def get_core_config(self) -> Dict[str, str]:
             "openid_client_id": "OpenID client ID",
             "openid_secret": "Secret used for JWT token verification",
             # Query and performance config
-            "query_disallow_degenerate": "Reject any queries that will end up scanning the whole malware collection",
+            "query_allow_slow": "Allow users to run queries that will end up scanning the whole malware collection",
         }
 
     def get_config(self) -> List[ConfigSchema]:
diff --git a/src/mqueryfront/src/config/ConfigEntries.js b/src/mqueryfront/src/config/ConfigEntries.js
index 0bda2607..f7ab5028 100644
--- a/src/mqueryfront/src/config/ConfigEntries.js
+++ b/src/mqueryfront/src/config/ConfigEntries.js
@@ -10,7 +10,7 @@ const KNOWN_RULES = {
     openid_url: R_URL,
     auth_enabled: R_BOOL,
     auth_default_roles: R_ROLES,
-    query_disallow_degenerate: R_BOOL,
+    query_allow_slow: R_BOOL,
 };
 
 class ConfigRow extends Component {

From 0dc4f1b76e7f07d8c6e6c83c6ed6427abffe8eff Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Thu, 5 Jan 2023 15:12:16 +0100
Subject: [PATCH 7/8] Check slow config on the backend too

---
 src/app.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/app.py b/src/app.py
index f0c61722..76bcd5b8 100644
--- a/src/app.py
+++ b/src/app.py
@@ -342,11 +342,9 @@ def query(
         ]
 
     degenerate_rules = [r.name for r in rules if r.parse().is_degenerate]
-    if degenerate_rules and not data.force_slow_queries:
-        allow_slow_queries = (
-            db.get_mquery_config_key("query_allow_slow") == "true"
-        )
-        if allow_slow_queries:
+    allow_slow = db.get_mquery_config_key("query_allow_slow") == "true"
+    if degenerate_rules and not (allow_slow and data.force_slow_queries):
+        if allow_slow:
             # Warning: "You can force a slow query" literal is used to
             # pattern match on the error message in the frontend.
             help_message = "You can force a slow query if you want."
@@ -357,7 +355,7 @@ def query(
         raise HTTPException(
             status_code=400,
             detail=(
-                "Invalid query. Some of the rules require a full Yara scan of "
+                "Invalid query. Some of the rules require a full Yara scan of"
                 "every indexed file. "
                 f"{help_message} "
                 f"Slow rules: {degenerate_rule_names}. "

From 581a04397e5ec3abe5eb648c1a2ebda4bd50e57b Mon Sep 17 00:00:00 2001
From: msm <msm@tailcall.net>
Date: Thu, 5 Jan 2023 15:14:39 +0100
Subject: [PATCH 8/8] remove unnecessary comment

---
 src/mqueryfront/src/query/QueryLayoutManager.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/mqueryfront/src/query/QueryLayoutManager.js b/src/mqueryfront/src/query/QueryLayoutManager.js
index 6ef29dda..56dfc03f 100644
--- a/src/mqueryfront/src/query/QueryLayoutManager.js
+++ b/src/mqueryfront/src/query/QueryLayoutManager.js
@@ -60,8 +60,6 @@ const QueryLayoutManager = (props) => {
         queryResults
     ) : null;
 
-    // const queryResultOrParse = qhash ? queryResults : queryParse;
-
     const queryFieldPane = isCollapsed ? null : (
         <div className={resultsTab ? "col-md-6" : "col-md-12"}>
             <QueryField