2017-11-29 11:27:04 +00:00
|
|
|
# ~*~ coding: utf-8 ~*~
|
2020-06-16 05:39:49 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2017-11-29 11:27:04 +00:00
|
|
|
from rest_framework import serializers
|
|
|
|
|
|
2022-07-01 08:47:07 +00:00
|
|
|
from common.utils import pretty_string
|
2023-02-02 14:58:18 +00:00
|
|
|
from common.serializers.fields import LabeledChoiceField
|
|
|
|
|
from terminal.backends.command.models import AbstractSessionCommand
|
2023-02-17 13:09:20 +00:00
|
|
|
from terminal.models import Command
|
2020-06-16 05:39:49 +00:00
|
|
|
|
2022-03-30 11:07:49 +00:00
|
|
|
__all__ = ['SessionCommandSerializer', 'InsecureCommandAlertSerializer']
|
2017-11-29 11:27:04 +00:00
|
|
|
|
|
|
|
|
|
2023-02-17 13:09:20 +00:00
|
|
|
class SimpleSessionCommandSerializer(serializers.ModelSerializer):
|
2023-02-02 14:58:18 +00:00
|
|
|
|
2022-03-30 11:07:49 +00:00
|
|
|
""" 简单Session命令序列类, 用来提取公共字段 """
|
2021-01-20 02:02:33 +00:00
|
|
|
user = serializers.CharField(label=_("User")) # 限制 64 字符,见 validate_user
|
2020-06-16 05:39:49 +00:00
|
|
|
asset = serializers.CharField(max_length=128, label=_("Asset"))
|
2022-03-30 11:07:49 +00:00
|
|
|
input = serializers.CharField(max_length=2048, label=_("Command"))
|
2020-12-17 10:23:53 +00:00
|
|
|
session = serializers.CharField(max_length=36, label=_("Session ID"))
|
2023-02-02 14:58:18 +00:00
|
|
|
risk_level = LabeledChoiceField(
|
2023-02-17 13:09:20 +00:00
|
|
|
choices=AbstractSessionCommand.RiskLevelChoices.choices,
|
|
|
|
|
required=False, label=_("Risk level"),
|
2022-03-30 11:07:49 +00:00
|
|
|
)
|
2023-01-16 11:02:09 +00:00
|
|
|
org_id = serializers.CharField(
|
|
|
|
|
max_length=36, required=False, default='', allow_null=True, allow_blank=True
|
|
|
|
|
)
|
2020-10-27 03:35:31 +00:00
|
|
|
|
2023-02-17 13:09:20 +00:00
|
|
|
class Meta:
|
|
|
|
|
# 继承 ModelSerializer 解决 swagger risk_level type 为 object 的问题
|
|
|
|
|
model = Command
|
|
|
|
|
fields = ['user', 'asset', 'input', 'session', 'risk_level', 'org_id']
|
|
|
|
|
|
2021-01-20 02:02:33 +00:00
|
|
|
def validate_user(self, value):
|
|
|
|
|
if len(value) > 64:
|
|
|
|
|
value = value[:32] + value[-32:]
|
|
|
|
|
return value
|
|
|
|
|
|
2020-10-27 03:35:31 +00:00
|
|
|
|
2022-03-30 11:07:49 +00:00
|
|
|
class InsecureCommandAlertSerializer(SimpleSessionCommandSerializer):
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
2023-01-16 11:02:09 +00:00
|
|
|
class SessionCommandSerializerMixin(serializers.Serializer):
|
2022-03-30 11:07:49 +00:00
|
|
|
"""使用这个类作为基础Command Log Serializer类, 用来序列化"""
|
|
|
|
|
id = serializers.UUIDField(read_only=True)
|
2022-12-05 05:27:51 +00:00
|
|
|
# 限制 64 字符,不能直接迁移成 128 字符,命令表数据量会比较大
|
|
|
|
|
account = serializers.CharField(label=_("Account "))
|
2022-03-30 11:07:49 +00:00
|
|
|
output = serializers.CharField(max_length=2048, allow_blank=True, label=_("Output"))
|
|
|
|
|
timestamp = serializers.IntegerField(label=_('Timestamp'))
|
2022-04-14 06:27:43 +00:00
|
|
|
timestamp_display = serializers.DateTimeField(read_only=True, label=_('Datetime'))
|
2022-03-30 11:07:49 +00:00
|
|
|
remote_addr = serializers.CharField(read_only=True, label=_('Remote Address'))
|
|
|
|
|
|
2022-12-05 05:27:51 +00:00
|
|
|
def validate_account(self, value):
|
2022-06-30 12:26:02 +00:00
|
|
|
if len(value) > 64:
|
2022-07-01 13:36:41 +00:00
|
|
|
value = pretty_string(value, 64)
|
2022-06-30 12:26:02 +00:00
|
|
|
return value
|
2023-01-16 11:02:09 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class SessionCommandSerializer(SessionCommandSerializerMixin, SimpleSessionCommandSerializer):
|
|
|
|
|
""" 字段排序序列类 """
|
2023-02-17 13:09:20 +00:00
|
|
|
|
|
|
|
|
class Meta(SimpleSessionCommandSerializer.Meta):
|
|
|
|
|
fields = SimpleSessionCommandSerializer.Meta.fields + [
|
|
|
|
|
'id', 'account', 'output', 'timestamp', 'timestamp_display', 'remote_addr'
|
|
|
|
|
]
|
2023-01-16 11:02:09 +00:00
|
|
|
|
