jumpserver/apps/accounts/risk_handlers.py

from django.utils.translation import gettext_lazy as _

from accounts.const import AutomationTypes
from common.const import ConfirmOrIgnore
from accounts.models import (
    GatheredAccount,
    AccountRisk,
    SecretType,
    AutomationExecution,
)
from django.utils import timezone

from common.const import ConfirmOrIgnore

TYPE_CHOICES = [
    ("ignore", _("Ignore")),
    ("disable_remote", _("Disable remote")),
    ("delete_remote", _("Delete remote")),
    ("delete_both", _("Delete remote")),
    ("add_account", _("Add account")),
    ("change_password_add", _("Change password and Add")),
    ("change_password", _("Change password")),
]


class RiskHandler:
    def __init__(self, asset, username, request=None, risk=""):
        self.asset = asset
        self.username = username
        self.request = request
        self.risk = risk

    def handle(self, tp, risk=""):
        self.risk = risk
        attr = f"handle_{tp}"
        if hasattr(self, attr):
            ret = getattr(self, attr)()
            self.update_risk_if_need(tp)
            return ret
        else:
            raise ValueError(f"Invalid risk type: {tp}")

    def update_risk_if_need(self, tp):
        r = self.get_risk()
        if not r:
            return
        status = (
            ConfirmOrIgnore.ignored if tp == "ignore" else ConfirmOrIgnore.confirmed
        )
        r.details.append({**self.process_detail, "action": tp, "status": status})
        r.status = status
        r.save()

    def get_risk(self):
        r = AccountRisk.objects.filter(asset=self.asset, username=self.username)
        if self.risk:
            r = r.filter(risk=self.risk)
        return r.first()

    def handle_ignore(self):
        GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(status=ConfirmOrIgnore.ignored)
        self.risk = 'ignored'

    def handle_review(self):
        pass

    @property
    def process_detail(self):
        return {
            "datetime": timezone.now().isoformat(),
            "type": "process",
            "processor": str(self.request.user),
        }

    def handle_add_account(self):
        data = {
            "username": self.username,
            "name": self.username,
            "secret_type": SecretType.PASSWORD,
            "source": "collected",
        }
        self.asset.accounts.get_or_create(defaults=data, username=self.username)
        GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(
            present=True, status=ConfirmOrIgnore.confirmed
        )
        self.risk = "new_found"

    def handle_disable_remote(self):
        pass

    def handle_delete_remote(self):
        self._handle_delete(delete="remote")

    def _handle_delete(self, delete="both"):
        asset = self.asset
        execution = AutomationExecution()
        execution.snapshot = {
            "assets": [str(asset.id)],
            "accounts": [{"asset": str(asset.id), "username": self.username}],
            "type": "remove_account",
            "name": "Remove remote account: {}@{}".format(self.username, asset.name),
            "delete": delete,
            "risk": self.risk
        }
        execution.save()
        execution.start()
        return execution.summary

    def handle_delete_both(self):
        self._handle_delete(delete="both")

    def handle_change_password_add(self):
        pass

    def handle_change_password(self):
        asset = self.asset
        execution = AutomationExecution()
        execution.snapshot = {
            "assets": [str(asset.id)],
            "accounts": [self.username],
            "type": AutomationTypes.change_secret,
            "secret_type": "password",
            "secret_strategy": "random",
            "name": "Change account password: {}@{}".format(self.username, asset.name),
        }
        execution.save()
        execution.start()
        return execution.summary
perf: update pam 2024-11-27 11:33:58 +00:00			`from django.utils.translation import gettext_lazy as _`

perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`from accounts.const import AutomationTypes`
perf: update change status 2024-12-03 09:49:04 +00:00			`from common.const import ConfirmOrIgnore`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`from accounts.models import (`
			`GatheredAccount,`
			`AccountRisk,`
			`SecretType,`
			`AutomationExecution,`
			`)`
perf: update change status 2024-12-03 09:49:04 +00:00			`from django.utils import timezone`

			`from common.const import ConfirmOrIgnore`
perf: update pam 2024-11-27 11:33:58 +00:00
			`TYPE_CHOICES = [`
			`("ignore", _("Ignore")),`
			`("disable_remote", _("Disable remote")),`
			`("delete_remote", _("Delete remote")),`
			`("delete_both", _("Delete remote")),`
			`("add_account", _("Add account")),`
			`("change_password_add", _("Change password and Add")),`
			`("change_password", _("Change password")),`
			`]`


			`class RiskHandler:`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`def __init__(self, asset, username, request=None, risk=""):`
perf: update pam 2024-11-27 11:33:58 +00:00			`self.asset = asset`
			`self.username = username`
perf: update change status 2024-12-03 09:49:04 +00:00			`self.request = request`
			`self.risk = risk`
perf: update pam 2024-11-27 11:33:58 +00:00
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`def handle(self, tp, risk=""):`
perf: update change status 2024-12-03 09:49:04 +00:00			`self.risk = risk`
perf: update pam 2024-11-27 11:33:58 +00:00			`attr = f"handle_{tp}"`
			`if hasattr(self, attr):`
perf: update change status 2024-12-03 09:49:04 +00:00			`ret = getattr(self, attr)()`
			`self.update_risk_if_need(tp)`
			`return ret`
perf: update pam 2024-11-27 11:33:58 +00:00			`else:`
			`raise ValueError(f"Invalid risk type: {tp}")`

perf: update change status 2024-12-03 09:49:04 +00:00			`def update_risk_if_need(self, tp):`
			`r = self.get_risk()`
			`if not r:`
			`return`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`status = (`
			`ConfirmOrIgnore.ignored if tp == "ignore" else ConfirmOrIgnore.confirmed`
			`)`
			`r.details.append({**self.process_detail, "action": tp, "status": status})`
perf: update change status 2024-12-03 09:49:04 +00:00			`r.status = status`
			`r.save()`

			`def get_risk(self):`
			`r = AccountRisk.objects.filter(asset=self.asset, username=self.username)`
			`if self.risk:`
			`r = r.filter(risk=self.risk)`
			`return r.first()`

			`def handle_ignore(self):`
perf: Enhance SQL query and update risk handling in accounts 2024-12-09 08:04:07 +00:00			`GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(status=ConfirmOrIgnore.ignored)`
			`self.risk = 'ignored'`
perf: update change status 2024-12-03 09:49:04 +00:00
			`def handle_review(self):`
perf: update pam 2024-11-27 11:33:58 +00:00			`pass`

perf: update change status 2024-12-03 09:49:04 +00:00			`@property`
			`def process_detail(self):`
			`return {`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`"datetime": timezone.now().isoformat(),`
			`"type": "process",`
			`"processor": str(self.request.user),`
perf: update change status 2024-12-03 09:49:04 +00:00			`}`

			`def handle_add_account(self):`
perf: update pam 2024-11-27 11:33:58 +00:00			`data = {`
			`"username": self.username,`
			`"name": self.username,`
			`"secret_type": SecretType.PASSWORD,`
			`"source": "collected",`
			`}`
			`self.asset.accounts.get_or_create(defaults=data, username=self.username)`
			`GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(`
perf: update change status 2024-12-03 09:49:04 +00:00			`present=True, status=ConfirmOrIgnore.confirmed`
perf: update pam 2024-11-27 11:33:58 +00:00			`)`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`self.risk = "new_found"`
perf: update pam 2024-11-27 11:33:58 +00:00
perf: update change status 2024-12-03 09:49:04 +00:00			`def handle_disable_remote(self):`
perf: update pam 2024-11-27 11:33:58 +00:00			`pass`

perf: update change status 2024-12-03 09:49:04 +00:00			`def handle_delete_remote(self):`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`self._handle_delete(delete="remote")`

			`def _handle_delete(self, delete="both"):`
perf: update pam 2024-11-27 11:33:58 +00:00			`asset = self.asset`
			`execution = AutomationExecution()`
			`execution.snapshot = {`
			`"assets": [str(asset.id)],`
			`"accounts": [{"asset": str(asset.id), "username": self.username}],`
			`"type": "remove_account",`
			`"name": "Remove remote account: {}@{}".format(self.username, asset.name),`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`"delete": delete,`
			`"risk": self.risk`
perf: update pam 2024-11-27 11:33:58 +00:00			`}`
			`execution.save()`
			`execution.start()`
perf: update change status 2024-12-03 09:49:04 +00:00			`return execution.summary`
perf: update pam 2024-11-27 11:33:58 +00:00
perf: update change status 2024-12-03 09:49:04 +00:00			`def handle_delete_both(self):`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`self._handle_delete(delete="both")`
perf: update pam 2024-11-27 11:33:58 +00:00
perf: update change status 2024-12-03 09:49:04 +00:00			`def handle_change_password_add(self):`
perf: update pam 2024-11-27 11:33:58 +00:00			`pass`

perf: update change status 2024-12-03 09:49:04 +00:00			`def handle_change_password(self):`
perf: 修改 account remote 2024-12-09 09:11:03 +00:00			`asset = self.asset`
			`execution = AutomationExecution()`
			`execution.snapshot = {`
			`"assets": [str(asset.id)],`
			`"accounts": [self.username],`
			`"type": AutomationTypes.change_secret,`
			`"secret_type": "password",`
			`"secret_strategy": "random",`
			`"name": "Change account password: {}@{}".format(self.username, asset.name),`
			`}`
			`execution.save()`
			`execution.start()`
			`return execution.summary`