github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: risk field check

pull/14651/head
wangruidong 2024-12-11 16:31:04 +08:00 committed by w940853815
parent 21323b6578
commit d380a15490
1 changed files with 33 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
apps/accounts/automations/gather_account/manager.py
View File

@ -16,17 +16,24 @@ from ..base.manager import AccountBasePlaybookManager
logger = get_logger(__name__) logger = get_logger(__name__)
risk_items = [ risk_items = [
# "authorized_keys", "authorized_keys",
# "sudoers", "sudoers",
# "groups", "groups",
] ]
common_risk_items = [
diff_items = risk_items + [
"address_last_login", "address_last_login",
"date_last_login", "date_last_login",
"date_password_change", "date_password_change",
"date_password_expired", "date_password_expired",
"detail"
] ]
diff_items = risk_items + common_risk_items
def format_datetime(value):
if isinstance(value, timezone.datetime):
return value.strftime("%Y-%m-%d %H:%M:%S")
return value
def get_items_diff(ori_account, d): def get_items_diff(ori_account, d):
@ -35,24 +42,26 @@ def get_items_diff(ori_account, d):
diff = {} diff = {}
for item in diff_items: for item in diff_items:
ori = getattr(ori_account, item) get_item_diff(item, ori_account, d, diff)
new = d.get(item, "")
if not ori and not new:
continue
if isinstance(ori, timezone.datetime):
ori = ori.strftime("%Y-%m-%d %H:%M:%S")
if isinstance(new, timezone.datetime):
new = new.strftime("%Y-%m-%d %H:%M:%S")
if new != ori:
diff[item] = get_text_diff(str(ori), str(new))
ori_account._diff = diff ori_account._diff = diff
return diff return diff
def get_item_diff(item, ori_account, d, diff):
detail = getattr(ori_account, 'detail', {})
new_detail = d.get('detail', {})
ori = getattr(ori_account, item, None) or detail.get(item)
new = d.get(item, "") or new_detail.get(item)
if not ori and not new:
return
ori = format_datetime(ori)
new = format_datetime(new)
if new != ori:
diff[item] = get_text_diff(str(ori), str(new))
class AnalyseAccountRisk: class AnalyseAccountRisk:
long_time = timezone.timedelta(days=90) long_time = timezone.timedelta(days=90)
datetime_check_items = [ datetime_check_items = [
@ -81,8 +90,8 @@ class AnalyseAccountRisk:
risks = [] risks = []
for k, v in diff.items(): for k, v in diff.items():
# if k not in risk_items: if k not in risk_items:
# continue continue
risks.append( risks.append(
dict( dict(
asset=ori_account.asset, asset=ori_account.asset,
@ -330,12 +339,14 @@ class GatherAccountsManager(AccountBasePlaybookManager):
return ga return ga
@bulk_update_decorator(GatheredAccount, update_fields=diff_items) @bulk_update_decorator(GatheredAccount, update_fields=common_risk_items)
def update_gathered_account(self, ori_account, d): def update_gathered_account(self, ori_account, d):
diff = get_items_diff(ori_account, d) diff = get_items_diff(ori_account, d)
if not diff: if not diff:
return return
for k in diff: for k in diff:
if k not in common_risk_items:
continue
setattr(ori_account, k, d[k]) setattr(ori_account, k, d[k])
return ori_account return ori_account
@ -353,7 +364,6 @@ class GatherAccountsManager(AccountBasePlaybookManager):
ori_account = self.ori_gathered_accounts_mapper.get( ori_account = self.ori_gathered_accounts_mapper.get(
"{}_{}".format(asset.id, username) "{}_{}".format(asset.id, username)
) )
if not ori_account: if not ori_account:
self.create_gathered_account(d) self.create_gathered_account(d)
else: else: