perf: 优化批量命令告警问题

pull/11010/head
Bai 2023-07-19 11:00:58 +08:00 committed by Bryan
parent 02fc9a730b
commit fa52e2bf5e
6 changed files with 57 additions and 139 deletions

View File

@ -396,29 +396,29 @@ class JobExecution(JMSOrgBaseModel):
CommandExecutionAlert({
"assets": self.current_job.assets.all(),
"input": self.material,
"risk_level": 5,
"risk_level": RiskLevelChoices.reject,
"user": self.creator,
}).publish_async()
raise Exception("command is rejected by ACL")
elif acl.is_action(CommandFilterACL.ActionChoices.warning):
user = self.creator
command = {
'input': self.material,
'user': user.name,
'_user_id': user.id,
'user': self.creator.name,
'asset': asset.name,
'cmd_filter_acl': str(acl.id),
'cmd_group': str(cg.id),
'risk_level': RiskLevelChoices.warning,
'org_id': self.org_id,
'_user_id': self.creator.id,
'_asset_id': asset.id,
'_account': self.current_job.runas,
'_cmd_filter_acl': acl,
'_cmd_group': cg,
'session': '',
'_risk_level': RiskLevelChoices.warning.label,
'org_id': self.org.id,
'_org_name': self.org.name or self.org.id,
'_org_name': self.org_name,
}
CommandWarningMessage(user, command).publish_async()
for reviewer in acl.reviewers.all():
CommandWarningMessage(reviewer, command).publish_async()
return True
return False
def check_command_acl(self):

View File

@ -216,31 +216,29 @@ class InsecureCommandAlertAPI(generics.CreateAPIView):
cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name')
cmd_group_mapper = {str(i.id): i for i in cmd_groups}
lang = request.stream.COOKIES.get('django_language', 'zh')
with translation.override(lang):
for command in commands:
cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
command['_cmd_filter_acl'] = cmd_acl
cmd_group = cmd_group_mapper.get(command['cmd_group'])
command['_cmd_group'] = cmd_group
session = session_mapper.get(command['session'])
risk_level = command.get('risk_level')
if session:
command.update({
'_user_id': session.user_id,
'_asset_id': session.asset_id,
'_account': session.account,
'_account_id': session.account_id,
'_org_name': session.org.name,
'_risk_level': RiskLevelChoices.get_risk_level_str(risk_level),
})
for command in commands:
cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
command['_cmd_filter_acl'] = cmd_acl
cmd_group = cmd_group_mapper.get(command['cmd_group'])
command['_cmd_group'] = cmd_group
session = session_mapper.get(command['session'])
risk_level = command.get('risk_level')
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
CommandAlertMessage(command).publish_async()
elif risk_level in [RiskLevelChoices.warning]:
for reviewer in cmd_acl.reviewers.all():
CommandWarningMessage(reviewer, command).publish_async()
else:
logger.info(f'Risk level ignore: {risk_level}')
if session:
command.update({
'_user_id': session.user_id,
'_asset_id': session.asset_id,
'_account': session.account,
'_account_id': session.account_id,
'_org_name': session.org.name,
})
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
CommandAlertMessage(command).publish_async()
elif risk_level in [RiskLevelChoices.warning]:
for reviewer in cmd_acl.reviewers.all():
CommandWarningMessage(reviewer, command).publish_async()
else:
logger.info(f'Risk level ignore: {RiskLevelChoices.get_label(risk_level)}({risk_level})')
return Response({'msg': 'ok'})

View File

@ -42,11 +42,6 @@ class AbstractSessionCommand(OrgModelMixin):
else:
return ''
@classmethod
def get_risk_level_str(cls, risk_level):
risk_mapper = dict(RiskLevelChoices.choices)
return risk_mapper.get(risk_level)
def to_dict(self):
d = {}
for field in self._meta.fields:

View File

@ -14,9 +14,9 @@ class RiskLevelChoices(IntegerChoices):
review_cancel = 8, _('Review & Cancel')
@classmethod
def get_risk_level_str(cls, risk_level):
risk_mapper = dict(cls.choices)
return risk_mapper.get(risk_level)
def get_label(cls, level):
label = dict(cls.choices).get(level)
return label
class ReplayStorageType(TextChoices):

View File

@ -12,6 +12,7 @@ from notifications.models import SystemMsgSubscription
from notifications.notifications import SystemMessage, UserMessage
from terminal.models import Session, Command
from users.models import User
from terminal.const import RiskLevelChoices
logger = get_logger(__name__)
@ -86,8 +87,8 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
account_id = command.get('_account_id', '')
cmd_acl = command.get('_cmd_filter_acl')
cmd_group = command.get('_cmd_group')
session_id = command['session']
risk_level = command['_risk_level']
session_id = command.get('session', '')
risk_level = command['risk_level']
org_id = command['org_id']
org_name = command.get('_org_name') or org_id
@ -137,7 +138,7 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
'cmd_group': cmd_group_name,
'cmd_group_url': cmd_group_url,
'session_url': session_url,
'risk_level': risk_level,
'risk_level': RiskLevelChoices.get_label(risk_level),
'org': org_name,
}
@ -174,7 +175,7 @@ class CommandAlertMessage(CommandAlertMixin, SystemMessage):
session_detail_url = session_detail_url.replace(
'/terminal/sessions/', '/audit/sessions/sessions/'
)
level = Command.get_risk_level_str(command['risk_level'])
level = RiskLevelChoices.get_label(command['risk_level'])
items = {
_("Asset"): command['asset'],
_("User"): command['user'],
@ -223,7 +224,8 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage):
) + '?oid={}'.format(asset.org_id)
assets_with_url.append([asset, url])
level = Command.get_risk_level_str(command['risk_level'])
level = RiskLevelChoices.get_label(command['risk_level'])
items = {
_("User"): command['user'],
_("Level"): level,

View File

@ -1,100 +1,23 @@
{% load i18n %}
<div>
<!-- <table style="
display: inline-block;
margin: .6em 0;
max-width: 100%;
min-width: 60%;
white-space: nowrap;">
<thead>
<tr style="
text-align: left;
text-transform: uppercase;
background: rgb(249, 238, 181);
border: 1px solid #d9d7ce;">
<th style="
padding: 0 .6em;">
{% trans 'Item' %}
</th>
<th style="
padding: 0 .6em;">
{% trans 'Url' %}
</th>
</tr>
</thead>
<tbody style="
background: #fbfbf9;
border: 1px solid #d9d7ce;">
<tr>
<td style="padding: 0 .6em;">{% trans 'User' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ user_url }}" target="_blank">{{ user }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Asset' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ asset_url }}" target="_blank">{{ asset }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Account' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<span>{{ command }}</span>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command acl' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ cmd_filter_acl_url }}" target="_blank">{{ cmd_filter_acl }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command acl group' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ cmd_group_url }}" target="_blank">{{ cmd_group }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Session' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Organization' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<span>{{ org }}</span>
</td>
</tr>
</tbody>
</table> -->
<b>{% trans 'User' %}:</b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Asset' %}:</b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
<b>{% trans 'Account' %}:</b>
{% if account_url %}
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
{% else %}
<span>{{ account }}</span>
{% endif %}
<b>{% trans 'Asset' %}: </b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
<b>{% trans 'User' %}: </b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Account' %}: </b>
{% if account_url %}
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
{% else %}
<span>{{ account }}</span>
{% endif %}
<br />
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
<b>{% trans 'Risk level' %}: </b><span>{{ risk_level }}</span><br />
<b>{% trans 'Command acl' %}:</b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Command acl group' %}:</b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Command acl' %}: </b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Command acl group' %}: </b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br />
{% if session_url %}
<b>{% trans 'Session' %}:</b>
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br />
<b>{% trans 'Session' %}: </b>
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br />
{% endif %}
<b>{% trans 'Organization' %}:</b> <span>{{ org }}</span><br />
<b>{% trans 'Organization' %}: </b> <span>{{ org }}</span><br />
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
</div>