github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化批量命令告警问题

pull/11010/head
Bai 2023-07-19 11:00:58 +08:00 committed by Bryan
parent 02fc9a730b
commit fa52e2bf5e
6 changed files with 57 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/ops/models/job.py
View File

@ -396,29 +396,29 @@ class JobExecution(JMSOrgBaseModel):
CommandExecutionAlert({ CommandExecutionAlert({
"assets": self.current_job.assets.all(), "assets": self.current_job.assets.all(),
"input": self.material, "input": self.material,
"risk_level": 5, "risk_level": RiskLevelChoices.reject,
"user": self.creator, "user": self.creator,
}).publish_async() }).publish_async()
raise Exception("command is rejected by ACL") raise Exception("command is rejected by ACL")
elif acl.is_action(CommandFilterACL.ActionChoices.warning): elif acl.is_action(CommandFilterACL.ActionChoices.warning):
user = self.creator
command = { command = {
'input': self.material, 'input': self.material,
'user': user.name, 'user': self.creator.name,
'_user_id': user.id,
'asset': asset.name, 'asset': asset.name,
'cmd_filter_acl': str(acl.id),
'cmd_group': str(cg.id),
'risk_level': RiskLevelChoices.warning,
'org_id': self.org_id,
'_user_id': self.creator.id,
'_asset_id': asset.id, '_asset_id': asset.id,
'_account': self.current_job.runas, '_account': self.current_job.runas,
'_cmd_filter_acl': acl, '_cmd_filter_acl': acl,
'_cmd_group': cg, '_cmd_group': cg,
'session': '', '_org_name': self.org_name,
'_risk_level': RiskLevelChoices.warning.label,
'org_id': self.org.id,
'_org_name': self.org.name or self.org.id,
} }
CommandWarningMessage(user, command).publish_async() for reviewer in acl.reviewers.all():
CommandWarningMessage(reviewer, command).publish_async()
return True return True
return False return False
def check_command_acl(self): def check_command_acl(self):

48
apps/terminal/api/session/command.py
View File

@ -216,31 +216,29 @@ class InsecureCommandAlertAPI(generics.CreateAPIView):
cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name') cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name')
cmd_group_mapper = {str(i.id): i for i in cmd_groups} cmd_group_mapper = {str(i.id): i for i in cmd_groups}
lang = request.stream.COOKIES.get('django_language', 'zh') for command in commands:
with translation.override(lang): cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
for command in commands: command['_cmd_filter_acl'] = cmd_acl
cmd_acl = acl_mapper.get(command['cmd_filter_acl']) cmd_group = cmd_group_mapper.get(command['cmd_group'])
command['_cmd_filter_acl'] = cmd_acl command['_cmd_group'] = cmd_group
cmd_group = cmd_group_mapper.get(command['cmd_group']) session = session_mapper.get(command['session'])
command['_cmd_group'] = cmd_group risk_level = command.get('risk_level')
session = session_mapper.get(command['session'])
risk_level = command.get('risk_level')
if session:
command.update({
'_user_id': session.user_id,
'_asset_id': session.asset_id,
'_account': session.account,
'_account_id': session.account_id,
'_org_name': session.org.name,
'_risk_level': RiskLevelChoices.get_risk_level_str(risk_level),
})
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]: if session:
CommandAlertMessage(command).publish_async() command.update({
elif risk_level in [RiskLevelChoices.warning]: '_user_id': session.user_id,
for reviewer in cmd_acl.reviewers.all(): '_asset_id': session.asset_id,
CommandWarningMessage(reviewer, command).publish_async() '_account': session.account,
else: '_account_id': session.account_id,
logger.info(f'Risk level ignore: {risk_level}') '_org_name': session.org.name,
})
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
CommandAlertMessage(command).publish_async()
elif risk_level in [RiskLevelChoices.warning]:
for reviewer in cmd_acl.reviewers.all():
CommandWarningMessage(reviewer, command).publish_async()
else:
logger.info(f'Risk level ignore: {RiskLevelChoices.get_label(risk_level)}({risk_level})')
return Response({'msg': 'ok'}) return Response({'msg': 'ok'})

5
apps/terminal/backends/command/models.py
View File

@ -42,11 +42,6 @@ class AbstractSessionCommand(OrgModelMixin):
else: else:
return '' return ''
@classmethod
def get_risk_level_str(cls, risk_level):
risk_mapper = dict(RiskLevelChoices.choices)
return risk_mapper.get(risk_level)
def to_dict(self): def to_dict(self):
d = {} d = {}
for field in self._meta.fields: for field in self._meta.fields:

6
apps/terminal/const.py
View File

@ -14,9 +14,9 @@ class RiskLevelChoices(IntegerChoices):
review_cancel = 8, _('Review & Cancel') review_cancel = 8, _('Review & Cancel')
@classmethod @classmethod
def get_risk_level_str(cls, risk_level): def get_label(cls, level):
risk_mapper = dict(cls.choices) label = dict(cls.choices).get(level)
return risk_mapper.get(risk_level) return label
class ReplayStorageType(TextChoices): class ReplayStorageType(TextChoices):

12
apps/terminal/notifications.py
View File

@ -12,6 +12,7 @@ from notifications.models import SystemMsgSubscription
from notifications.notifications import SystemMessage, UserMessage from notifications.notifications import SystemMessage, UserMessage
from terminal.models import Session, Command from terminal.models import Session, Command
from users.models import User from users.models import User
from terminal.const import RiskLevelChoices
logger = get_logger(__name__) logger = get_logger(__name__)
@ -86,8 +87,8 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
account_id = command.get('_account_id', '') account_id = command.get('_account_id', '')
cmd_acl = command.get('_cmd_filter_acl') cmd_acl = command.get('_cmd_filter_acl')
cmd_group = command.get('_cmd_group') cmd_group = command.get('_cmd_group')
session_id = command['session'] session_id = command.get('session', '')
risk_level = command['_risk_level'] risk_level = command['risk_level']
org_id = command['org_id'] org_id = command['org_id']
org_name = command.get('_org_name') or org_id org_name = command.get('_org_name') or org_id
@ -137,7 +138,7 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
'cmd_group': cmd_group_name, 'cmd_group': cmd_group_name,
'cmd_group_url': cmd_group_url, 'cmd_group_url': cmd_group_url,
'session_url': session_url, 'session_url': session_url,
'risk_level': risk_level, 'risk_level': RiskLevelChoices.get_label(risk_level),
'org': org_name, 'org': org_name,
} }
@ -174,7 +175,7 @@ class CommandAlertMessage(CommandAlertMixin, SystemMessage):
session_detail_url = session_detail_url.replace( session_detail_url = session_detail_url.replace(
'/terminal/sessions/', '/audit/sessions/sessions/' '/terminal/sessions/', '/audit/sessions/sessions/'
) )
level = Command.get_risk_level_str(command['risk_level']) level = RiskLevelChoices.get_label(command['risk_level'])
items = { items = {
_("Asset"): command['asset'], _("Asset"): command['asset'],
_("User"): command['user'], _("User"): command['user'],
@ -223,7 +224,8 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage):
) + '?oid={}'.format(asset.org_id) ) + '?oid={}'.format(asset.org_id)
assets_with_url.append([asset, url]) assets_with_url.append([asset, url])
level = Command.get_risk_level_str(command['risk_level']) level = RiskLevelChoices.get_label(command['risk_level'])
items = { items = {
_("User"): command['user'], _("User"): command['user'],
_("Level"): level, _("Level"): level,

105
apps/terminal/templates/terminal/_msg_command_warning.html
View File

@ -1,100 +1,23 @@
{% load i18n %} {% load i18n %}
<div> <div>
<!-- <table style=" <b>{% trans 'Asset' %}: </b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
display: inline-block; <b>{% trans 'User' %}: </b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
margin: .6em 0; <b>{% trans 'Account' %}: </b>
max-width: 100%; {% if account_url %}
min-width: 60%; <a href="{{ account_url }}" target="_blank">{{ account }}</a>
white-space: nowrap;"> {% else %}
<thead> <span>{{ account }}</span>
<tr style=" {% endif %}
text-align: left;
text-transform: uppercase;
background: rgb(249, 238, 181);
border: 1px solid #d9d7ce;">
<th style="
padding: 0 .6em;">
{% trans 'Item' %}
</th>
<th style="
padding: 0 .6em;">
{% trans 'Url' %}
</th>
</tr>
</thead>
<tbody style="
background: #fbfbf9;
border: 1px solid #d9d7ce;">
<tr>
<td style="padding: 0 .6em;">{% trans 'User' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ user_url }}" target="_blank">{{ user }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Asset' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ asset_url }}" target="_blank">{{ asset }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Account' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<span>{{ command }}</span>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command acl' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ cmd_filter_acl_url }}" target="_blank">{{ cmd_filter_acl }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Command acl group' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ cmd_group_url }}" target="_blank">{{ cmd_group }}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Session' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a>
</td>
</tr>
<tr>
<td style="padding: 0 .6em;">{% trans 'Organization' %}</td>
<td style="white-space: normal; padding: 0 .6em;">
<span>{{ org }}</span>
</td>
</tr>
</tbody>
</table> -->
<b>{% trans 'User' %}:</b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Asset' %}:</b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
<b>{% trans 'Account' %}:</b>
{% if account_url %}
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
{% else %}
<span>{{ account }}</span>
{% endif %}
<br /> <br />
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
<b>{% trans 'Risk level' %}: </b><span>{{ risk_level }}</span><br /> <b>{% trans 'Risk level' %}: </b><span>{{ risk_level }}</span><br />
<b>{% trans 'Command acl' %}:</b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br /> <b>{% trans 'Command acl' %}: </b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br />
<b>{% trans 'Command acl group' %}:</b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br /> <b>{% trans 'Command acl group' %}: </b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br />
{% if session_url %} {% if session_url %}
<b>{% trans 'Session' %}:</b> <b>{% trans 'Session' %}: </b>
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br /> <a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br />
{% endif %} {% endif %}
<b>{% trans 'Organization' %}:</b> <span>{{ org }}</span><br /> <b>{% trans 'Organization' %}: </b> <span>{{ org }}</span><br />
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
</div> </div>