refactor: 重构危险命令告警类型: Warning (#10970)

* refactor: 重构危险命令告警类型: Warning * Update _msg_command_warning.html * Update _msg_command_warning.html * Update command.py * Update django.po * perf: 优化 command acl warning 的代码逻辑 * perf: 优化 command acl warning 的代码逻辑 * perf: 优化 CommandWarningMessage 逻辑 --------- Co-authored-by: fangfang.dong <fangfang.dong@fit2cloud.com> Co-authored-by: Bai <baijiangjie@gmail.com>
2025-09-04 17:01:09 +00:00 · 2023-07-17 20:52:54 +08:00
parent a2c6e5f3fb
commit 0771b804d1
8 changed files with 390 additions and 228 deletions
--- a/apps/terminal/api/session/command.py
+++ b/apps/terminal/api/session/command.py
@@ -1,17 +1,17 @@
 # -*- coding: utf-8 -*-
 #
-from django.conf import settings
+from django.utils import translation
 from django.utils import timezone
 from rest_framework import generics
 from rest_framework.fields import DateTimeField
 from rest_framework.response import Response

-from acls.models import CommandFilterACL
+from acls.models import CommandFilterACL, CommandGroup
 from terminal.models import CommandStorage, Session, Command
 from terminal.filters import CommandFilter
 from orgs.utils import current_org
 from common.api import JMSBulkModelViewSet
-from common.utils import get_logger, is_uuid
+from common.utils import get_logger
 from terminal.serializers import (
    SessionCommandSerializer,  InsecureCommandAlertSerializer
 )
@@ -201,30 +201,44 @@ class InsecureCommandAlertAPI(generics.CreateAPIView):
        serializer = InsecureCommandAlertSerializer(data=request.data, many=True)
        serializer.is_valid(raise_exception=True)
        commands = serializer.validated_data
-
-        acl_ids = []
-        for cmd in commands:
-            acl_id = cmd.get('cmd_filter_acl')
-            if not is_uuid(acl_id):
-                continue
-            acl_ids.append(acl_id)
-
-        acls = CommandFilterACL.objects.filter(id__in=acl_ids)
-        acls_mapper = {str(acl.id): acl for acl in acls}
-
+        session_ids, acl_ids, cmd_group_ids = set(), set(), set()
        for command in commands:
-            risk_level = command.get('risk_level')
+            session_ids.add(command.get('session'))
+            acl_ids.add(command.get('cmd_filter_acl'))
+            cmd_group_ids.add(command.get('cmd_group'))
+
+        sessions = Session.objects.filter(id__in=session_ids).only(
+            'id', 'org_id', 'asset', 'asset_id', 'user', 'user_id', 'account', 'account_id'
+        )
+        session_mapper = {str(i.id): i for i in sessions}
+        acls = CommandFilterACL.objects.filter(id__in=acl_ids).only('id', 'name', 'reviewers')
+        acl_mapper = {str(i.id): i for i in acls}
+        cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name')
+        cmd_group_mapper = {str(i.id): i for i in cmd_groups}
+
+        lang = request.stream.COOKIES.get('django_language', 'zh')
+        with translation.override(lang):
+            for command in commands:
+                cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
+                command['_cmd_filter_acl'] = cmd_acl
+                cmd_group = cmd_group_mapper.get(command['cmd_group'])
+                command['_cmd_group'] = cmd_group
+                session = session_mapper.get(command['session'])
+                if session:
+                    command.update({
+                        '_user_id': session.user_id,
+                        '_asset_id': session.asset_id,
+                        '_account_id': session.account_id,
+                        '_org_name': session.org.name
+                    })
+
+                risk_level = command.get('risk_level')
+                if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
+                    CommandAlertMessage(command).publish_async()
+                elif risk_level in [RiskLevelChoices.warning]:
+                    for reviewer in cmd_acl.reviewers.all():
+                        CommandWarningMessage(reviewer, command).publish_async()
+                else:
+                    logger.info(f'Risk level ignore: {risk_level}')

-            if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
-                CommandAlertMessage(command).publish_async()
-            elif risk_level in [RiskLevelChoices.warning]:
-                acl_id = command.get('cmd_filter_acl')
-                acl = acls_mapper.get(acl_id)
-                if not acl:
-                    logger.info(f'ACL not found: {acl_id}')
-                    continue
-                for reviewer in acl.reviewers.all():
-                    CommandWarningMessage(reviewer, command).publish_async()
-            else:
-                logger.info(f'Risk level ignore: {risk_level}')
        return Response({'msg': 'ok'})