merge: with pam (#14911)

* perf: change i18n * perf: pam * perf: change translate * perf: add check account * perf: add date field * perf: add account filter * perf: remove some js * perf: add account status action * perf: update pam * perf: 修改 discover account * perf: update filter * perf: update gathered account * perf: 修改账号同步 * perf: squash migrations * perf: update pam * perf: change i18n * perf: update account risk * perf: 更新风险发现 * perf: remove css * perf: Admin connection token * perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks * perf: Modify account migration files * perf: update pam * perf: remove to check account dir * perf: Admin connection token * perf: update check account * perf: 优化发送结果 * perf: update pam * perf: update bulk update create * perf: prepaire using thread timer for bulk_create_decorator * perf: update bulk create decorator * perf: 优化 playbook manager * perf: 优化收集账号的报表 * perf: Update poetry * perf: Update Dockerfile with new base image tag * fix: Account migrate 0012 file * perf: 修改备份 * perf: update pam * fix: Expand resource_type filter to include raw type * feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> * perf: Change secret dashboard (#14551) Co-authored-by: feng <1304903146@qq.com> * perf: update migrations * perf: 修改支持 pam * perf: Change secret record table dashboard * perf: update status * fix: Automation send report * perf: Change secret report * feat: windows accounts gather * perf: update change status * perf: Account backup * perf: Account backup report * perf: Account migrate * perf: update service to application * perf: update migrations * perf: update logo * feat: oracle accounts gather (#14571) * feat: oracle accounts gather * feat: sqlserver accounts gather * feat: postgresql accounts gather * feat: mysql accounts gather --------- Co-authored-by: wangruidong <940853815@qq.com> * feat: mongodb accounts gather * perf: Change secret * perf: Migrate * perf: Merge conflicting migration files * perf: Change secret * perf: Automation filter org * perf: Account push * perf: Random secret string * perf: Enhance SQL query and update risk handling in accounts * perf: Ticket filter assignee_id * perf: 修改 account remote * perf: 修改一些 adhoc 任务 * perf: Change secret * perf: Remove push account extra api * perf: update status * perf: The entire organization can view activity log * fix: risk field check * perf: add account details api * perf: add demo mode * perf: Delete gather_account * perf: Perfect solution to account version problem * perf: Update status action to handle multiple accounts * perf: Add GatherAccountDetailField and update serializers * perf: Display account history in combination with password change records * perf: Lina translate * fix: Update mysql_filter to handle nested user info * perf: Admin connection token validate_permission account * perf: copy move account * perf: account filter risk * perf: account risk filter * perf: Copy move account failed message * fix: gather account sync account to asset * perf: Pam dashboard * perf: Account dashboard total accounts * perf: Pam dashboard * perf: Change secret filter account secret_reset * perf: 修改 risk filter * perf: pam translate * feat: Check for leaked duplicate passwords. (#14711) * feat: Check for leaked duplicate passwords. * perf: Use SQLite instead of txt as leak password database --------- Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: 老广 <ibuler@qq.com> * perf: merge with remote * perf: Add risk change_password_add handle * perf: Pam dashboard * perf: check account manager import * perf: 重构扫描 * perf: 修改 db * perf: Gather account manager * perf: update change db lib * perf: dashboard * perf: Account gather * perf: 修改 asset get queryset * perf: automation report * perf: Pam account * perf: Pam dashboard api * perf: risk add account * perf: 修改 risk check * perf: Risk account * perf: update risk add reopen action * perf: add pylintrc * Revert "perf: automation report" This reverts commit 22aee54207. * perf: check account engine * perf: Perf: Optimism Gather Report Style * Perf: Remove unuser actions * Perf: Perf push account * perf: perf gather account * perf: Automation report * perf: Push account recorder * perf: Push account record * perf: Pam dashboard * perf: perf * perf: update intergration * perf: integrations application detail add account tab page * feat: Custom change password supports configuration of interactive items * perf: Go and Python demo code * perf: Custom secret change * perf: add user filter * perf: translate * perf: Add demo code docs * perf: update some i18n * perf: update some i18n * perf: Add Java, Node, Go, and cURL demo code * perf: Translate * perf: Change secret translate * perf: Translate * perf: update some i18n * perf: translate * perf: Ansible playbook * perf: update some choice * perf: update some choice * perf: update account serializer remote unused code * perf: conflict * perf: update import --------- Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng <1304903146@qq.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: wangruidong <940853815@qq.com> Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> Co-authored-by: zhaojisen <1301338853@qq.com>
2025-09-17 07:49:01 +00:00 · 2025-02-21 16:39:57 +08:00
parent d516349a68
commit 3f4141ca0b
399 changed files with 14655 additions and 15063 deletions
--- a/apps/accounts/serializers/automations/check_account.py
+++ b/apps/accounts/serializers/automations/check_account.py
@@ -0,0 +1,115 @@
+# -*- coding: utf-8 -*-
+#
+from django.utils.translation import gettext_lazy as _
+from rest_framework import serializers
+
+from accounts.const import AutomationTypes
+from accounts.models import (
+    CheckAccountAutomation,
+    AccountRisk,
+    RiskChoice,
+    CheckAccountEngine,
+)
+from accounts.risk_handlers import TYPE_CHOICES
+from assets.models import Asset
+from common.const import ConfirmOrIgnore
+from common.serializers.fields import ObjectRelatedField, LabeledChoiceField
+from common.utils import get_logger
+from .base import BaseAutomationSerializer
+
+logger = get_logger(__file__)
+
+__all__ = [
+    "CheckAccountAutomationSerializer",
+    "AccountRiskSerializer",
+    "CheckAccountEngineSerializer",
+    "AssetRiskSerializer",
+    "HandleRiskSerializer",
+]
+
+
+class AccountRiskSerializer(serializers.ModelSerializer):
+    asset = ObjectRelatedField(
+        queryset=Asset.objects.all(), required=False, label=_("Asset")
+    )
+    risk = LabeledChoiceField(
+        choices=RiskChoice.choices, required=False, read_only=True, label=_("Risk")
+    )
+    status = LabeledChoiceField(
+        choices=ConfirmOrIgnore.choices, required=False, label=_("Status")
+    )
+
+    class Meta:
+        model = AccountRisk
+        fields = [
+            "id", "asset", "username", "risk", "status",
+            "date_created", "details",
+        ]
+
+    @classmethod
+    def setup_eager_loading(cls, queryset):
+        return queryset.select_related("asset")
+
+
+class RiskSummarySerializer(serializers.Serializer):
+    risk = serializers.CharField(max_length=128)
+    count = serializers.IntegerField()
+
+
+class AssetRiskSerializer(serializers.Serializer):
+    id = serializers.CharField(max_length=128, required=False, source="asset__id")
+    name = serializers.CharField(max_length=128, required=False, source="asset__name")
+    address = serializers.CharField(
+        max_length=128, required=False, source="asset__address"
+    )
+    platform = serializers.CharField(
+        max_length=128, required=False, source="asset__platform__name"
+    )
+    risk_total = serializers.IntegerField()
+    risk_summary = serializers.SerializerMethodField()
+
+    @staticmethod
+    def get_risk_summary(obj):
+        summary = {}
+        for risk in RiskChoice.choices:
+            summary[f"{risk[0]}_count"] = obj.get(f"{risk[0]}_count", 0)
+        return summary
+
+
+class HandleRiskSerializer(serializers.Serializer):
+    username = serializers.CharField(max_length=128)
+    asset = serializers.PrimaryKeyRelatedField(queryset=Asset.objects)
+    action = serializers.ChoiceField(choices=TYPE_CHOICES)
+    risk = serializers.ChoiceField(choices=RiskChoice.choices, allow_null=True, allow_blank=True)
+
+
+class CheckAccountAutomationSerializer(BaseAutomationSerializer):
+    class Meta:
+        model = CheckAccountAutomation
+        read_only_fields = BaseAutomationSerializer.Meta.read_only_fields
+        fields = (
+                BaseAutomationSerializer.Meta.fields
+                + ["engines", "recipients"]
+                + read_only_fields
+        )
+        extra_kwargs = BaseAutomationSerializer.Meta.extra_kwargs
+
+    @property
+    def model_type(self):
+        return AutomationTypes.check_account
+
+    @staticmethod
+    def validate_engines(engines):
+        valid_slugs = {i['slug'] for i in CheckAccountEngine.get_default_engines()}
+
+        if not all(engine in valid_slugs for engine in engines):
+            raise serializers.ValidationError(_("Invalid engine id"))
+
+        return engines
+
+
+class CheckAccountEngineSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = CheckAccountEngine
+        fields = ["id", "name", "slug", "comment"]
+        read_only_fields = ["slug"]