From 63824d34919c38609cce55958378da1ba6f0a18f Mon Sep 17 00:00:00 2001 From: wangruidong <940853815@qq.com> Date: Sat, 12 Oct 2024 15:14:47 +0800 Subject: [PATCH] fix: adhoc execute alert msg --- apps/ops/ansible/runner.py | 5 +++-- apps/ops/models/job.py | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/apps/ops/ansible/runner.py b/apps/ops/ansible/runner.py index 0ebe1d81e..3271131b5 100644 --- a/apps/ops/ansible/runner.py +++ b/apps/ops/ansible/runner.py @@ -39,9 +39,10 @@ class AdHocRunner: def check_module(self): if self.module not in self.cmd_modules_choices: return - if self.module_args and self.module_args.split()[0] in settings.SECURITY_COMMAND_BLACKLIST: + command = self.module_args + if command and set(command.split()).intersection(set(settings.SECURITY_COMMAND_BLACKLIST)): raise CommandInBlackListException( - "Command is rejected by black list: {}".format(self.module_args.split()[0])) + "Command is rejected by black list: {}".format(self.module_args)) def set_local_connection(self): if self.job_module in self.need_local_connection_modules_choices: diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py index 141de8dce..c2c0139af 100644 --- a/apps/ops/models/job.py +++ b/apps/ops/models/job.py @@ -478,6 +478,16 @@ class JobExecution(JMSOrgBaseModel): for acl in acls: if self.match_command_group(acl, asset): break + command = self.current_job.args + if command and set(command.split()).intersection(set(settings.SECURITY_COMMAND_BLACKLIST)): + CommandExecutionAlert({ + "assets": self.current_job.assets.all(), + "input": self.material, + "risk_level": RiskLevelChoices.reject, + "user": self.creator, + }).publish_async() + raise CommandInBlackListException( + "Command is rejected by black list: {}".format(self.current_job.args)) def check_danger_keywords(self): lines = self.job.playbook.check_dangerous_keywords()