fix: Add length check for text input in parse_int function and clean up imports in other.py

2026-03-18 11:02:09 +00:00 · 2026-02-26 14:53:36 +08:00
parent 820b831588
commit 707323c610
3 changed files with 6 additions and 32 deletions
--- a/apps/accounts/automations/gather_account/filter.py
+++ b/apps/accounts/automations/gather_account/filter.py
@@ -40,6 +40,8 @@ def parse_int(value, default=None):
        if not text or text.lower() in {"none", "null"}:
            return default
        if text.startswith(("b'", 'b"')):
+            if len(text) > 1024:
+                return default
            try:
                maybe_bytes = literal_eval(text)
                if isinstance(maybe_bytes, (bytes, bytearray)):
--- a/apps/jumpserver/views/other.py
+++ b/apps/jumpserver/views/other.py
@@ -6,20 +6,17 @@ from urllib.parse import urlparse
 from django.conf import settings
 from django.http import HttpResponse
 from django.http import HttpResponseBadRequest
-from django.http import HttpResponseRedirect, JsonResponse, Http404
+from django.http import HttpResponseRedirect, JsonResponse
 from django.shortcuts import redirect
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
-from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View, TemplateView
 from rest_framework.views import APIView

 from common.utils import lazyproperty
-from common.views.http import HttpResponseTemporaryRedirect

 __all__ = [
-    'LunaView', 'I18NView', 'KokoView', 'WsView',
-    'redirect_format_api', 'redirect_old_apps_view', 'UIView',
+    'LunaView', 'I18NView', 'KokoView', 'WsView', 'UIView',
    'ResourceDownload', 'RedirectConfirm'
 ]

@@ -47,30 +44,6 @@ class I18NView(View):
 api_url_pattern = re.compile(r'^/api/(?P<app>\w+)/(?P<version>v\d)/(?P<extra>.*)$')


-@csrf_exempt
-def redirect_format_api(request, *args, **kwargs):
-    _path, query = request.path, request.GET.urlencode()
-    matched = api_url_pattern.match(_path)
-    if matched:
-        kwargs = matched.groupdict()
-        kwargs["query"] = query
-        _path = '/api/{version}/{app}/{extra}?{query}'.format(**kwargs).rstrip("?")
-        return HttpResponseTemporaryRedirect(_path)
-    else:
-        return JsonResponse({"msg": "Redirect url failed: {}".format(_path)}, status=404)
-
-
-@csrf_exempt
-def redirect_old_apps_view(request, *args, **kwargs):
-    path = request.get_full_path()
-    if path.find('/core') != -1:
-        raise Http404()
-    if path in ['/docs/', '/docs', '/core/docs/', '/core/docs']:
-        return redirect('/api/docs/')
-    new_path = '/core{}'.format(path)
-    return HttpResponseTemporaryRedirect(new_path)
-
-
 class WsView(APIView):
    ws_port = settings.HTTP_LISTEN_PORT + 1

--- a/apps/terminal/applets/dbeaver/app.py
+++ b/apps/terminal/applets/dbeaver/app.py
@@ -53,7 +53,7 @@ class AppletApplication(BaseApplication):

    @staticmethod
    def _write_config(config_file, config):
-        with open(config_file, 'w')as f:
+        with open(config_file, 'w') as f:
            for key, value in config.items():
                f.write(f'{key}={value}\n')

@@ -148,8 +148,7 @@ class AppletApplication(BaseApplication):
        startupinfo = subprocess.STARTUPINFO()
        startupinfo.dwFlags = subprocess.CREATE_NEW_CONSOLE | subprocess.STARTF_USESHOWWINDOW
        startupinfo.wShowWindow = subprocess.SW_HIDE
-        exec_string = '%s -con %s' % (self.path, params)
-        ret = subprocess.Popen(exec_string, startupinfo=startupinfo)
+        ret = subprocess.Popen([self.path, '-con', params], startupinfo=startupinfo)
        self.pid = ret.pid

    def wait(self):