From 9e31a5064bb609bd11e6407de695eb935a87e849 Mon Sep 17 00:00:00 2001 From: Aaron3S Date: Wed, 14 Jun 2023 19:48:43 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=E9=BB=91=E5=90=8D?= =?UTF-8?q?=E5=8D=95=E5=91=BD=E4=BB=A4=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/ops/ansible/runner.py | 6 +++++- apps/ops/models/job.py | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/ops/ansible/runner.py b/apps/ops/ansible/runner.py index 3bce64b2a..ac83d0d8e 100644 --- a/apps/ops/ansible/runner.py +++ b/apps/ops/ansible/runner.py @@ -7,6 +7,10 @@ from django.conf import settings from .callback import DefaultCallback +class CommandInBlackListException(Exception): + pass + + class AdHocRunner: cmd_modules_choices = ('shell', 'raw', 'command', 'script', 'win_shell') @@ -28,7 +32,7 @@ class AdHocRunner: if self.module not in self.cmd_modules_choices: return if self.module_args and self.module_args.split()[0] in settings.SECURITY_COMMAND_BLACKLIST: - raise Exception("command not allowed: {}".format(self.module_args[0])) + raise CommandInBlackListException("command not allowed:{}".format(self.module_args.split()[0])) def run(self, verbosity=0, **kwargs): self.check_module() diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py index 193debe31..932a948b0 100644 --- a/apps/ops/models/job.py +++ b/apps/ops/models/job.py @@ -19,7 +19,7 @@ from simple_history.models import HistoricalRecords from accounts.models import Account from acls.models import CommandFilterACL from assets.models import Asset -from ops.ansible import JMSInventory, AdHocRunner, PlaybookRunner +from ops.ansible import JMSInventory, AdHocRunner, PlaybookRunner, CommandInBlackListException from ops.mixin import PeriodTaskModelMixin from ops.variables import * from ops.const import Types, Modules, RunasPolicies, JobStatus @@ -450,6 +450,8 @@ class JobExecution(JMSOrgBaseModel): cb = runner.run(**kwargs) self.set_result(cb) return cb + except CommandInBlackListException as e: + print("command is rejected by black list: {}".format(e)) except Exception as e: logging.error(e, exc_info=True) self.set_error(e)