perf: 修改命令command input 长度问题 (#7996)

* perf: 修改命令command input max_length 1024 * perf: 修改命令command input 长度问题 * perf: 修改命令command input 长度问题 * perf: 修改命令command input 长度问题 * perf: 修改命令command input 长度问题 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
2025-09-01 15:37:19 +00:00 · 2022-03-30 19:07:49 +08:00
parent 54d1996507
commit e7af037513
13 changed files with 117 additions and 53 deletions
--- a/apps/terminal/backends/command/db.py
+++ b/apps/terminal/backends/command/db.py
@@ -4,6 +4,7 @@ import datetime
 from django.db import transaction
 from django.utils import timezone
 from django.db.utils import OperationalError
+from common.utils.common import pretty_string

 from .base import CommandBase

@@ -32,9 +33,11 @@ class CommandStore(CommandBase):
        """
        _commands = []
        for c in commands:
+            cmd_input = pretty_string(c['input'])
+            cmd_output = pretty_string(c['output'], max_length=1024)
            _commands.append(self.model(
                user=c["user"], asset=c["asset"], system_user=c["system_user"],
-                input=c["input"], output=c["output"], session=c["session"],
+                input=cmd_input, output=cmd_output, session=c["session"],
                risk_level=c.get("risk_level", 0), org_id=c["org_id"],
                timestamp=c["timestamp"]
            ))
--- a/apps/terminal/backends/command/serializers.py
+++ b/apps/terminal/backends/command/serializers.py
@@ -4,27 +4,19 @@ from rest_framework import serializers

 from .models import AbstractSessionCommand

+__all__ = ['SessionCommandSerializer', 'InsecureCommandAlertSerializer']

-class SessionCommandSerializer(serializers.Serializer):
-    """使用这个类作为基础Command Log Serializer类, 用来序列化"""

-    id = serializers.UUIDField(read_only=True)
+class SimpleSessionCommandSerializer(serializers.Serializer):
+    """ 简单Session命令序列类, 用来提取公共字段 """
    user = serializers.CharField(label=_("User"))  # 限制 64 字符，见 validate_user
    asset = serializers.CharField(max_length=128, label=_("Asset"))
-    system_user = serializers.CharField(max_length=64, label=_("System user"))
-    input = serializers.CharField(max_length=128, label=_("Command"))
-    output = serializers.CharField(max_length=1024, allow_blank=True, label=_("Output"))
+    input = serializers.CharField(max_length=2048, label=_("Command"))
    session = serializers.CharField(max_length=36, label=_("Session ID"))
-    risk_level = serializers.ChoiceField(required=False, label=_("Risk level"), choices=AbstractSessionCommand.RISK_LEVEL_CHOICES)
-    risk_level_display = serializers.SerializerMethodField(label=_('Risk level display'))
+    risk_level = serializers.ChoiceField(
+        required=False, label=_("Risk level"), choices=AbstractSessionCommand.RISK_LEVEL_CHOICES
+    )
    org_id = serializers.CharField(max_length=36, required=False, default='', allow_null=True, allow_blank=True)
-    timestamp = serializers.IntegerField(label=_('Timestamp'))
-    remote_addr = serializers.CharField(read_only=True, label=_('Remote Address'))
-
-    @staticmethod
-    def get_risk_level_display(obj):
-        risk_mapper = dict(AbstractSessionCommand.RISK_LEVEL_CHOICES)
-        return risk_mapper.get(obj.risk_level)

    def validate_user(self, value):
        if len(value) > 64:
@@ -32,9 +24,21 @@ class SessionCommandSerializer(serializers.Serializer):
        return value


-class InsecureCommandAlertSerializer(serializers.Serializer):
-    input = serializers.CharField()
-    asset = serializers.CharField()
-    user = serializers.CharField()
-    risk_level = serializers.IntegerField()
-    session = serializers.UUIDField()
+class InsecureCommandAlertSerializer(SimpleSessionCommandSerializer):
+    pass
+
+
+class SessionCommandSerializer(SimpleSessionCommandSerializer):
+    """使用这个类作为基础Command Log Serializer类, 用来序列化"""
+
+    id = serializers.UUIDField(read_only=True)
+    system_user = serializers.CharField(max_length=64, label=_("System user"))
+    output = serializers.CharField(max_length=2048, allow_blank=True, label=_("Output"))
+    risk_level_display = serializers.SerializerMethodField(label=_('Risk level display'))
+    timestamp = serializers.IntegerField(label=_('Timestamp'))
+    remote_addr = serializers.CharField(read_only=True, label=_('Remote Address'))
+
+    @staticmethod
+    def get_risk_level_display(obj):
+        risk_mapper = dict(AbstractSessionCommand.RISK_LEVEL_CHOICES)
+        return risk_mapper.get(obj.risk_level)