FilesExpand file tree

 dev

/

command.py

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

164 lines (145 loc) · 5.75 KB

 dev

/

command.py

Top

File metadata and controls

• Code
• Blame

164 lines (145 loc) · 5.75 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

# -*- coding: utf-8 -*-

#

import uuid

import json

from celery.exceptions import SoftTimeLimitExceeded

from django.utils import timezone

from django.utils.translation import ugettext_lazy as _

from django.utils.translation import ugettext

from django.db import models

from terminal.notifications import CommandExecutionAlert

from assets.models import Asset

from common.utils import lazyproperty

from orgs.models import Organization

from orgs.mixins.models import OrgModelMixin

from orgs.utils import tmp_to_org

from ..ansible.runner import CommandRunner

from ..inventory import JMSInventory

class CommandExecution(OrgModelMixin):

id = models.UUIDField(default=uuid.uuid4, primary_key=True)

hosts = models.ManyToManyField('assets.Asset')

run_as = models.ForeignKey('assets.SystemUser', on_delete=models.CASCADE)

command = models.TextField(verbose_name=_("Command"))

_result = models.TextField(blank=True, null=True, verbose_name=_('Result'))

user = models.ForeignKey('users.User', on_delete=models.CASCADE, null=True)

is_finished = models.BooleanField(default=False, verbose_name=_('Is finished'))

date_created = models.DateTimeField(auto_now_add=True, verbose_name=_('Date created'))

date_start = models.DateTimeField(null=True, verbose_name=_('Date start'))

date_finished = models.DateTimeField(null=True, verbose_name=_('Date finished'))

def __str__(self):

return self.command[:10]

def save(self, *args, **kwargs):

with tmp_to_org(self.run_as.org_id):

super().save(*args, **kwargs)

@property

def inventory(self):

if self.run_as.username_same_with_user:

username = self.user.username

else:

username = self.run_as.username

inv = JMSInventory(self.allow_assets, run_as=username, system_user=self.run_as)

return inv

@lazyproperty

def run_as_display(self):

return str(self.run_as)

@lazyproperty

def user_display(self):

return str(self.user)

@lazyproperty

def hosts_display(self):

return ','.join(self.hosts.all().values_list('hostname', flat=True))

@property

def result(self):

if self._result:

return json.loads(self._result)

else:

return {}

@result.setter

def result(self, item):

self._result = json.dumps(item)

@property

def is_success(self):

if 'error' in self.result:

return False

return True

def get_hosts_names(self):

return ','.join(self.hosts.all().values_list('hostname', flat=True))

def cmd_filter_rules(self, asset_id=None):

from assets.models import CommandFilterRule

user_id = self.user.id

system_user_id = self.run_as.id

rules = CommandFilterRule.get_queryset(

user_id=user_id,

system_user_id=system_user_id,

asset_id=asset_id,

)

return rules

def is_command_can_run(self, command, asset_id=None):

for rule in self.cmd_filter_rules(asset_id=asset_id):

action, matched_cmd = rule.match(command)

if action == rule.ActionChoices.allow:

return True, None

elif action == rule.ActionChoices.deny:

return False, matched_cmd

return True, None

@property

def allow_assets(self):

allow_asset_ids = []

for asset in self.hosts.all():

ok, __ = self.is_command_can_run(self.command, asset_id=asset.id)

if ok:

allow_asset_ids.append(asset.id)

allow_assets = Asset.objects.filter(id__in=allow_asset_ids)

return allow_assets

def run(self):

print('-' * 10 + ' ' + ugettext('Task start') + ' ' + '-' * 10)

org = Organization.get_instance(self.run_as.org_id)

org.change_to()

self.date_start = timezone.now()

ok, msg = self.is_command_can_run(self.command)

if ok:

allow_assets = self.allow_assets

deny_assets = set(list(self.hosts.all())) - set(list(allow_assets))

for asset in deny_assets:

print(f'资产{asset}: 命令{self.command}不允许执行')

if not allow_assets:

self.result = {

"error": 'There are currently no assets that can be executed'

}

self.save()

return self.result

runner = CommandRunner(self.inventory)

try:

host = allow_assets.first()

if host and host.is_windows():

shell = 'win_shell'

elif host and host.is_unixlike():

shell = 'shell'

else:

shell = 'raw'

result = runner.execute(self.command, 'all', module=shell)

self.result = result.results_command

except SoftTimeLimitExceeded as e:

print("Run timeout than 60s")

self.result = {"error": str(e)}

except Exception as e:

print("Error occur: {}".format(e))

self.result = {"error": str(e)}

else:

msg = _("Command `{}` is forbidden ........").format(self.command)

print('\033[31m' + msg + '\033[0m')

CommandExecutionAlert({

'input': self.command,

'assets': self.hosts.all(),

'user': str(self.user),

'risk_level': 5,

}).publish_async()

self.result = {"error": msg}

self.org_id = self.run_as.org_id

self.is_finished = True

self.date_finished = timezone.now()

self.save()

print('-' * 10 + ' ' + ugettext('Task end') + ' ' + '-' * 10)

return self.result

class Meta:

verbose_name = _("Command execution")