From 4717b5270b08901503e83dc8284086b6a8bec903 Mon Sep 17 00:00:00 2001 From: crayon <873217631@qq.com> Date: Mon, 9 Oct 2023 20:50:18 +0800 Subject: [PATCH] =?UTF-8?q?bugfix:=20=E4=BF=AE=E5=A4=8D=20Job=20=E5=BC=95?= =?UTF-8?q?=E7=94=A8=E5=85=A8=E5=B1=80=E5=8F=98=E9=87=8F=E5=9C=BA=E6=99=AF?= =?UTF-8?q?=E4=B8=8B=E5=80=BC=E8=A7=A3=E6=9E=90=E4=B8=8D=E7=AC=A6=E5=90=88?= =?UTF-8?q?=E9=A2=84=E6=9C=9F=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../all_biz_execute_job_plan/base_service.py | 17 ++++++++++++- .../job/execute_task/execute_task_base.py | 17 ++++++++++++- pipeline_plugins/components/utils/common.py | 10 ++++++++ .../all_biz_execute_job_plan/test_v1_0.py | 25 +++++++++++++++++++ 4 files changed, 67 insertions(+), 2 deletions(-) diff --git a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py index 3a67b8b6f4..ab7e9e262c 100644 --- a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py +++ b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py @@ -19,6 +19,7 @@ get_job_instance_url, get_node_callback_url, has_biz_set, + is_cipher_structure, loose_strip, parse_passwd_value, plat_ip_reg, @@ -124,7 +125,21 @@ def execute(self, data, parent_data): self.biz_scope_type = JobBizScopeType.BIZ.value for _value in original_global_var: - val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"]))) + + if is_cipher_structure(_value["value"]): + # 只有当变量值符合密码结构,才需要尝试解析密码变量 + try: + val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"]))) + except Exception: + self.logger.exception( + "[job_execute_task_base] failed to decrypt value -> {value}, use plaintext".format( + value=_value["value"] + ) + ) + val = loose_strip(_value["value"]) + else: + val = loose_strip(_value["value"]) + if _value["type"] == JOBV3_VAR_CATEGORY_IP: ip_list = self.get_ip_list(val) diff --git a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py index 31eec55d9b..66f5874a3e 100644 --- a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py +++ b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py @@ -27,6 +27,7 @@ from pipeline_plugins.components.utils import ( get_job_instance_url, get_node_callback_url, + is_cipher_structure, loose_strip, parse_passwd_value, ) @@ -156,7 +157,21 @@ def execute(self, data, parent_data): biz_across = data.get_one_of_inputs("biz_across") for _value in original_global_var: - val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"]))) + + if is_cipher_structure(_value["value"]): + # 只有当变量值符合密码结构,才需要尝试解析密码变量 + try: + val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"]))) + except Exception: + self.logger.exception( + "[job_execute_task_base] failed to decrypt value -> {value}, use plaintext".format( + value=_value["value"] + ) + ) + val = loose_strip(_value["value"]) + else: + val = loose_strip(_value["value"]) + # category为3,表示变量类型为IP if _value["category"] == JOBV3_VAR_CATEGORY_IP: self.logger.info("[job_execute_task_base] start find ip, var={}".format(val)) diff --git a/pipeline_plugins/components/utils/common.py b/pipeline_plugins/components/utils/common.py index aa75ddcf78..b585e65fa5 100644 --- a/pipeline_plugins/components/utils/common.py +++ b/pipeline_plugins/components/utils/common.py @@ -121,6 +121,16 @@ def convert_num_to_str(export_data: list): return export_data +def is_cipher_structure(value: typing.Any) -> bool: + """检测一个变量是否具备密码变量结构""" + if isinstance(value, str): + return True + # 密码变量格式:{"tag": "xxx", "value": "xxx"} + if isinstance(value, dict) and "tag" in value and "value" in value: + return True + return False + + def parse_passwd_value(passwd_value: typing.Union[str, typing.Dict[str, str]]) -> str: if isinstance(passwd_value, str): return passwd_value diff --git a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py index 51ab94ccbd..3459de9ba8 100644 --- a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py +++ b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py @@ -714,8 +714,30 @@ def __init__( "id": 1000032, "type": JOBV3_VAR_CATEGORY_PASSWORD, "name": "password", + # 密文变量 "value": {"tag": "variable", "value": crypto.encrypt("123")}, }, + { + "id": 1000033, + "type": 1, + "name": "dict", + # 结构化数据 + "value": {"value": 1, "test": True}, + }, + { + "id": 1000034, + "type": 1, + "name": "int from page", + # 页面输入的整型 + "value": 0, + }, + { + "id": 1000035, + "type": 1, + "name": "int from page", + # 页面输入的整型 + "value": 1232314345, + }, {"id": 1000031, "type": 3, "name": "ip", "value": "0:192.168.20.218", "description": ""}, ], } @@ -758,6 +780,9 @@ def __init__( "global_var_list": [ {"id": 1000030, "value": "test"}, {"id": 1000032, "value": "123"}, + {"id": 1000033, "value": "{'value': 1, 'test': True}"}, + {"id": 1000034, "value": "0"}, + {"id": 1000035, "value": "1232314345"}, {"id": 1000031, "server": {"ip_list": [{"ip": "192.168.20.218", "bk_cloud_id": 0}]}}, ], "callback_url": "callback_url",