7x31
/
cmdb
mirror of https://github.com/veops/cmdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(api): Code scanning alerts ()

This commit is contained in:
pycook 2023-11-06 14:27:30 +08:00 committed by GitHub
parent 46238b8b51
commit 2ae4aeee67
3 changed files with 10 additions and 7 deletions
cmdb-api/api/lib/cmdb
attribute.py
auto_discovery
auto_discovery.py
search/ci/db
search.py

5
cmdb-api/api/lib/cmdb/attribute.py
View File

@ -81,8 +81,9 @@ class AttributeManager(object):
elif choice_other.get('script'): elif choice_other.get('script'):
try: try:
x = compile(choice_other['script'], '', "exec") x = compile(choice_other['script'], '', "exec")
exec(x) local_ns = {}
res = locals()['ChoiceValue']().values() or [] exec(x, {}, local_ns)
res = local_ns['ChoiceValue']().values() or []
return [[i, {}] for i in res] return [[i, {}] for i in res]
except Exception as e: except Exception as e:
current_app.logger.error("get choice values from script: {}".format(e)) current_app.logger.error("get choice values from script: {}".format(e))

7
cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
View File

@ -36,9 +36,10 @@ def parse_plugin_script(script):
attributes = [] attributes = []
try: try:
x = compile(script, '', "exec") x = compile(script, '', "exec")
exec(x) local_ns = {}
unique_key = locals()['AutoDiscovery']().unique_key exec(x, {}, local_ns)
attrs = locals()['AutoDiscovery']().attributes() or [] unique_key = local_ns['AutoDiscovery']().unique_key
attrs = local_ns['AutoDiscovery']().attributes() or []
except Exception as e: except Exception as e:
return abort(400, str(e)) return abort(400, str(e))

5
cmdb-api/api/lib/cmdb/search/ci/db/search.py
View File

@ -9,6 +9,7 @@ import time
from flask import current_app from flask import current_app
from flask_login import current_user from flask_login import current_user
from jinja2 import Template from jinja2 import Template
from sqlalchemy import text
from api.extensions import db from api.extensions import db
from api.lib.cmdb.cache import AttributeCache from api.lib.cmdb.cache import AttributeCache
@ -312,7 +313,7 @@ class Search(object):
start = time.time() start = time.time()
execute = db.session.execute execute = db.session.execute
# current_app.logger.debug(v_query_sql) # current_app.logger.debug(v_query_sql)
res = execute(v_query_sql).fetchall() res = execute(text(v_query_sql)).fetchall()
end_time = time.time() end_time = time.time()
current_app.logger.debug("query ci ids time is: {0}".format(end_time - start)) current_app.logger.debug("query ci ids time is: {0}".format(end_time - start))
@ -525,7 +526,7 @@ class Search(object):
if k: if k:
table_name = TableMap(attr=attr).table_name table_name = TableMap(attr=attr).table_name
query_sql = FACET_QUERY.format(table_name, self.query_sql, attr.id) query_sql = FACET_QUERY.format(table_name, self.query_sql, attr.id)
result = db.session.execute(query_sql).fetchall() result = db.session.execute(text(query_sql)).fetchall()
facet[k] = result facet[k] = result
facet_result = dict() facet_result = dict()