From 78a8d3dfa5368f9d3dfd08bf6b73f436ce5d8927 Mon Sep 17 00:00:00 2001 From: OG T Date: Tue, 7 Apr 2026 11:13:49 +0800 Subject: [PATCH] =?UTF-8?q?fix(api):=20ansible=20=E6=8E=A7=E5=88=B6?= =?UTF-8?q?=E7=AF=80=E9=BB=9E=E5=8A=A0=E7=99=BD=E5=90=8D=E5=96=AE=E9=A9=97?= =?UTF-8?q?=E8=AD=89=EF=BC=8C=E9=98=B2=E7=92=B0=E5=A2=83=E8=AE=8A=E6=95=B8?= =?UTF-8?q?=E7=B9=9E=E9=81=8E=20(Re-Review=20Important)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 首席架構師 Re-Review 指出: ANSIBLE_CONTROL_HOST 來自環境變數 (ConfigMap), 若 ConfigMap 被篡改可繞過 SSH_TARGET_WHITELIST。 在 _execute_ansible() 開頭加 validate_ssh_target_host(host) 閉環。 Re-Review 評分: 91/100 ✅ 通過 Co-Authored-By: Claude Haiku 4.5 --- apps/api/src/services/host_repair_agent.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/api/src/services/host_repair_agent.py b/apps/api/src/services/host_repair_agent.py index 02013112..1b307b09 100644 --- a/apps/api/src/services/host_repair_agent.py +++ b/apps/api/src/services/host_repair_agent.py @@ -422,6 +422,14 @@ class HostRepairAgent: """ host = ANSIBLE_CONTROL_HOST user = ANSIBLE_CONTROL_USER + # Important fix: 驗證 ConfigMap 的控制節點也在白名單內,防止環境變數被篡改繞過白名單 + try: + validate_ssh_target_host(host) + except ValueError as e: + return HostRepairResult( + success=False, layer="ansible", component=playbook_name, + error=f"Ansible control host validation failed: {e}", + ) playbook_path = f"{ANSIBLE_PLAYBOOKS_PATH}/{playbook_name}" # P0-2: Quote playbook_path to prevent shell injection if path contains special chars ssh_command = f"ansible-playbook {shlex.quote(playbook_path)}"