代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/migration-tools 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 27f65f5c5e38b6d0cee28db3591784266a47de9e Mon Sep 17 00:00:00 2001
From: lixin <lixinb@uniontech.com>
Date: Tue, 12 Mar 2024 10:42:07 +0800
Subject: [PATCH] CVE-2024-24892
---
index.py | 50 ++++++++++++++++++++++++++++++++------------------
1 file changed, 32 insertions(+), 18 deletions(-)
diff --git a/index.py b/index.py
index 239148e..f604fc2 100644
--- a/index.py
+++ b/index.py
@@ -4,6 +4,7 @@
# SPDX-License-Identifier: MulanPubL-2.0-or-later
import os
import json
+import paramiko
from func import share
from urls import server_mods
from flask import Flask, render_template, request, Response
@@ -202,29 +203,42 @@ def export_migration_reports():
:return:
"""
mod = check_methods()
- f = open("/usr/lib/migration-tools-server/.passwd.txt", "r")
- password = f.read()
- f.close()
if mod:
data = request.get_data()
json_data = json.loads(data)
- mkdir_log_pwd = "/var/uos-migration/"
- isExists=os.path.exists(mkdir_log_pwd)
- if not isExists:
- try:
- os.makedirs(mkdir_log_pwd)
- print(mkdir_log_pwd)
- except:
- print("export report mkdir error:%s" % mkdir_log_pwd)
-
+ user = json_data.get('info').split("|")[0]
info = mod.split(',')
- scp_log = "sshpass -p '%s'" % password + " scp -r %s" % json_data.get('info').split("|")[0] + "@%s" % info[1] \
- + ":/var/tmp/uos-migration/UOS*.tar.gz /var/uos-migration/"
+ ip = info[1].strip('"')
+ port = 22
+
+ with open("/usr/lib/migration-tools-server/.passwd.txt", "r") as f:
+ password = f.read()
+
+ remote_dir = local_dir = "/var/tmp/uos-migration"
+ if not os.path.exists(local_dir):
+ os.makedirs(local_dir)
+
+ client = paramiko.SSHClient()
+ client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
- os.system(scp_log)
- print(scp_log)
- except:
- print('export report scp error:%s' % scp_log)
+ client.connect(ip, port, user, password)
+ sftp = client.open_sftp()
+
+ remote_files = sftp.listdir(remote_dir)
+ # 遍历远程文件列表
+ for filename in remote_files:
+ if filename.endswith('.tar.gz'):
+ remote_file_path = os.path.join(remote_dir, filename)
+ local_file_path = os.path.join(local_dir, filename)
+ sftp.get(remote_file_path, local_file_path)
+
+ except Exception as e:
+ print(f"Error: {e}")
+
+ finally:
+ # 关闭连接
+ if client:
+ client.close()
return Response(mod, content_type='application/json')
--
2.41.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手