Dev multi tenant #7752
Open
Dev multi tenant #7752
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wyyalt
force-pushed
the
dev_multi_tenant
branch
4 times, most recently
from
602d20b to
b7f5fa3
Compare
# Reviewed, transaction id: 38625
# Reviewed, transaction id: 38626
fix: 标准运维多租户改造CMDB插件 --story=122659210
# Reviewed, transaction id: 39221
fix: 标准运维多租户改造变量和CMDB插件 --story=122659384
# Reviewed, transaction id: 39248
fix: 消息通知插件多租户测试并修复 --story=121994365
# Reviewed, transaction id: 39368
fix: 标准运维多租户改造变量和CMDB插件 --story=122659384
# Reviewed, transaction id: 39634
# Reviewed, transaction id: 39731
feat: 通知中心周边系统接入联调——标准运维 --story=123610405
# Reviewed, transaction id: 39851
* fix: 修复子流程输入参数名称显示为插件表单名称的问题 --story=123583484 # Reviewed, transaction id: 39373 * fix: 修复任务执行快照表单项名称不正确问题 --story=123583484 # Reviewed, transaction id: 40013 * fix: 修复子流程批量更新、任务重试、执行详情表单项名称不正确问题 --story=123583484 # Reviewed, transaction id: 40027
# Reviewed, transaction id: 40079
fix: 多租户部署体验测试--story=123610576
# Reviewed, transaction id: 40158
fix: 多租户部署体验测试--story=123610576
# Reviewed, transaction id: 40208
# Reviewed, transaction id: 40376
# Reviewed, transaction id: 40409
# Reviewed, transaction id: 40348
# Reviewed, transaction id: 40637
fix: 多租户部署体验测试 --story=123610576
# Reviewed, transaction id: 57834
# Reviewed, transaction id: 66816
# Reviewed, transaction id: 67094
# Reviewed, transaction id: 67503
* fix: 多租户日期时间保存格式修改 --story=129095153 # Reviewed, transaction id: 67740 * fix: 保持配置文件的独立性 --story=129095153 # Reviewed, transaction id: 67836 * fix: 保持配置文件的独立性 --story=129095153 # Reviewed, transaction id: 67875 * fix: 删除暂不处理内容 --story=129095153 # Reviewed, transaction id: 67881
# Reviewed, transaction id: 67929
fix: 时区不加空格 --story=129095153
wyyalt
force-pushed
the
dev_multi_tenant
branch
from
1b22cf2 to
5c0f51f
Compare
# Reviewed, transaction id: 69909
…error fix: 补充字段数据兼容性处理 #ignore
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🔍 代码审查总结
审查了本次 PR 的核心变更,发现 6 个关键问题需要处理:
🔒 安全问题(必须修复)
- 认证检查被注释 - gcloud/utils/middleware.py:42-43
- 允许未验证请求绕过认证
- 敏感日志泄漏 - gcloud/core/middlewares.py:160-161
- 使用 logger.error() 输出完整请求元数据
⚡ 破坏性变更
- API 签名改变 - api/utils/request.py:37
batch_request函数调用方式变更,需确认所有调用方已更新
⚠️ 逻辑风险
- 租户 ID 弱回退 - gcloud/core/middlewares.py:171-173
- 缺失 tenant_id 时默认为 "default",可能导致跨租户数据泄漏
- 缓存键不安全 - gcloud/core/middlewares.py:41
- 时区缓存键未包含 tenant_id,可能返回错误租户的数据
- IAM 环境配置 - config/default.py:767
- 默认连接生产环境,测试环境可能误调用
建议: 问题 #1 和 #2 为高危安全问题,建议在合并前修复。其他问题请评估影响范围后处理。
详细评论已添加到对应代码行。
There was a problem hiding this comment.
File: gcloud/core/middlewares.py
Line: 160-161
🚨 敏感信息日志泄漏
logger.error("+++++++++++{}: {}++++++++++".format(header, header_value))
logger.error("+++++++++++request meta: {}++++++++++".format(request.META))问题: 生产环境日志会包含敏感 header、token、IP 地址
修复: 删除这些调试日志,或改用 logger.debug()
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.