fix: auto-fix code issues (cron)
- 修复重复导入/字段 - 修复异常处理 - 修复PEP8格式问题 - 添加类型注解 - 修复缺失的urllib.parse导入
This commit is contained in:
OpenClaw Bot
@@ -25,6 +25,7 @@ except ImportError:
|
||||
CRYPTO_AVAILABLE = False
|
||||
print("Warning: cryptography not available, encryption features disabled")
|
||||
|
||||
|
||||
class AuditActionType(Enum):
|
||||
"""审计动作类型"""
|
||||
|
||||
@@ -47,6 +48,7 @@ class AuditActionType(Enum):
|
||||
WEBHOOK_SEND = "webhook_send"
|
||||
BOT_MESSAGE = "bot_message"
|
||||
|
||||
|
||||
class DataSensitivityLevel(Enum):
|
||||
"""数据敏感度级别"""
|
||||
|
||||
@@ -55,6 +57,7 @@ class DataSensitivityLevel(Enum):
|
||||
CONFIDENTIAL = "confidential" # 机密
|
||||
SECRET = "secret" # 绝密
|
||||
|
||||
|
||||
class MaskingRuleType(Enum):
|
||||
"""脱敏规则类型"""
|
||||
|
||||
@@ -66,6 +69,7 @@ class MaskingRuleType(Enum):
|
||||
ADDRESS = "address" # 地址
|
||||
CUSTOM = "custom" # 自定义
|
||||
|
||||
|
||||
@dataclass
|
||||
class AuditLog:
|
||||
"""审计日志条目"""
|
||||
@@ -87,6 +91,7 @@ class AuditLog:
|
||||
def to_dict(self) -> dict[str, Any]:
|
||||
return asdict(self)
|
||||
|
||||
|
||||
@dataclass
|
||||
class EncryptionConfig:
|
||||
"""加密配置"""
|
||||
@@ -104,6 +109,7 @@ class EncryptionConfig:
|
||||
def to_dict(self) -> dict[str, Any]:
|
||||
return asdict(self)
|
||||
|
||||
|
||||
@dataclass
|
||||
class MaskingRule:
|
||||
"""脱敏规则"""
|
||||
@@ -123,6 +129,7 @@ class MaskingRule:
|
||||
def to_dict(self) -> dict[str, Any]:
|
||||
return asdict(self)
|
||||
|
||||
|
||||
@dataclass
|
||||
class DataAccessPolicy:
|
||||
"""数据访问策略"""
|
||||
@@ -144,6 +151,7 @@ class DataAccessPolicy:
|
||||
def to_dict(self) -> dict[str, Any]:
|
||||
return asdict(self)
|
||||
|
||||
|
||||
@dataclass
|
||||
class AccessRequest:
|
||||
"""访问请求(用于需要审批的访问)"""
|
||||
@@ -161,6 +169,7 @@ class AccessRequest:
|
||||
def to_dict(self) -> dict[str, Any]:
|
||||
return asdict(self)
|
||||
|
||||
|
||||
class SecurityManager:
|
||||
"""安全管理器"""
|
||||
|
||||
@@ -168,9 +177,18 @@ class SecurityManager:
|
||||
DEFAULT_MASKING_RULES = {
|
||||
MaskingRuleType.PHONE: {"pattern": r"(\d{3})\d{4}(\d{4})", "replacement": r"\1****\2"},
|
||||
MaskingRuleType.EMAIL: {"pattern": r"(\w{1,3})\w+(@\w+\.\w+)", "replacement": r"\1***\2"},
|
||||
MaskingRuleType.ID_CARD: {"pattern": r"(\d{6})\d{8}(\d{4})", "replacement": r"\1********\2"},
|
||||
MaskingRuleType.BANK_CARD: {"pattern": r"(\d{4})\d+(\d{4})", "replacement": r"\1 **** **** \2"},
|
||||
MaskingRuleType.NAME: {"pattern": r"([\u4e00-\u9fa5])[\u4e00-\u9fa5]+", "replacement": r"\1**"},
|
||||
MaskingRuleType.ID_CARD: {
|
||||
"pattern": r"(\d{6})\d{8}(\d{4})",
|
||||
"replacement": r"\1********\2",
|
||||
},
|
||||
MaskingRuleType.BANK_CARD: {
|
||||
"pattern": r"(\d{4})\d+(\d{4})",
|
||||
"replacement": r"\1 **** **** \2",
|
||||
},
|
||||
MaskingRuleType.NAME: {
|
||||
"pattern": r"([\u4e00-\u9fa5])[\u4e00-\u9fa5]+",
|
||||
"replacement": r"\1**",
|
||||
},
|
||||
MaskingRuleType.ADDRESS: {
|
||||
"pattern": r"([\u4e00-\u9fa5]{2,})([\u4e00-\u9fa5]+路|街|巷|号)(.+)",
|
||||
"replacement": r"\1\2***",
|
||||
@@ -281,19 +299,33 @@ class SecurityManager:
|
||||
|
||||
# 创建索引
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_audit_logs_user ON audit_logs(user_id)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_audit_logs_resource ON audit_logs(resource_type, resource_id)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_audit_logs_action ON audit_logs(action_type)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_audit_logs_created ON audit_logs(created_at)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_encryption_project ON encryption_configs(project_id)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_masking_project ON masking_rules(project_id)")
|
||||
cursor.execute("CREATE INDEX IF NOT EXISTS idx_access_policy_project ON data_access_policies(project_id)")
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_audit_logs_resource ON audit_logs(resource_type, resource_id)"
|
||||
)
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_audit_logs_action ON audit_logs(action_type)"
|
||||
)
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_audit_logs_created ON audit_logs(created_at)"
|
||||
)
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_encryption_project ON encryption_configs(project_id)"
|
||||
)
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_masking_project ON masking_rules(project_id)"
|
||||
)
|
||||
cursor.execute(
|
||||
"CREATE INDEX IF NOT EXISTS idx_access_policy_project ON data_access_policies(project_id)"
|
||||
)
|
||||
|
||||
conn.commit()
|
||||
conn.close()
|
||||
|
||||
def _generate_id(self) -> str:
|
||||
"""生成唯一ID"""
|
||||
return hashlib.sha256(f"{datetime.now().isoformat()}{secrets.token_hex(16)}".encode()).hexdigest()[:32]
|
||||
return hashlib.sha256(
|
||||
f"{datetime.now().isoformat()}{secrets.token_hex(16)}".encode()
|
||||
).hexdigest()[:32]
|
||||
|
||||
# ==================== 审计日志 ====================
|
||||
|
||||
@@ -431,7 +463,9 @@ class SecurityManager:
|
||||
conn.close()
|
||||
return logs
|
||||
|
||||
def get_audit_stats(self, start_time: str | None = None, end_time: str | None = None) -> dict[str, Any]:
|
||||
def get_audit_stats(
|
||||
self, start_time: str | None = None, end_time: str | None = None
|
||||
) -> dict[str, Any]:
|
||||
"""获取审计统计"""
|
||||
conn = sqlite3.connect(self.db_path)
|
||||
cursor = conn.cursor()
|
||||
@@ -589,7 +623,11 @@ class SecurityManager:
|
||||
conn.close()
|
||||
|
||||
# 记录审计日志
|
||||
self.log_audit(action_type=AuditActionType.ENCRYPTION_DISABLE, resource_type="project", resource_id=project_id)
|
||||
self.log_audit(
|
||||
action_type=AuditActionType.ENCRYPTION_DISABLE,
|
||||
resource_type="project",
|
||||
resource_id=project_id,
|
||||
)
|
||||
|
||||
return True
|
||||
|
||||
@@ -601,7 +639,10 @@ class SecurityManager:
|
||||
conn = sqlite3.connect(self.db_path)
|
||||
cursor = conn.cursor()
|
||||
|
||||
cursor.execute("SELECT master_key_hash, salt FROM encryption_configs WHERE project_id = ?", (project_id,))
|
||||
cursor.execute(
|
||||
"SELECT master_key_hash, salt FROM encryption_configs WHERE project_id = ?",
|
||||
(project_id,),
|
||||
)
|
||||
row = cursor.fetchone()
|
||||
conn.close()
|
||||
|
||||
@@ -794,7 +835,7 @@ class SecurityManager:
|
||||
cursor.execute(
|
||||
f"""
|
||||
UPDATE masking_rules
|
||||
SET {', '.join(set_clauses)}
|
||||
SET {", ".join(set_clauses)}
|
||||
WHERE id = ?
|
||||
""",
|
||||
params,
|
||||
@@ -840,7 +881,9 @@ class SecurityManager:
|
||||
|
||||
return success
|
||||
|
||||
def apply_masking(self, text: str, project_id: str, rule_types: list[MaskingRuleType] | None = None) -> str:
|
||||
def apply_masking(
|
||||
self, text: str, project_id: str, rule_types: list[MaskingRuleType] | None = None
|
||||
) -> str:
|
||||
"""应用脱敏规则到文本"""
|
||||
rules = self.get_masking_rules(project_id)
|
||||
|
||||
@@ -862,7 +905,9 @@ class SecurityManager:
|
||||
|
||||
return masked_text
|
||||
|
||||
def apply_masking_to_entity(self, entity_data: dict[str, Any], project_id: str) -> dict[str, Any]:
|
||||
def apply_masking_to_entity(
|
||||
self, entity_data: dict[str, Any], project_id: str
|
||||
) -> dict[str, Any]:
|
||||
"""对实体数据应用脱敏"""
|
||||
masked_data = entity_data.copy()
|
||||
|
||||
@@ -936,7 +981,9 @@ class SecurityManager:
|
||||
|
||||
return policy
|
||||
|
||||
def get_access_policies(self, project_id: str, active_only: bool = True) -> list[DataAccessPolicy]:
|
||||
def get_access_policies(
|
||||
self, project_id: str, active_only: bool = True
|
||||
) -> list[DataAccessPolicy]:
|
||||
"""获取数据访问策略"""
|
||||
conn = sqlite3.connect(self.db_path)
|
||||
cursor = conn.cursor()
|
||||
@@ -980,7 +1027,9 @@ class SecurityManager:
|
||||
conn = sqlite3.connect(self.db_path)
|
||||
cursor = conn.cursor()
|
||||
|
||||
cursor.execute("SELECT * FROM data_access_policies WHERE id = ? AND is_active = 1", (policy_id,))
|
||||
cursor.execute(
|
||||
"SELECT * FROM data_access_policies WHERE id = ? AND is_active = 1", (policy_id,)
|
||||
)
|
||||
row = cursor.fetchone()
|
||||
conn.close()
|
||||
|
||||
@@ -1073,7 +1122,11 @@ class SecurityManager:
|
||||
return ip == pattern
|
||||
|
||||
def create_access_request(
|
||||
self, policy_id: str, user_id: str, request_reason: str | None = None, expires_hours: int = 24
|
||||
self,
|
||||
policy_id: str,
|
||||
user_id: str,
|
||||
request_reason: str | None = None,
|
||||
expires_hours: int = 24,
|
||||
) -> AccessRequest:
|
||||
"""创建访问请求"""
|
||||
request = AccessRequest(
|
||||
@@ -1185,9 +1238,11 @@ class SecurityManager:
|
||||
created_at=row[8],
|
||||
)
|
||||
|
||||
|
||||
# 全局安全管理器实例
|
||||
_security_manager = None
|
||||
|
||||
|
||||
def get_security_manager(db_path: str = "insightflow.db") -> SecurityManager:
|
||||
"""获取安全管理器实例"""
|
||||
global _security_manager
|
||||
|
||||
Reference in New Issue
Block a user