From 0dc9b07edd0f33dcc902d183ca21953c3da46df9 Mon Sep 17 00:00:00 2001 From: Admin MPCZ Date: Wed, 15 Apr 2026 12:18:35 +0200 Subject: [PATCH] audit _run: retry sans sudo accepte sortie vide (pas containers/failed = OK, pas erreur) --- app/services/realtime_audit_service.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py index d4f98bf..5346c8a 100644 --- a/app/services/realtime_audit_service.py +++ b/app/services/realtime_audit_service.py @@ -246,19 +246,23 @@ def _run(client, cmd): err = stderr.read().decode("utf-8", errors="replace").strip() # Fallback sans sudo si sudoers refuse (detection robuste case/accent insensible) + SUDO_KW = ["pas autoris", "non autoris", "not allowed to execute", + "is not allowed", "no tty present", "sudo:"] err_low = err.lower() - sudo_refused = any(kw in err_low for kw in [ - "pas autoris", "non autoris", "not allowed to execute", - "is not allowed", "no tty present", "sudo:", - ]) + sudo_refused = any(kw in err_low for kw in SUDO_KW) if (not out) and err and sudo_refused: _, stdout, stderr = client.exec_command(cmd, timeout=15) out = stdout.read().decode("utf-8", errors="replace").strip() err2 = stderr.read().decode("utf-8", errors="replace").strip() - if out: - err = "" + err2_low = err2.lower() + still_sudo_err = any(kw in err2_low for kw in SUDO_KW) + if still_sudo_err: + err = err2 else: - err = err2 or err + # Retry sans sudo a abouti (sortie vide acceptable) + err = err2 if err2 else "" + if not out and not err: + out = "" # explicite : pas de containers / pas de services failed = OK result = out if out else err lines = [l for l in result.splitlines() if not any(b in l for b in BANNER_FILTERS) and l.strip()]