adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(audit): _resolve verifie la coherence FQDN BDD vs convention prefixe SANEF (vr*=.sanef-rec.fr, vp*=.sanef.groupe) - fallback sur suffixes ordonnes si FQDN incoherent + extension v[tdv] pour recette

Browse Source
This commit is contained in:
Pierre & Lumière 2026-05-05 14:09:49 +02:00
parent a7874aec11
commit 7e9cae6758
1 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
app/services/realtime_audit_service.py
View File

@ -77,13 +77,17 @@ BANNER_FILTERS = [
def _ordered_suffixes(hostname): def _ordered_suffixes(hostname):
"""Ordre des suffixes selon la 2e lettre du hostname (convention SANEF). """Ordre des suffixes selon la 2e lettre du hostname (convention SANEF).
r=recette, p=prod, i=infra. Les autres suffixes sont tentés en fallback.""" Recette : v[rtdv]* .sanef-rec.fr en priorité.
Prod : v[pls]* / sp / lp .sanef.groupe puis .sanef.fr en priorité.
Inconnu : ordre par défaut."""
all_suffixes = _get_dns_suffixes() all_suffixes = _get_dns_suffixes()
second = hostname[1].lower() if len(hostname) > 1 else "" second = hostname[1].lower() if len(hostname) > 1 else ""
if second == "r": # Recette / Test / Dev / Qualif (vr/vt/vd/vv)
if second in ("r", "t", "d", "v"):
priority = [".sanef-rec.fr", ".sanef.groupe", ".sanef.fr"] priority = [".sanef-rec.fr", ".sanef.groupe", ".sanef.fr"]
elif second in ("p", "i"): # Prod ou infra (vp/sp/lp/i)
priority = [".sanef.groupe", ".sanef-rec.fr", ".sanef.fr"] elif second in ("p", "i", "l", "s"):
priority = [".sanef.groupe", ".sanef.fr", ".sanef-rec.fr"]
else: else:
priority = [".sanef.groupe", ".sanef-rec.fr", ".sanef.fr"] priority = [".sanef.groupe", ".sanef-rec.fr", ".sanef.fr"]
ordered = [] ordered = []
@ -96,8 +100,26 @@ def _ordered_suffixes(hostname):
return ordered return ordered
def _fqdn_is_consistent(hostname, fqdn):
"""Vérifie que le FQDN BDD respecte la convention SANEF par préfixe.
Évite d'utiliser un FQDN incohérent (ex: vrameased1.sanef.groupe alors
que vr* doit être .sanef-rec.fr)."""
if not fqdn or not hostname or len(hostname) < 2:
return True
fqdn_lc = fqdn.lower()
second = hostname[1].lower()
# vr/vt/vd/vv → .sanef-rec.fr obligatoire
if second in ("r", "t", "d", "v"):
return ".sanef-rec.fr" in fqdn_lc
# vp/sp/lp → .sanef.groupe ou .sanef.fr
if second in ("p", "l"):
return (".sanef.groupe" in fqdn_lc) or (".sanef.fr" in fqdn_lc)
# Préfixe inconnu : on accepte le FQDN tel quel
return True
def _resolve(hostname): def _resolve(hostname):
# 1. FQDN stocke en base - retour direct sans check port (rapide) # 1. FQDN stocke en base — utilisé uniquement s'il respecte la convention SANEF
try: try:
from ..database import SessionLocal from ..database import SessionLocal
db = SessionLocal() db = SessionLocal()
@ -107,7 +129,12 @@ def _resolve(hostname):
), {"h": hostname}).fetchone() ), {"h": hostname}).fetchone()
db.close() db.close()
if row and row.fqdn: if row and row.fqdn:
return row.fqdn if _fqdn_is_consistent(hostname, row.fqdn):
return row.fqdn
log.warning(
f"FQDN BDD '{row.fqdn}' incohérent avec hostname '{hostname}' "
f"(convention SANEF) → fallback sur suffixes ordonnés"
)
except Exception: except Exception:
pass pass
# 2. Fallback : boucle suffixes DNS (si FQDN manquant en base) # 2. Fallback : boucle suffixes DNS (si FQDN manquant en base)