adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
345 Commits 1 Branch 2 Tags 93 MiB
a1476cb3e2
Commit Graph

345 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Admin MPCZ
f32c247bf4 migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent) 2026-04-27 13:44:45 +00:00
Admin MPCZ
19ab837e12 migrate: 7 tables manquantes pour sync DB locale dev (chassis, hypervisors, qualys_missing_servers, qualys_vuln_snapshot*, secops_duty, server_databases) 2026-04-27 12:40:01 +00:00
Admin MPCZ
a3f1aaea63 migrate: ajout DDL tables qualys_vuln_dashboard (alignement sync SANEF) 2026-04-27 09:19:12 +00:00
Admin MPCZ
4bc9d6cc61 docs(qualys/duplicates): message bandeau ~1200 serveurs 2026-04-25 19:56:51 +00:00
Admin MPCZ
0d4ce6dfc2 feat(qualys/duplicates): scan filtre Linux+Windows Server uniquement (~1200 vs 6244) 2026-04-25 19:56:23 +00:00
Admin MPCZ
2c5c0df355 docs(qualys/duplicates): clarifie message bandeau (6000 scan total, 1300 serveurs filtres) 2026-04-25 11:05:36 +00:00
Admin MPCZ
6c52d05393 fix(qualys/duplicates): renomme cle items -> groups (conflit Jinja avec dict.items) 2026-04-25 10:49:53 +00:00
Admin MPCZ
cc550c2d84 fix(qualys/duplicates): scan async (background thread) + bandeau scan en cours - evite 503 HAProxy 2026-04-25 10:31:07 +00:00
Admin MPCZ
e832381b68 feat(qualys/duplicates): filtre serveurs uniquement (exclut Win 10/11/7/8/XP postes) 2026-04-25 10:23:14 +00:00
Admin MPCZ
3d043af194 feat(qualys): page doublons + suppression API Qualys 1-clic 2026-04-25 10:17:40 +00:00
Admin MPCZ
8f406f211d feat(qualys/dashboard): compute v2 - interroge API Qualys par tag (DB locale qualys_asset_tags souvent obsolete) 2026-04-25 00:42:29 +00:00
Admin MPCZ
54c10d90de fix(qualys/dashboard): bandeau plus voyant (gradient cyan + glow) 2026-04-25 00:27:01 +00:00
Admin MPCZ
66558c4b46 fix(qualys/dashboard): compteur base sur running_since DB (survit aux auto-refresh) 2026-04-25 00:16:44 +00:00
Admin MPCZ
0ab4f2d8fa fix(qualys/dashboard): vire flag in-memory + safety net thread + flex layout 6 KPI 2026-04-25 00:13:22 +00:00
Admin MPCZ
34cca6f77b fix(qualys/dashboard): user est un dict, utiliser user.get(sub) au lieu de .username 2026-04-25 00:09:15 +00:00
Admin MPCZ
9a7f446637 fix(qualys/dashboard): insert pending row dans la route avant spawn thread (no race) 2026-04-25 00:07:22 +00:00
Admin MPCZ
daf87891a7 feat(qualys/dashboard): is_running base sur DB (multi-worker safe) + bouton Annuler 2026-04-25 00:05:49 +00:00
Admin MPCZ
17f508c1d1 feat(qualys/dashboard): bandeau spinner persistant + auto-refresh pendant recalcul 2026-04-24 23:55:24 +00:00
Admin MPCZ
8f8e8c4d8f feat(qualys): dashboard vulnerabilites avec KPI + historique 2026-04-24 23:49:46 +00:00
Admin MPCZ
b06aedfc3b fix(qualys): force vuln cache refresh on bulk resync redirect 2026-04-24 22:51:11 +00:00
Admin MPCZ
392c8f4fe5 fix(qualys/search): KPI vuln_map est dict total/severityN, pas int 2026-04-24 22:34:16 +00:00
Admin MPCZ
3c00f05263 feat(qualys/agents): colonne Version OS dans table sans-agent 2026-04-24 22:30:39 +00:00
Admin MPCZ
c57ef61adb feat(qualys/search): KPI total/avec-vuln/sans-vuln + filtre vuln_filter 2026-04-24 22:27:55 +00:00
Admin MPCZ
5d421dcd28 docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
Admin MPCZ
c258d6091a fix(qualys): resync_all_tags HTTP 400 - limitResults 10000 trop grand, capper a 1000 
Qualys QPS API rejette limitResults au-dela de 1000 (HTTP 400 Bad Request).
Aligne sur les autres requetes du service (5, 20, 100, 200, 1000) et sur
qualys_tags_service.list_qualys_tags qui utilise deja 1000.

Reproductible via /qualys/tags > bouton Resync (msg=resync_ko_HTTP+400).
 2026-04-23 12:19:31 +00:00
Admin MPCZ
5fedfb5f80 Add page Tour de garde SecOps : import xlsx + table + vue hebdo + competences 2026-04-17 23:39:11 +00:00
Admin MPCZ
803016458d Doc: algorithme detaille processus patching SANEF (12 sections) 2026-04-17 23:32:04 +00:00
Admin MPCZ
9a72fa7eb7 Optim: fix N+1 queries itop_service (pre-load batch) + macros Jinja2 badges 2026-04-17 23:23:32 +00:00
Admin MPCZ
a0f90cd719 Optim: logging structure + query_helpers.py + fix exceptions silencieuses routers 2026-04-17 23:19:18 +00:00
Admin MPCZ
9097872e57 Secu: verif permissions can_view/can_edit sur endpoints HTMX detail/edit 2026-04-17 23:15:04 +00:00
Admin MPCZ
89f069ddcc import_plan_patching: skip lignes avec date future (cellules coloriees a l avance) 2026-04-17 12:44:27 +00:00
Admin MPCZ
2bf2fa5042 patch_history: tolere parametres vides dans les filtres (week=, source=, etc.) 2026-04-17 12:42:58 +00:00
Admin MPCZ
402ed36407 import_ldap_group_users : ne reactive plus les users desactives manuellement 2026-04-17 12:32:46 +00:00
Admin MPCZ
81227833c1 Add link_patch_history_intervenants : lie patch_history.intervenant_name -> users.id (FK) 2026-04-17 12:31:40 +00:00
Admin MPCZ
7ec7c49c34 import_ldap_group_users : fallback UPN/sam@sanef.com si mail absent, inclut comptes admin sans mail 2026-04-17 12:26:12 +00:00
Admin MPCZ
2a4c785535 Add import_ldap_group_users + FK users.contact_id + contacts.ldap_dn 2026-04-17 12:16:24 +00:00
Admin MPCZ
2ab2ceabba Historique patching : filtres OS/zone/domaine/intervenant + colonnes table 2026-04-17 12:10:45 +00:00
Admin MPCZ
14f809335e Add tool import_plan_patching_xlsx : historique 2025+2026 (vert = patche) 2026-04-17 11:56:32 +00:00
Admin MPCZ
cfb9cf865c Register patch_history router in main.py 2026-04-17 09:41:14 +00:00
Admin MPCZ
4b1794d4d1 Add page Historique patching : vue unifiee import xlsx + campagnes + quickwin 2026-04-17 08:47:25 +00:00
Admin MPCZ
c9890a274f Add tools/import_planning_xlsx.py : import patch_planning depuis xlsx Ayoub 2026-04-17 08:32:56 +00:00
MOUTAOUAKIL-ext Khalid
e2fb34f115 Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
Admin MPCZ
1c661e2dc5 qualys_tags: respect qualys_bypass_proxy flag 
_get_creds() ignorait le flag bypass_proxy et retournait toujours
qualys_proxy meme si l'utilisateur avait coche bypass en settings.
Comportement desormais aligne avec qualys_service._get_qualys_creds().
 2026-04-17 00:28:57 +02:00
Admin MPCZ
617bf94e31 Qualys agents sync: optims perf majeures (~3-5x plus rapide) 
Refactor _refresh_all_agents_impl() avec 4 optimisations:

1. Pre-chargement des servers en dict Python au debut (hostname + IP)
   -> elimine 2 queries SQL par asset (gain principal)

2. UPSERT 'INSERT ... ON CONFLICT DO UPDATE' + RETURNING (xmax=0)
   -> une seule query au lieu de SELECT + INSERT/UPDATE
   -> compte created/updated via xmax

3. HTTP Session reutilisee (requests.Session)
   -> keep-alive, pas de handshake SSL a chaque page

4. ThreadPoolExecutor(5) pour executer les 5 filtres tagName en parallele
   -> dedup par asset_id pour eviter traitement double

Bonus:
- max_pages 30 -> 500 par filtre (evite syncs incomplets silencieux)
- FQDN backfill cible via cache 'servers_need_fqdn' (pas d'UPDATE inutile)
- Commit unique en fin de traitement (suppression savepoint par asset)
- Retrait age-check redondant en mode diff (deja filtre cote API)
 2026-04-16 23:34:51 +02:00
Admin MPCZ
55cd35eaf1 import_applications_ioda: gestion conflits nom_court (UNIQUE existant) 
Strategy SELECT puis INSERT/UPDATE plutot que ON CONFLICT:
- Cherche par ioda_libelle d'abord, sinon par nom_court (apps non-IODA)
- Si UPDATE existant -> enrichit avec champs IODA
- Si INSERT et nom_court deja pris -> suffixe avec -IODA-<POS>

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-16 14:21:37 +02:00
Admin MPCZ
34c8025b56 import_applications_ioda: cast str() pour cellules non-string (int) 
Le fichier IODA a parfois des integers/floats dans lib_court ou autres
cols texte. Helper s() coerce + trim + None si vide.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-16 14:19:29 +02:00
Admin MPCZ
b55e8d4e26 Import IODA applications + table qualys_missing_servers 
- Migration deploy/migrations/2026-04-16_ioda_qualys_missing.sql:
  * ALTER applications: 13 colonnes ioda_* (libelle, code_pos, type, statut,
    perimetre, dept_domaine, resp_metier, resp_dsi, nb_components, etc.)
  * Index unique sur ioda_libelle (cle d'upsert idempotente)
  * Nouvelle table qualys_missing_servers avec server_id FK,
    reason_category enum (appliance/ot_scada/virtualisation/oubli/...),
    status (a_traiter/a_enroler/exempt/enrole/decom), priority 1-5,
    trigger updated_at

- tools/import_applications_ioda.py: lit deploy/ServeursAssoci*IODA*.xlsx
  sheet "Services Metiers", upsert sur ioda_libelle

- tools/import_qualys_missing.py: lit deploy/comparaison*.xlsx sheet
  RECAP, filtre col J (COMP1) sans 'Qualys', categorise auto via
  heuristique nom (BAC_/BEU_/... = ot_scada, esx*/vp*esx = virtu,
  presence 3 sources sans Qualys = oubli urgent), lien auto vers
  servers.id si match hostname/fqdn

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-16 13:59:53 +02:00
Admin MPCZ
f1a1ca9c7b Qualys Tags V3: unescape entites XML dans ruleText/name 
Qualys renvoie les entites XML dans ruleText deja echappees (Bip&amp;Go,
&lt;?xml...). Jinja auto-escape les ressortait en double (&amp;lt;...).
Unescape iteratif (jusqu'a 3 passes) pour couvrir le double-escape.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-15 15:40:04 +02:00
Admin MPCZ
79a2cc896e Qualys diff: format ISO sans microsec YYYY-MM-DDTHH:MM:SSZ (compat API QPS) 2026-04-15 14:28:57 +02:00
Admin MPCZ
7924e64616 Qualys diff: filtre 'updated' (searchable) au lieu de 'lastCheckedIn' (non recunu API) 2026-04-15 14:06:27 +02:00