From 27f65f5c5e38b6d0cee28db3591784266a47de9e Mon Sep 17 00:00:00 2001
From: lixin <lixinb@uniontech.com>
Date: Tue, 12 Mar 2024 10:42:07 +0800
Subject: [PATCH] CVE-2024-24892

---
 index.py | 50 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/index.py b/index.py
index 239148e..f604fc2 100644
--- a/index.py
+++ b/index.py
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier:   MulanPubL-2.0-or-later
 import os
 import json
+import paramiko
 from func import share
 from urls import server_mods
 from flask import Flask, render_template, request, Response
@@ -202,29 +203,42 @@ def export_migration_reports():
     :return:
     """
     mod = check_methods()
-    f = open("/usr/lib/migration-tools-server/.passwd.txt", "r")
-    password = f.read()
-    f.close()
     if mod:
         data = request.get_data()
         json_data = json.loads(data)
-        mkdir_log_pwd = "/var/uos-migration/"
-        isExists=os.path.exists(mkdir_log_pwd)
-        if not isExists:
-            try:
-                os.makedirs(mkdir_log_pwd)
-                print(mkdir_log_pwd)
-            except:
-                print("export report mkdir error:%s" % mkdir_log_pwd)
-
+        user = json_data.get('info').split("|")[0]
         info = mod.split(',')
-        scp_log = "sshpass -p '%s'" % password + " scp -r %s" % json_data.get('info').split("|")[0] + "@%s" % info[1] \
-                  + ":/var/tmp/uos-migration/UOS*.tar.gz /var/uos-migration/"
+        ip = info[1].strip('"')
+        port = 22
+
+        with open("/usr/lib/migration-tools-server/.passwd.txt", "r") as f:
+            password = f.read()
+
+        remote_dir = local_dir = "/var/tmp/uos-migration"
+        if not os.path.exists(local_dir):
+            os.makedirs(local_dir)
+
+        client = paramiko.SSHClient()
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
         try:
-            os.system(scp_log)
-            print(scp_log)
-        except:
-            print('export report scp error:%s' % scp_log)
+            client.connect(ip, port, user, password)
+            sftp = client.open_sftp()
+
+            remote_files = sftp.listdir(remote_dir)
+            # 遍历远程文件列表
+            for filename in remote_files:
+                if filename.endswith('.tar.gz'):
+                    remote_file_path = os.path.join(remote_dir, filename)
+                    local_file_path = os.path.join(local_dir, filename)
+                    sftp.get(remote_file_path, local_file_path)
+
+        except Exception as e:
+            print(f"Error: {e}")
+
+        finally:
+            # 关闭连接
+            if client:
+                client.close()
         return Response(mod, content_type='application/json')
 
 
-- 
2.41.0