Skip to content

Commit

Permalink
[2.4.2] Hardening code and report
Browse files Browse the repository at this point in the history 
 - add hardening rule for script timeout
 - change hardening level
 - re-make hardening python code
 - hardening report (text)
 - auto-delete process for real time output
 - MANIFEST.in exclude audit files
 - Fix: request multiline
 - Fix: request first output
 - Fix: csv databases (NUL characters)
 - Fix: Windows config files
  • Loading branch information
@mauricelambert
mauricelambert authored Dec 3, 2021
1 parent 147f47b commit 20d66e7
Show file tree
Hide file tree
Showing 21 changed files with 295 additions and 228 deletions.
15 changes: 10 additions & 5 deletions WebScripts/Pages.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
system.
"""

__version__ = "1.0.0"
__version__ = "1.0.1"
__author__ = "Maurice Lambert"
__author_email__ = "[email protected]"
__maintainer__ = "Maurice Lambert"
Expand Down Expand Up @@ -360,11 +360,14 @@ class Process:
This class implements a running processus.
"""

def __init__(self, process: Popen, script: ScriptConfig, user: User):
def __init__(
self, process: Popen, script: ScriptConfig, user: User, key: str
):
Logs.debug("Process creation...")
self.process = process
self.script = script
self.user = user
self.key = key
self.start_time = time()
self.timeout = script.timeout

Expand All @@ -382,6 +385,7 @@ def get_line(self, read: bool = True) -> Tuple[bytes, bytes, str]:

self.process.stdout.flush()
if self.process.poll() == 0:
del Pages.processes[self.key]
return (
self.process.stdout.read(),
self.process.stderr.read(),
Expand All @@ -402,7 +406,11 @@ def get_line(self, read: bool = True) -> Tuple[bytes, bytes, str]:
if read:
stdout = self.process.stdout.read()
stderr = self.process.stderr.read()
del Pages.processes[self.key]
else:
self.timer = Timer(300, self.get_line)
# delete the process 5 minutes after the timeout
self.timer.start()
stdout = b""
stderr = b""

Expand Down Expand Up @@ -467,9 +475,6 @@ def get(

stdout, stderr, error = process.get_line()

if error:
del Pages.processes[filename]

response_object = {
"stdout": decode_output(stdout) if stdout else "",
"stderr": decode_output(stderr) if stderr else "",
Expand Down
6 changes: 6 additions & 0 deletions WebScripts/WebScripts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -721,6 +721,10 @@ def app(self, environ: _Environ, respond: FunctionType) -> List[bytes]:
return self.page_403(None, respond)
elif error == "500":
return self.page_500(page, respond)
else:
response = self.send_custom_error("", error)
if response is not None:
error, headers, page = response

if not error:
error = "200 OK"
Expand All @@ -734,6 +738,8 @@ def app(self, environ: _Environ, respond: FunctionType) -> List[bytes]:
return [page]
elif isinstance(page, str):
return [page.encode()]
elif isinstance(page, list):
return page

@log_trace
def send_headers(
Expand Down
2 changes: 1 addition & 1 deletion WebScripts/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

"""This tools run scripts and display the result in a Web Interface."""

__version__ = "2.4.1"
__version__ = "2.4.2"
__author__ = "Maurice Lambert"
__author_email__ = "[email protected]"
__maintainer__ = "Maurice Lambert"
Expand Down
2 changes: 1 addition & 1 deletion WebScripts/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

"""This tools run scripts and display the result in a Web Interface."""

__version__ = "2.4.1"
__version__ = "2.4.2"
__author__ = "Maurice Lambert"
__author_email__ = "[email protected]"
__maintainer__ = "Maurice Lambert"
Expand Down
1 change: 1 addition & 0 deletions WebScripts/config/files/change_my_password.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
"script": {
"timeout": 15,
"launcher": "python3",
"minimum_access": 50,
"category": "My Account",
Expand Down
1 change: 1 addition & 0 deletions WebScripts/config/nt/files/change_my_password.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
"script": {
"timeout": 15,
"launcher": "python",
"minimum_access": 50,
"category": "My Account",
Expand Down
11 changes: 10 additions & 1 deletion WebScripts/config/nt/scripts/default_admin_scripts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
},

"config_change_user_password": {
"timeout": 15,
"launcher": "python",
"access_groups": [1000],
"category": "Administration",
Expand All @@ -27,7 +28,7 @@
},

"config_delete_user": {
"timeout": null,
"timeout": 15,
"access_users": [],
"no_password": true,
"launcher": "python",
Expand Down Expand Up @@ -57,6 +58,7 @@
},

"config_add_user": {
"timeout": 15,
"launcher": "python",
"access_groups": [1000],
"content_type": "text/plain",
Expand Down Expand Up @@ -118,6 +120,7 @@
},

"config_view_users": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -129,6 +132,7 @@
},

"config_api_view_users": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand Down Expand Up @@ -159,6 +163,7 @@
},

"config_add_group": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand Down Expand Up @@ -186,6 +191,7 @@
},

"config_delete_group": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -206,6 +212,7 @@
},

"config_view_groups": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -217,6 +224,7 @@
},

"config_api_view_groups": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -233,6 +241,7 @@
},

"config_get_apikey": {
"timeout": 15,
"launcher": "python",
"minimum_access": 50,
"category": "My Account",
Expand Down
2 changes: 2 additions & 0 deletions WebScripts/config/nt/scripts/default_log_scripts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
},

"config_log_analysis": {
"timeout": 120,
"no_password": true,
"launcher": "python",
"category": "Security",
Expand All @@ -16,6 +17,7 @@
},

"config_log_viewer": {
"timeout": 30,
"no_password": true,
"launcher": "python",
"category": "Security",
Expand Down
3 changes: 3 additions & 0 deletions WebScripts/config/nt/scripts/default_password_scripts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
},

"config_password_generator": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Password",
Expand All @@ -15,6 +16,7 @@
},

"config_get_password_share": {
"timeout": 15,
"launcher": "python",
"category": "Password",
"args": "args_get_password_share",
Expand All @@ -33,6 +35,7 @@
},

"config_new_password_share": {
"timeout": 15,
"launcher": "python",
"category": "Password",
"content_type": "text/html",
Expand Down
3 changes: 3 additions & 0 deletions WebScripts/config/nt/scripts/default_requests_scripts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
},

"config_get_request": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -17,6 +18,7 @@
},

"config_get_requests": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand All @@ -38,6 +40,7 @@
},

"config_delete_request": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"access_groups": [1000],
Expand Down
10 changes: 10 additions & 0 deletions WebScripts/config/nt/scripts/default_uploads_scripts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
},

"config_get_file": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -28,6 +29,7 @@
},

"config_get_files": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -43,6 +45,7 @@
},

"config_delete_file": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand Down Expand Up @@ -111,6 +114,7 @@
},

"config_get_history": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -122,6 +126,7 @@
},

"config_upload_file": {
"timeout": 300,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -144,6 +149,7 @@
},

"config_api_get_files": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -153,6 +159,7 @@
},

"config_get_all_files": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -163,6 +170,7 @@
},

"config_api_get_history": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -173,6 +181,7 @@
},

"config_api_get_all_files": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand All @@ -182,6 +191,7 @@
},

"config_get_any_file": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "Upload",
Expand Down
7 changes: 4 additions & 3 deletions WebScripts/config/nt/server.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ [email protected]
auth.py=config_auth # Define the configuration section ("config_auth") for script named "auth.py"
show_license.py=config_show_licence # Same as previous for "show_license.py" with "config_show_licence"
change_my_password.py=config_change_my_password # Same as previous for "change_my_password.py" with "config_change_my_password"
# test_config.py=config_test_config # Little script to test arguments and script configurations
test_config.py=config_test_config # Little script to test arguments and script configurations

[config_auth]
launcher=python # Define the launcher for this script (if script is executable this line is not necessary)
Expand All @@ -59,7 +59,7 @@ access_users=0,1,2
args=auth_args # The arguments are defined in section named "auth_args"
description=This script authenticates users. # Short description to help users
category=My Account # Add a link on the index page in the "My Account" section
timeout=10 # Timeout for process execution (in seconds)
timeout=15 # Timeout for process execution (in seconds)
command_generate_documentation=python "%(dirname)s/../doc/py_doc.py" "%(path)s" # Command line to generate the documentation file

# Script "auth.py" is in "./scripts/account" and this path is defined in "scripts_path" so is not necessary to add the "path" in configuration section
Expand Down Expand Up @@ -108,9 +108,10 @@ example=password
configuration_file=./config/nt/files/change_my_password.json # Define script configuration in a specific file

[config_test_config]
configuration_file=./config/files/test_config.json
configuration_file=./config/nt/files/test_config.json

[config_show_licence]
timeout=15 # Timeout for process execution (in seconds)
launcher=python # Define the launcher for this script (if script is executable this line is not necessary)
category=License # Add a link on the index page in the "License" section
no_password=false # Log the execution command line (must be false if a password is in arguments)
Expand Down
4 changes: 3 additions & 1 deletion WebScripts/config/nt/server.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,14 +72,15 @@
},

"config_auth": {
"timeout": 15,
"args": "auth_args",
"launcher": "python",
"category": "My Account",
"description": "This script authenticates users."
},

"config_test_config": {
"configuration_file": "./config/files/test_config.json"
"configuration_file": "./config/nt/files/test_config.json"
},

"auth_args": {
Expand All @@ -103,6 +104,7 @@
},

"config_show_licence": {
"timeout": 15,
"no_password": true,
"launcher": "python",
"category": "License",
Expand Down
Loading

0 comments on commit 20d66e7

Please sign in to comment.