sheppy/jeffrey_miller_flask_ftp
1
0
Fork 0
mirror of https://github.com/FAUSheppy/jeffrey_miller_flask_ftp synced 2025-12-06 15:21:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

input hardening

Browse Source
This commit is contained in:
Yannik Schmidt
2021-08-31 00:56:00 +02:00
parent aad0568f04
commit f10c87bb97
1 changed files with 32 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
server.py
View File

@@ -33,9 +33,17 @@ def index():
previousResponseCode = flask.request.args.get("code") previousResponseCode = flask.request.args.get("code")
return flask.render_template("index.html", code=previousResponseCode) return flask.render_template("index.html", code=previousResponseCode)
@app.route('/list-users')
def listUsers():
users = db.session.query(FTPUser)
previousResponseCode = flask.request.args.get("code")
return flask.render_template("list_users.html", users=users, code=previousResponseCode)
@app.route('/create-user', methods=["POST"]) @app.route('/create-user', methods=["POST"])
def createUser(): def createUser():
createUser(flask.request.form) error = createUser(flask.request.form)
if error:
return (error, HTTP_INTERNAL_ERR)
return (EMPTY, HTTP_EMPTY) return (EMPTY, HTTP_EMPTY)
@app.route('/delete-user', methods=["POST"]) @app.route('/delete-user', methods=["POST"])
@@ -46,28 +54,41 @@ def deleteUser():
return ("User doesn't exist.", 405) return ("User doesn't exist.", 405)
db.session.delete(user) db.session.delete(user)
db.session.commit() db.session.commit()
subprocess.run(["/usr/bin/sudo", "./scripts/delete_user.sh", userToDelete])
# be extra safe and use value from database
subprocess.run(["/usr/bin/sudo", "./scripts/delete_user.sh", user.username])
return ("/list-users", 200) return ("/list-users", 200)
@app.route('/list-users') def sanityCheckInputString(string, stringName):
def listUsers():
users = db.session.query(FTPUser) # sanity check input, let's not built RCE #
previousResponseCode = flask.request.args.get("code") try:
return flask.render_template("list_users.html", users=users, code=previousResponseCode) string = string.encode("ascii").decode("ascii")
except UnicodeEncodeError:
return "Error: {} contains non-ascii characters".format(stringName)
if not string.isalpha():
return "Error: {} contains non-alpha characters".format(stringName)
return None
def createUser(webform): def createUser(webform):
# command line useradd requires a pre-encrypted password # command line useradd requires a pre-encrypted password
cryptPass = crypt.crypt(webform['password'], PAM_PASSWD_SALT) cryptPass = crypt.crypt(webform['password'], PAM_PASSWD_SALT)
subprocess.run(["/usr/bin/sudo", "./scripts/create_user.sh", cryptPass, webform['username']])
username = webform['username']
error = sanityCheckInputString(username, "username")
if error:
return error
subprocess.run(["/usr/bin/sudo", "./scripts/create_user.sh", cryptPass, username])
# track added users to prevent deletion of other users and listing # # track added users to prevent deletion of other users and listing #
db.session.add(FTPUser(username=webform['username'])) db.session.add(FTPUser(username=webform['username']))
db.session.commit() db.session.commit()
def executeScript(scriptName): return None
path = os.path.expanduser(scriptName)
subprocess.Popen(path)
class FTPUser(db.Model): class FTPUser(db.Model):