verify file upload extention

This commit is contained in:
Terrtia 2018-06-06 10:05:25 +02:00
parent 6143bc3dce
commit 8e9c77b364
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 54 additions and 36 deletions

View file

@ -131,9 +131,9 @@ taxonomies = Taxonomies()
for tag in taxonomies.get('infoleak').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag)
for tag in taxonomies.get('gdpr').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag)
r_serv_tags.sadd('active_tag_gdpr', tag)
for tag in taxonomies.get('fpf').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag)
r_serv_tags.sadd('active_tag_fpf', tag)
# ============ MAIN ============

View file

@ -5,7 +5,7 @@
Flask functions and routes for the trending modules page
'''
import redis
from flask import Flask, render_template, jsonify, request, Blueprint, session
from flask import Flask, render_template, jsonify, request, Blueprint
'''import random'''
@ -31,10 +31,16 @@ PasteSubmit = Blueprint('PasteSubmit', __name__, template_folder='templates')
valid_filename_chars = "-_ %s%s" % (string.ascii_letters, string.digits)
ALLOWED_EXTENSIONS = set(['txt', 'zip', 'gzip'])
# ============ FUNCTIONS ============
def one():
return 1
def allowed_file(filename):
return '.' in filename and \
filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
def clean_filename(filename, whitelist=valid_filename_chars, replace=' '):
# replace characters
for r in replace:
@ -123,47 +129,58 @@ def submit():
ltagsgalaxies = request.form['tags_galaxies']
paste_content = request.form['paste_content']
if paste_content != '':
if sys.getsizeof(paste_content) < 900000:
if ltags or ltagsgalaxies:
if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS'
if ltags or ltagsgalaxies:
if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS'
if 'file' not in request.files:
to_launch = os.environ['AIL_BIN'] + 'submit_paste.py'
# get id
id = str(r_serv_tags.get('submit_id'))
file = request.files['file']
if paste_name:
# clean file name
id = clean_filename(paste_name)
if file.filename == '':
# create logs
r_serv_log_submit.set(id + ':end', 0)
r_serv_log_submit.set(id + ':nb_total', 1)
r_serv_log_submit.set(id + ':nb_end', 0)
r_serv_log_submit.set(id + ':error', 'error:')
if paste_content != '':
if sys.getsizeof(paste_content) < 900000:
#incr id
r_serv_tags.incr('submit_id')
to_launch = os.environ['AIL_BIN'] + 'submit_paste.py'
# get id
id = str(r_serv_tags.get('submit_id'))
# add submitted tags
if(ltags != ''):
ltags = ltags + ',submitted'
else:
ltags ='submitted'
# launch process
process = subprocess.Popen(["python", to_launch, ltags, ltagsgalaxies, paste_content, paste_name, id],
stdout=subprocess.PIPE)
if paste_name:
# clean file name
id = clean_filename(paste_name)
return render_template("submiting.html",
id = id)
# create logs
r_serv_log_submit.set(id + ':end', 0)
r_serv_log_submit.set(id + ':nb_total', 1)
r_serv_log_submit.set(id + ':nb_end', 0)
r_serv_log_submit.set(id + ':error', 'error:')
else:
return 'size error'
#incr id
r_serv_tags.incr('submit_id')
return 'submit'
# add submitted tags
if(ltags != ''):
ltags = ltags + ',submitted'
else:
ltags ='submitted'
# launch process
process = subprocess.Popen(["python", to_launch, ltags, ltagsgalaxies, paste_content, paste_name, id],
stdout=subprocess.PIPE)
return render_template("submiting.html",
id = id)
else:
return 'size error'
return 'submit'
if file and allowed_file(file.filename):
print(file.read())
return 'error'
@PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET'])
def submit_status():

View file

@ -30,7 +30,7 @@
<div class="row">
<!-- /.col-lg-12 -->
<form action="/PasteSubmit/submit" id="pasteSubmitForm" method="post" onsubmit="submitPaste()">
<form action="/PasteSubmit/submit" id="pasteSubmitForm" method="post" enctype=multipart/form-data onsubmit="submitPaste()">
<input type="hidden" id="tags_taxonomies" name="tags_taxonomies" value="test">
<input type="hidden" id="tags_galaxies" name="tags_galaxies" value="test">

View file

@ -292,6 +292,7 @@ function submitPaste(){
}
} else {
//error handler
document.getElementById('files_submitted').innerHTML = in_progress;
if(isError){
document.getElementById('error_message').innerHTML = error;
$("#panel_error").removeClass('hidden');