AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-09-20 07:58:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

verify file upload extention

Browse source
This commit is contained in:
Terrtia 2018-06-06 10:05:25 +02:00
parent 6143bc3dce
commit 8e9c77b364
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 54 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
var/www/Flask_server.py
View file

@ -131,9 +131,9 @@ taxonomies = Taxonomies()
for tag in taxonomies.get('infoleak').machinetags(): for tag in taxonomies.get('infoleak').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag) r_serv_tags.sadd('active_tag_infoleak', tag)
for tag in taxonomies.get('gdpr').machinetags(): for tag in taxonomies.get('gdpr').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag) r_serv_tags.sadd('active_tag_gdpr', tag)
for tag in taxonomies.get('fpf').machinetags(): for tag in taxonomies.get('fpf').machinetags():
r_serv_tags.sadd('active_tag_infoleak', tag) r_serv_tags.sadd('active_tag_fpf', tag)
# ============ MAIN ============ # ============ MAIN ============

81
var/www/modules/PasteSubmit/Flask_PasteSubmit.py
View file

@ -5,7 +5,7 @@
Flask functions and routes for the trending modules page Flask functions and routes for the trending modules page
''' '''
import redis import redis
from flask import Flask, render_template, jsonify, request, Blueprint, session from flask import Flask, render_template, jsonify, request, Blueprint
'''import random''' '''import random'''
@ -31,10 +31,16 @@ PasteSubmit = Blueprint('PasteSubmit', __name__, template_folder='templates')
valid_filename_chars = "-_ %s%s" % (string.ascii_letters, string.digits) valid_filename_chars = "-_ %s%s" % (string.ascii_letters, string.digits)
ALLOWED_EXTENSIONS = set(['txt', 'zip', 'gzip'])
# ============ FUNCTIONS ============ # ============ FUNCTIONS ============
def one(): def one():
return 1 return 1
def allowed_file(filename):
return '.' in filename and \
filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
def clean_filename(filename, whitelist=valid_filename_chars, replace=' '): def clean_filename(filename, whitelist=valid_filename_chars, replace=' '):
# replace characters # replace characters
for r in replace: for r in replace:
@ -123,47 +129,58 @@ def submit():
ltagsgalaxies = request.form['tags_galaxies'] ltagsgalaxies = request.form['tags_galaxies']
paste_content = request.form['paste_content'] paste_content = request.form['paste_content']
if paste_content != '': if ltags or ltagsgalaxies:
if sys.getsizeof(paste_content) < 900000: if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS'
if ltags or ltagsgalaxies: if 'file' not in request.files:
if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS'
to_launch = os.environ['AIL_BIN'] + 'submit_paste.py' file = request.files['file']
# get id
id = str(r_serv_tags.get('submit_id'))
if paste_name: if file.filename == '':
# clean file name
id = clean_filename(paste_name)
# create logs if paste_content != '':
r_serv_log_submit.set(id + ':end', 0) if sys.getsizeof(paste_content) < 900000:
r_serv_log_submit.set(id + ':nb_total', 1)
r_serv_log_submit.set(id + ':nb_end', 0)
r_serv_log_submit.set(id + ':error', 'error:')
#incr id to_launch = os.environ['AIL_BIN'] + 'submit_paste.py'
r_serv_tags.incr('submit_id') # get id
id = str(r_serv_tags.get('submit_id'))
# add submitted tags if paste_name:
if(ltags != ''): # clean file name
ltags = ltags + ',submitted' id = clean_filename(paste_name)
else:
ltags ='submitted'
# launch process # create logs
process = subprocess.Popen(["python", to_launch, ltags, ltagsgalaxies, paste_content, paste_name, id], r_serv_log_submit.set(id + ':end', 0)
stdout=subprocess.PIPE) r_serv_log_submit.set(id + ':nb_total', 1)
r_serv_log_submit.set(id + ':nb_end', 0)
r_serv_log_submit.set(id + ':error', 'error:')
return render_template("submiting.html", #incr id
id = id) r_serv_tags.incr('submit_id')
else: # add submitted tags
return 'size error' if(ltags != ''):
ltags = ltags + ',submitted'
else:
ltags ='submitted'
return 'submit' # launch process
process = subprocess.Popen(["python", to_launch, ltags, ltagsgalaxies, paste_content, paste_name, id],
stdout=subprocess.PIPE)
return render_template("submiting.html",
id = id)
else:
return 'size error'
return 'submit'
if file and allowed_file(file.filename):
print(file.read())
return 'error'
@PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET']) @PasteSubmit.route("/PasteSubmit/submit_status", methods=['GET'])
def submit_status(): def submit_status():

2
var/www/modules/PasteSubmit/templates/PasteSubmit.html
View file

@ -30,7 +30,7 @@
<div class="row"> <div class="row">
<!-- /.col-lg-12 --> <!-- /.col-lg-12 -->
<form action="/PasteSubmit/submit" id="pasteSubmitForm" method="post" onsubmit="submitPaste()"> <form action="/PasteSubmit/submit" id="pasteSubmitForm" method="post" enctype=multipart/form-data onsubmit="submitPaste()">
<input type="hidden" id="tags_taxonomies" name="tags_taxonomies" value="test"> <input type="hidden" id="tags_taxonomies" name="tags_taxonomies" value="test">
<input type="hidden" id="tags_galaxies" name="tags_galaxies" value="test"> <input type="hidden" id="tags_galaxies" name="tags_galaxies" value="test">

1
var/www/modules/PasteSubmit/templates/submiting.html
View file

@ -292,6 +292,7 @@ function submitPaste(){
} }
} else { } else {
//error handler //error handler
document.getElementById('files_submitted').innerHTML = in_progress;
if(isError){ if(isError){
document.getElementById('error_message').innerHTML = error; document.getElementById('error_message').innerHTML = error;
$("#panel_error").removeClass('hidden'); $("#panel_error").removeClass('hidden');