CyberCP/secMiddleware.py

from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
import json
from django.shortcuts import HttpResponse

class secMiddleware:

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if request.method == 'POST':
            try:
                #logging.writeToFile(request.body)
                data = json.loads(request.body)
                for key, value in data.iteritems():
                    if request.path.find('gitNotify') > -1:
                        break

                    # if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
                    #     logging.writeToFile(request.body)
                    #     final_dic = {'error_message': "Data supplied is not accepted.",
                    #                  "errorMessage": "Data supplied is not accepted."}
                    #     final_json = json.dumps(final_dic)
                    #     return HttpResponse(final_json)

                    if type(value) == str or type(value) == unicode:
                        pass
                    else:
                        continue

                    if request.build_absolute_uri().find('filemanager') > -1:
                        continue
                    if key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':
                        continue
                    if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1:
                        logging.writeToFile(request.body)
                        final_dic = {'error_message': "Data supplied is not accepted.",
                                     "errorMessage": "Data supplied is not accepted."}
                        final_json = json.dumps(final_dic)
                        return HttpResponse(final_json)
                    if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1:
                        logging.writeToFile(request.body)
                        final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}
                        final_json = json.dumps(final_dic)
                        return HttpResponse(final_json)
            except BaseException, msg:
                logging.writeToFile(str(msg))
                response = self.get_response(request)
                return response
        response = self.get_response(request)
        return response
Bug fixes. 2018-07-05 15:22:48 +05:00			`from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging`
Bug fixes 2018-09-24 18:56:48 +05:00			`import json`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`from django.shortcuts import HttpResponse`
Bug fix to email policy server. 2018-06-30 15:29:56 +05:00
			`class secMiddleware:`

			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
			`if request.method == 'POST':`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`try:`
v1.7.4 2018-11-26 02:32:30 +05:00			`#logging.writeToFile(request.body)`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`data = json.loads(request.body)`
			`for key, value in data.iteritems():`
bug fix for git private repos 2019-02-21 17:19:04 +05:00			`if request.path.find('gitNotify') > -1:`
			`break`
cpanel importer 2019-07-03 13:15:26 +05:00
			`# if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:`
			`# logging.writeToFile(request.body)`
			`# final_dic = {'error_message': "Data supplied is not accepted.",`
			`# "errorMessage": "Data supplied is not accepted."}`
			`# final_json = json.dumps(final_dic)`
			`# return HttpResponse(final_json)`

Plugin Manager 2018-10-03 18:46:44 +05:00			`if type(value) == str or type(value) == unicode:`
			`pass`
			`else:`
			`continue`
bug fix to filemanager 2019-04-28 22:01:36 +05:00
			`if request.build_absolute_uri().find('filemanager') > -1:`
			`continue`
filemanager overhaul 2019-01-28 15:19:59 +05:00			`if key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`continue`
			`if value.find(';') > -1 or value.find('&&') > -1 or value.find('\|') > -1 or value.find('...') > -1:`
			`logging.writeToFile(request.body)`
Plugin Manager 2018-10-03 18:46:44 +05:00			`final_dic = {'error_message': "Data supplied is not accepted.",`
			`"errorMessage": "Data supplied is not accepted."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`if key.find(';') > -1 or key.find('&&') > -1 or key.find('\|') > -1 or key.find('...') > -1:`
			`logging.writeToFile(request.body)`
Plugin Manager 2018-10-03 18:46:44 +05:00			`final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`except BaseException, msg:`
			`logging.writeToFile(str(msg))`
			`response = self.get_response(request)`
			`return response`
Bug fix to email policy server. 2018-06-30 15:29:56 +05:00			`response = self.get_response(request)`
Bug fixes 2018-09-24 18:56:48 +05:00			`return response`