CyberCP/secMiddleware.py

from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
import json
from django.shortcuts import HttpResponse

class secMiddleware:

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        try:
            uID = request.session['userID']
            ipAddr = request.META.get('REMOTE_ADDR')

            if ipAddr.find('.') > -1:
                if request.session['ipAddr'] == ipAddr:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(request.META.get('REMOTE_ADDR'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
            else:
                ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]

                if request.session['ipAddr'] == ipAddr:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(request.META.get('REMOTE_ADDR'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
        except:
            pass
        if request.method == 'POST':
            try:
                #logging.writeToFile(request.body)
                data = json.loads(request.body)
                for key, value in data.iteritems():
                    if request.path.find('gitNotify') > -1:
                        break

                    # if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
                    #     logging.writeToFile(request.body)
                    #     final_dic = {'error_message': "Data supplied is not accepted.",
                    #                  "errorMessage": "Data supplied is not accepted."}
                    #     final_json = json.dumps(final_dic)
                    #     return HttpResponse(final_json)

                    if type(value) == str or type(value) == unicode:
                        pass
                    else:
                        continue

                    if request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1:
                        continue
                    if key == 'ports' or key == 'imageByPass' or key == 'passwordByPass' or key == 'cronCommand' or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':
                        continue
                    if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
                            or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
                            or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\
                            or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
                        logging.writeToFile(request.body)
                        final_dic = {'error_message': "Data supplied is not accepted.",
                                     "errorMessage": "Data supplied is not accepted."}
                        final_json = json.dumps(final_dic)
                        return HttpResponse(final_json)
                    if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
                            or key.find("`") > -1 or key.find("$") > -1 or key.find("(") > -1 or key.find(")") > -1 \
                            or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find("{") > -1 or key.find("}") > -1\
                            or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:
                        logging.writeToFile(request.body)
                        final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}
                        final_json = json.dumps(final_dic)
                        return HttpResponse(final_json)
            except BaseException, msg:
                logging.writeToFile(str(msg))
                response = self.get_response(request)
                return response
        response = self.get_response(request)
        return response
Bug fixes. 2018-07-05 15:22:48 +05:00			`from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging`
Bug fixes 2018-09-24 18:56:48 +05:00			`import json`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`from django.shortcuts import HttpResponse`
Bug fix to email policy server. 2018-06-30 15:29:56 +05:00
			`class secMiddleware:`

			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
CloudLinux, CageFS and security improvements 2019-07-16 23:23:16 +05:00			`try:`
			`uID = request.session['userID']`
bug fix for ubuntu and docker manager 2019-07-24 22:37:37 +05:00			`ipAddr = request.META.get('REMOTE_ADDR')`

			`if ipAddr.find('.') > -1:`
			`if request.session['ipAddr'] == ipAddr:`
			`pass`
			`else:`
			`del request.session['userID']`
			`del request.session['ipAddr']`
			`logging.writeToFile(request.META.get('REMOTE_ADDR'))`
			`final_dic = {'error_message': "Session reuse detected, IPAddress logged.",`
			`"errorMessage": "Session reuse detected, IPAddress logged."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
CloudLinux, CageFS and security improvements 2019-07-16 23:23:16 +05:00			`else:`
bug fix for ubuntu and docker manager 2019-07-24 22:37:37 +05:00			`ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]`

			`if request.session['ipAddr'] == ipAddr:`
			`pass`
			`else:`
			`del request.session['userID']`
			`del request.session['ipAddr']`
			`logging.writeToFile(request.META.get('REMOTE_ADDR'))`
			`final_dic = {'error_message': "Session reuse detected, IPAddress logged.",`
			`"errorMessage": "Session reuse detected, IPAddress logged."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
CloudLinux, CageFS and security improvements 2019-07-16 23:23:16 +05:00			`except:`
			`pass`
Bug fix to email policy server. 2018-06-30 15:29:56 +05:00			`if request.method == 'POST':`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`try:`
v1.7.4 2018-11-26 02:32:30 +05:00			`#logging.writeToFile(request.body)`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`data = json.loads(request.body)`
			`for key, value in data.iteritems():`
bug fix for git private repos 2019-02-21 17:19:04 +05:00			`if request.path.find('gitNotify') > -1:`
			`break`
cpanel importer 2019-07-03 13:15:26 +05:00
			`# if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:`
			`# logging.writeToFile(request.body)`
			`# final_dic = {'error_message': "Data supplied is not accepted.",`
			`# "errorMessage": "Data supplied is not accepted."}`
			`# final_json = json.dumps(final_dic)`
			`# return HttpResponse(final_json)`

Plugin Manager 2018-10-03 18:46:44 +05:00			`if type(value) == str or type(value) == unicode:`
			`pass`
			`else:`
			`continue`
bug fix to filemanager 2019-04-28 22:01:36 +05:00
bug fix for ubuntu and docker manager 2019-07-24 22:37:37 +05:00			`if request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1:`
bug fix to filemanager 2019-04-28 22:01:36 +05:00			`continue`
bug fix to csf 2019-08-03 22:08:18 +05:00			`if key == 'ports' or key == 'imageByPass' or key == 'passwordByPass' or key == 'cronCommand' or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`continue`
CloudLinux, CageFS and security improvements 2019-07-16 23:23:16 +05:00			`if value.find(';') > -1 or value.find('&&') > -1 or value.find('\|') > -1 or value.find('...') > -1 \`
			or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
			`or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\`
			`or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`logging.writeToFile(request.body)`
Plugin Manager 2018-10-03 18:46:44 +05:00			`final_dic = {'error_message': "Data supplied is not accepted.",`
			`"errorMessage": "Data supplied is not accepted."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
CloudLinux, CageFS and security improvements 2019-07-16 23:23:16 +05:00			`if key.find(';') > -1 or key.find('&&') > -1 or key.find('\|') > -1 or key.find('...') > -1 \`
			or key.find("`") > -1 or key.find("$") > -1 or key.find("(") > -1 or key.find(")") > -1 \
			`or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find("{") > -1 or key.find("}") > -1\`
			`or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`logging.writeToFile(request.body)`
Plugin Manager 2018-10-03 18:46:44 +05:00			`final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}`
			`final_json = json.dumps(final_dic)`
			`return HttpResponse(final_json)`
Bug fixes and support for Vietnamese language 2018-09-28 14:23:02 +05:00			`except BaseException, msg:`
			`logging.writeToFile(str(msg))`
			`response = self.get_response(request)`
			`return response`
Bug fix to email policy server. 2018-06-30 15:29:56 +05:00			`response = self.get_response(request)`
Bug fixes 2018-09-24 18:56:48 +05:00			`return response`