bug fix for ubuntu and docker manager

2025-11-07 13:56:01 +01:00 · 2019-07-24 22:37:37 +05:00
parent 33ed372cec
commit 91c9c22f38
20 changed files with 156 additions and 90 deletions
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -10,14 +10,32 @@ class secMiddleware:
    def __call__(self, request):
        try:
            uID = request.session['userID']
-            if request.session['ipAddr'] == request.META.get('REMOTE_ADDR'):
-                pass
+            ipAddr = request.META.get('REMOTE_ADDR')
+
+            if ipAddr.find('.') > -1:
+                if request.session['ipAddr'] == ipAddr:
+                    pass
+                else:
+                    del request.session['userID']
+                    del request.session['ipAddr']
+                    logging.writeToFile(request.META.get('REMOTE_ADDR'))
+                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
+                                 "errorMessage": "Session reuse detected, IPAddress logged."}
+                    final_json = json.dumps(final_dic)
+                    return HttpResponse(final_json)
            else:
-                logging.writeToFile(request.META.get('REMOTE_ADDR'))
-                final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
-                             "errorMessage": "Session reuse detected, IPAddress logged."}
-                final_json = json.dumps(final_dic)
-                return HttpResponse(final_json)
+                ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
+
+                if request.session['ipAddr'] == ipAddr:
+                    pass
+                else:
+                    del request.session['userID']
+                    del request.session['ipAddr']
+                    logging.writeToFile(request.META.get('REMOTE_ADDR'))
+                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
+                                 "errorMessage": "Session reuse detected, IPAddress logged."}
+                    final_json = json.dumps(final_dic)
+                    return HttpResponse(final_json)
        except:
            pass
        if request.method == 'POST':
@@ -40,9 +58,9 @@ class secMiddleware:
                    else:
                        continue

-                    if request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1:
+                    if request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1:
                        continue
-                    if key == 'passwordByPass' or key == 'cronCommand' or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':
+                    if key == 'imageByPass' or key == 'passwordByPass' or key == 'cronCommand' or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':
                        continue
                    if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
                            or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \