Skip to content

Commit 857f4a9

Browse files
usmannasirusmannasir
committed
bug fix file manager: file deletion
1 parent 2041dea commit 857f4a9

File tree

1 file changed

+27
-14
lines changed

1 file changed

+27
-14
lines changed

CyberCP/secMiddleware.py

Lines changed: 27 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ def __call__(self, request):
9494
except:
9595
pass
9696

97+
9798
if bool(request.body):
9899
try:
99100

@@ -108,11 +109,21 @@ def __call__(self, request):
108109
data = request.POST
109110

110111
for key, value in data.items():
112+
valueAlreadyChecked = 0
113+
114+
if os.path.exists(ProcessUtilities.debugPath):
115+
logging.writeToFile(f'Key being scanned {str(key)}')
116+
logging.writeToFile(f'Value being scanned {str(value)}')
117+
111118
if request.path.find('gitNotify') > -1:
112119
break
120+
113121
if type(value) == str or type(value) == bytes:
114122
pass
115123
elif type(value) == list:
124+
valueAlreadyChecked = 1
125+
if os.path.exists(ProcessUtilities.debugPath):
126+
logging.writeToFile(f'Item type detected as list')
116127
for items in value:
117128
if items.find('- -') > -1 or items.find('\n') > -1 or items.find(';') > -1 or items.find(
118129
'&&') > -1 or items.find('|') > -1 or items.find('...') > -1 \
@@ -157,20 +168,22 @@ def __call__(self, request):
157168
or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \
158169
or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow':
159170
continue
160-
if value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or value.find(
161-
'&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
162-
or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(
163-
")") > -1 \
164-
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
165-
"{") > -1 or value.find("}") > -1 \
166-
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1 or value.find(
167-
"&") > -1:
168-
logging.writeToFile(request.body)
169-
final_dic = {
170-
'error_message': "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.",
171-
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
172-
final_json = json.dumps(final_dic)
173-
return HttpResponse(final_json)
171+
172+
if valueAlreadyChecked == 0:
173+
if value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or value.find(
174+
'&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
175+
or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(
176+
")") > -1 \
177+
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
178+
"{") > -1 or value.find("}") > -1 \
179+
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1 or value.find(
180+
"&") > -1:
181+
logging.writeToFile(request.body)
182+
final_dic = {
183+
'error_message': "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.",
184+
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
185+
final_json = json.dumps(final_dic)
186+
return HttpResponse(final_json)
174187
if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
175188
or key.find("`") > -1 or key.find("$") > -1 or key.find("(") > -1 or key.find(")") > -1 \
176189
or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find(

0 commit comments

Comments
 (0)