Skip to content

Commit

Permalink
pci compliance headers
Browse files Browse the repository at this point in the history
  • Loading branch information
usmannasir committed Nov 5, 2019
1 parent 95a953a commit e4a375f
Show file tree
Hide file tree
Showing 10 changed files with 55 additions and 28 deletions.
7 changes: 7 additions & 0 deletions CyberCP/secMiddleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -92,5 +92,12 @@ def __call__(self, request):
logging.writeToFile(str(msg))
response = self.get_response(request)
return response


response = self.get_response(request)

response['X-XSS-Protection'] = "1; mode=block"
response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
response['X-Frame-Options'] = "DENY"

return response
3 changes: 2 additions & 1 deletion CyberCP/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,8 @@
}

DATABASE_ROUTERS = ['backup.backupRouter.backupRouter']

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
Expand Down
25 changes: 19 additions & 6 deletions WebTerminal/CPWebSocket.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
import time

class SSHServer(multi.Thread):
OKGREEN = '\033[92m'
ENDC = '\033[0m'

def loadPublicKey(self):
pubkey = '/root/.ssh/cyberpanel.pub'
Expand Down Expand Up @@ -44,17 +46,25 @@ def __init__(self, websocket):
self.shell.settimeout(0)

self.websocket = websocket
self.color = 0

def recvData(self):
while True:
try:
if os.path.exists(self.websocket.verifyPath):
if self.shell.recv_ready():
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
else:
time.sleep(0.1)
if self.websocket.filePassword == self.websocket.filePassword:
if self.shell.recv_ready():
if self.color == 0:
text = '%sEnjoy your accelerated Internet by CyberPanel and LiteSpeed%s' % (SSHServer.OKGREEN, SSHServer.ENDC)
nText = 'Enjoy your accelerated Internet by CyberPanel'
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8").replace(nText, text))
self.color = 1
else:
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
else:
time.sleep(0.01)
except BaseException, msg:
time.sleep(2)
time.sleep(0.1)

def run(self):
try:
Expand All @@ -70,9 +80,12 @@ def handleMessage(self):
data = json.loads(self.data)
if str(self.data).find('"tp":"init"') > -1:
self.verifyPath = str(data['data']['verifyPath'])
self.password = str(data['data']['password'])
self.filePassword = open(self.verifyPath, 'r').read()
else:
if os.path.exists(self.verifyPath):
self.shell.send(str(data['data']))
if self.filePassword == self.filePassword:
self.shell.send(str(data['data']))
except:
pass

Expand Down
11 changes: 3 additions & 8 deletions WebTerminal/static/WebTerminal/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -67,14 +67,9 @@ function check() {
function connect() {
var remember = $("#remember").is(":checked");
var options = {
host: $("#host").val(),
port: $("#port").val(),
username: $("#username").val(),
ispwd: $("input[name=ispwd]:checked").val(),
secret: $("#secret").val(),
verifyPath: $("#verifyPath").text()
}
console.debug(options);
verifyPath: $("#verifyPath").text(),
password: $("#password").text()
};
if (remember) {
store(options)
}
Expand Down
2 changes: 1 addition & 1 deletion WebTerminal/static/WebTerminal/ws.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
}

WSSHClient.prototype.sendClientData = function (data) {
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
}

var client = new WSSHClient();
1 change: 1 addition & 0 deletions WebTerminal/templates/WebTerminal/WebTerminal.html
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ <h3 class="content-box-header">

</div>
<div style="display: none" id="verifyPath">{{ verifyPath }}</div>
<div style="display: none" id="password">{{ password }}</div>
</div>
</div>
</div>
Expand Down
8 changes: 5 additions & 3 deletions WebTerminal/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from plogical.firewallUtilities import FirewallUtilities
from firewall.models import FirewallRules
import json
import plogical.randomPassword

# Create your views here.

Expand All @@ -24,12 +25,13 @@ def terminal(request):
else:
return ACLManager.loadError()

password = plogical.randomPassword.generate_pass()

verifyPath = "/home/cyberpanel/" + str(randint(100000, 999999))
writeToFile = open(verifyPath, 'w')
writeToFile.writelines('code')
writeToFile.write(password)
writeToFile.close()


## setting up ssh server
path = '/etc/systemd/system/cpssh.service'
curPath = '/usr/local/CyberCP/WebTerminal/cpssh.service'
Expand All @@ -46,7 +48,7 @@ def terminal(request):
newFWRule = FirewallRules(name='terminal', proto='tcp', port='5678', ipAddress='0.0.0.0/0')
newFWRule.save()

return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath})
return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath, 'password': password})
except BaseException, msg:
logging.writeToFile(str(msg))
return redirect(loadLoginPage)
Expand Down
13 changes: 13 additions & 0 deletions plogical/upgrade.py
Original file line number Diff line number Diff line change
Expand Up @@ -1353,6 +1353,12 @@ def downloadAndUpgrade(versionNumbring):
if items.find('WebTerminal') > -1:
WebTerminal = 0

SESSION_COOKIE_SECURE = 1

for items in data:
if items.find('SESSION_COOKIE_SECURE') > -1:
SESSION_COOKIE_SECURE = 0

Upgrade.stdOut('Restoring settings file!')

writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w')
Expand All @@ -1362,6 +1368,13 @@ def downloadAndUpgrade(versionNumbring):
if csrfCheck == 1:
writeToFile.writelines(" 'django.middleware.csrf.CsrfViewMiddleware',\n")

if items.find('DATABASE_ROUTERS') > -1:
if SESSION_COOKIE_SECURE == 1:
con = """SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
"""
writeToFile.writelines(con)

elif items.find("'filemanager',") > -1:
writeToFile.writelines(items)
if pluginCheck == 1:
Expand Down
11 changes: 3 additions & 8 deletions static/WebTerminal/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -67,14 +67,9 @@ function check() {
function connect() {
var remember = $("#remember").is(":checked");
var options = {
host: $("#host").val(),
port: $("#port").val(),
username: $("#username").val(),
ispwd: $("input[name=ispwd]:checked").val(),
secret: $("#secret").val(),
verifyPath: $("#verifyPath").text()
}
console.debug(options);
verifyPath: $("#verifyPath").text(),
password: $("#password").text()
};
if (remember) {
store(options)
}
Expand Down
2 changes: 1 addition & 1 deletion static/WebTerminal/ws.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
}

WSSHClient.prototype.sendClientData = function (data) {
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
}

var client = new WSSHClient();

0 comments on commit e4a375f

Please sign in to comment.