Skip to content

Commit

Permalink
pci compliance headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@usmannasir
usmannasir committed Nov 5, 2019
1 parent 95a953a commit e4a375f
Show file tree
Hide file tree
Showing 10 changed files with 55 additions and 28 deletions.
7 changes: 7 additions & 0 deletions CyberCP/secMiddleware.py
View file
Expand Up @@ -92,5 +92,12 @@ def __call__(self, request):
logging.writeToFile(str(msg)) logging.writeToFile(str(msg))
response = self.get_response(request) response = self.get_response(request)
return response return response


response = self.get_response(request) response = self.get_response(request)

response['X-XSS-Protection'] = "1; mode=block"
response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
response['X-Frame-Options'] = "DENY"

return response return response
3 changes: 2 additions & 1 deletion CyberCP/settings.py
View file
Expand Up @@ -127,7 +127,8 @@
} }


DATABASE_ROUTERS = ['backup.backupRouter.backupRouter'] DATABASE_ROUTERS = ['backup.backupRouter.backupRouter']

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True


# Password validation # Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
Expand Down
25 changes: 19 additions & 6 deletions WebTerminal/CPWebSocket.py
View file
Expand Up @@ -9,6 +9,8 @@
import time import time


class SSHServer(multi.Thread): class SSHServer(multi.Thread):
OKGREEN = '\033[92m'
ENDC = '\033[0m'


def loadPublicKey(self): def loadPublicKey(self):
pubkey = '/root/.ssh/cyberpanel.pub' pubkey = '/root/.ssh/cyberpanel.pub'
Expand Down Expand Up @@ -44,17 +46,25 @@ def __init__(self, websocket):
self.shell.settimeout(0) self.shell.settimeout(0)


self.websocket = websocket self.websocket = websocket
self.color = 0


def recvData(self): def recvData(self):
while True: while True:
try: try:
if os.path.exists(self.websocket.verifyPath): if os.path.exists(self.websocket.verifyPath):
if self.shell.recv_ready(): if self.websocket.filePassword == self.websocket.filePassword:
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8")) if self.shell.recv_ready():
else: if self.color == 0:
time.sleep(0.1) text = '%sEnjoy your accelerated Internet by CyberPanel and LiteSpeed%s' % (SSHServer.OKGREEN, SSHServer.ENDC)
nText = 'Enjoy your accelerated Internet by CyberPanel'
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8").replace(nText, text))
self.color = 1
else:
self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
else:
time.sleep(0.01)
except BaseException, msg: except BaseException, msg:
time.sleep(2) time.sleep(0.1)


def run(self): def run(self):
try: try:
Expand All @@ -70,9 +80,12 @@ def handleMessage(self):
data = json.loads(self.data) data = json.loads(self.data)
if str(self.data).find('"tp":"init"') > -1: if str(self.data).find('"tp":"init"') > -1:
self.verifyPath = str(data['data']['verifyPath']) self.verifyPath = str(data['data']['verifyPath'])
self.password = str(data['data']['password'])
self.filePassword = open(self.verifyPath, 'r').read()
else: else:
if os.path.exists(self.verifyPath): if os.path.exists(self.verifyPath):
self.shell.send(str(data['data'])) if self.filePassword == self.filePassword:
self.shell.send(str(data['data']))
except: except:
pass pass


Expand Down
11 changes: 3 additions & 8 deletions WebTerminal/static/WebTerminal/main.js
View file
Expand Up @@ -67,14 +67,9 @@ function check() {
function connect() { function connect() {
var remember = $("#remember").is(":checked"); var remember = $("#remember").is(":checked");
var options = { var options = {
host: $("#host").val(), verifyPath: $("#verifyPath").text(),
port: $("#port").val(), password: $("#password").text()
username: $("#username").val(), };
ispwd: $("input[name=ispwd]:checked").val(),
secret: $("#secret").val(),
verifyPath: $("#verifyPath").text()
}
console.debug(options);
if (remember) { if (remember) {
store(options) store(options)
} }
Expand Down
2 changes: 1 addition & 1 deletion WebTerminal/static/WebTerminal/ws.js
View file
Expand Up @@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
} }


WSSHClient.prototype.sendClientData = function (data) { WSSHClient.prototype.sendClientData = function (data) {
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()})) this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
} }


var client = new WSSHClient(); var client = new WSSHClient();
1 change: 1 addition & 0 deletions WebTerminal/templates/WebTerminal/WebTerminal.html
View file
Expand Up @@ -42,6 +42,7 @@ <h3 class="content-box-header">


</div> </div>
<div style="display: none" id="verifyPath">{{ verifyPath }}</div> <div style="display: none" id="verifyPath">{{ verifyPath }}</div>
<div style="display: none" id="password">{{ password }}</div>
</div> </div>
</div> </div>
</div> </div>
Expand Down
8 changes: 5 additions & 3 deletions WebTerminal/views.py
View file
Expand Up @@ -11,6 +11,7 @@
from plogical.firewallUtilities import FirewallUtilities from plogical.firewallUtilities import FirewallUtilities
from firewall.models import FirewallRules from firewall.models import FirewallRules
import json import json
import plogical.randomPassword


# Create your views here. # Create your views here.


Expand All @@ -24,12 +25,13 @@ def terminal(request):
else: else:
return ACLManager.loadError() return ACLManager.loadError()


password = plogical.randomPassword.generate_pass()

verifyPath = "/home/cyberpanel/" + str(randint(100000, 999999)) verifyPath = "/home/cyberpanel/" + str(randint(100000, 999999))
writeToFile = open(verifyPath, 'w') writeToFile = open(verifyPath, 'w')
writeToFile.writelines('code') writeToFile.write(password)
writeToFile.close() writeToFile.close()



## setting up ssh server ## setting up ssh server
path = '/etc/systemd/system/cpssh.service' path = '/etc/systemd/system/cpssh.service'
curPath = '/usr/local/CyberCP/WebTerminal/cpssh.service' curPath = '/usr/local/CyberCP/WebTerminal/cpssh.service'
Expand All @@ -46,7 +48,7 @@ def terminal(request):
newFWRule = FirewallRules(name='terminal', proto='tcp', port='5678', ipAddress='0.0.0.0/0') newFWRule = FirewallRules(name='terminal', proto='tcp', port='5678', ipAddress='0.0.0.0/0')
newFWRule.save() newFWRule.save()


return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath}) return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath, 'password': password})
except BaseException, msg: except BaseException, msg:
logging.writeToFile(str(msg)) logging.writeToFile(str(msg))
return redirect(loadLoginPage) return redirect(loadLoginPage)
Expand Down
13 changes: 13 additions & 0 deletions plogical/upgrade.py
View file
Expand Up @@ -1353,6 +1353,12 @@ def downloadAndUpgrade(versionNumbring):
if items.find('WebTerminal') > -1: if items.find('WebTerminal') > -1:
WebTerminal = 0 WebTerminal = 0


SESSION_COOKIE_SECURE = 1

for items in data:
if items.find('SESSION_COOKIE_SECURE') > -1:
SESSION_COOKIE_SECURE = 0

Upgrade.stdOut('Restoring settings file!') Upgrade.stdOut('Restoring settings file!')


writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w') writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w')
Expand All @@ -1362,6 +1368,13 @@ def downloadAndUpgrade(versionNumbring):
if csrfCheck == 1: if csrfCheck == 1:
writeToFile.writelines(" 'django.middleware.csrf.CsrfViewMiddleware',\n") writeToFile.writelines(" 'django.middleware.csrf.CsrfViewMiddleware',\n")


if items.find('DATABASE_ROUTERS') > -1:
if SESSION_COOKIE_SECURE == 1:
con = """SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
"""
writeToFile.writelines(con)

elif items.find("'filemanager',") > -1: elif items.find("'filemanager',") > -1:
writeToFile.writelines(items) writeToFile.writelines(items)
if pluginCheck == 1: if pluginCheck == 1:
Expand Down
11 changes: 3 additions & 8 deletions static/WebTerminal/main.js
View file
Expand Up @@ -67,14 +67,9 @@ function check() {
function connect() { function connect() {
var remember = $("#remember").is(":checked"); var remember = $("#remember").is(":checked");
var options = { var options = {
host: $("#host").val(), verifyPath: $("#verifyPath").text(),
port: $("#port").val(), password: $("#password").text()
username: $("#username").val(), };
ispwd: $("input[name=ispwd]:checked").val(),
secret: $("#secret").val(),
verifyPath: $("#verifyPath").text()
}
console.debug(options);
if (remember) { if (remember) {
store(options) store(options)
} }
Expand Down
2 changes: 1 addition & 1 deletion static/WebTerminal/ws.js
View file
Expand Up @@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
} }


WSSHClient.prototype.sendClientData = function (data) { WSSHClient.prototype.sendClientData = function (data) {
this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()})) this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
} }


var client = new WSSHClient(); var client = new WSSHClient();

0 comments on commit e4a375f

Please sign in to comment.