v3.4.9.3

Security issues

Dockerfile

@@ -0,0 +1,58 @@
+FROM centos
+
+MAINTAINER Pavel Loginov (https://github.com/Aidaho12/haproxy-wi)
+# REFACT by Vagner Rodrigues Fernandes (vagner.rodrigues@gmail.com)
+# REFACT by Mauricio Nunes ( mutila@gmail.com )
+
+ENV MYSQL_ENABLE 0
+ENV MYSQL_USER "haproxy-wi"
+ENV MYSQL_PASS "haproxy-wi"
+ENV MYSQL_DB "haproxywi2"
+ENV MYSQL_HOST 127.0.0.1
+
+# Yum clean cache
+RUN yum remove epel-release && \
+        rm -rf /var/lib/rpm/__db* && \
+        yum clean all
+
+# Yum install base packages
+RUN yum -y install https://centos7.iuscommunity.org/ius-release.rpm && \ 
+		yum install -y yum install https://repo.haproxy-wi.org/el7/haproxy-wi-release-7-1-0.noarch.rpm  && \
+		yum install -y epel-release && \
+        yum -y install \
+        haproxy-wi  && \
+        sed -i "s/enable = 0/enable = $MYSQL_ENABLE/g" /var/www/haproxy-wi/app/haproxy-wi.cfg && \
+        sed -i "s/mysql_user = haproxy-wi/mysql_user = $MYSQL_USER/g" /var/www/haproxy-wi/app/haproxy-wi.cfg && \
+        sed -i "s/mysql_password = haproxy-wi/mysql_password = $MYSQL_PASS/g" /var/www/haproxy-wi/app/haproxy-wi.cfg && \
+        sed -i "s/mysql_db = haproxywi/mysql_db = $MYSQL_DB/g" /var/www/haproxy-wi/app/haproxy-wi.cfg && \
+        sed -i "s/mysql_host = 127.0.0.1/mysql_host = $MYSQL_HOST/g" /var/www/haproxy-wi/app/haproxy-wi.cfg && \
+        mkdir /var/www/haproxy-wi/keys/ && \
+        mkdir -p /var/www/haproxy-wi/configs/hap_config && \
+        chown -R apache:apache /var/www/haproxy-wi/ && \
+		yum -y erase \
+        git \
+        python35u-pip \
+        gcc-c++ \
+        gcc-gfortran \
+        gcc \
+        --remove-leaves && \
+        yum -y autoremove yum-plugin-remove-with-leaves && \
+        yum clean all && \
+        rm -rf /var/cache/yum && \
+        rm -f /etc/yum.repos.d/*
+
+# Python link
+RUN ln -s /usr/bin/python3.5 /usr/bin/python3
+
+# Build sql database
+RUN set -ex; \
+        if ["$MYSQL_ENABLE" -eq 0]; then \
+                cd /var/www/haproxy-wi/app && \
+                ./create_db.py && \
+                chown apache:apache /var/www/haproxy-wi/app/haproxy-wi.db; \
+        fi
+
+EXPOSE 443
+VOLUME /var/www/haproxy-wi/
+
+CMD /usr/sbin/httpd -DFOREGROUND

app/create_db.py

@@ -400,7 +400,7 @@ def update_db_v_3_4_7(**kwargs):
 	
 def update_ver(**kwargs):
 	con, cur = get_cur()
-	sql = """update version set version = '3.4.9.2'; """
+	sql = """update version set version = '3.4.9.3'; """
 	try:    
 		cur.execute(sql)
 		con.commit()

app/sql.py

@@ -39,15 +39,14 @@ def add_user(user, email, password, role, group, activeuser):
 	cur.close()    
 	con.close()   
 	
-def update_user(user, email, password, role, group, id, activeuser):
+def update_user(user, email, role, group, id, activeuser):
 	con, cur = create_db.get_cur()
 	sql = """update user set username = '%s', 
 			email = '%s',
-			password = '%s', 
 			role = '%s', 
 			groups = '%s',
 			activeuser = '%s'
-			where id = '%s'""" % (user, email, funct.get_hash(password), role, group, activeuser, id)
+			where id = '%s'""" % (user, email,  role, group, activeuser, id)
 	try:    
 		cur.execute(sql)
 		con.commit()
@@ -60,6 +59,24 @@ def update_user(user, email, password, role, group, id, activeuser):
 	cur.close()    
 	con.close()
 	
+	
+def update_user_password(password, id):
+	con, cur = create_db.get_cur()
+	sql = """update user set password = '%s'
+			where id = '%s'""" % (funct.get_hash(password), id)
+	try:    
+		cur.execute(sql)
+		con.commit()
+	except sqltool.Error as e:
+		out_error(e)
+		con.rollback()
+		return False
+	else:
+		return True
+	cur.close()    
+	con.close()
+	
+
 def delete_user(id):
 	con, cur = create_db.get_cur()
 	sql = """delete from user where id = '%s'""" % (id)
@@ -1271,6 +1288,14 @@ def select_keep_alive(**kwargs):
 form = cgi.FieldStorage()
 error_mess = '<span class="alert alert-danger" id="error">All fields must be completed <a title="Close" id="errorMess"><b>X</b></a></span>'
 
+
+def check_token():
+	if form.getvalue('token') is None:
+		print('Content-type: text/html\n')
+		print("What the fuck?! U r hacker Oo?!")
+		sys.exit()
+
+
 if form.getvalue('newuser') is not None:
 	email = form.getvalue('newemail')
 	password = form.getvalue('newpassword')
@@ -1280,6 +1305,7 @@ if form.getvalue('newuser') is not None:
 	page = form.getvalue('page')	
 	activeuser = form.getvalue('activeuser')	
 	print('Content-type: text/html\n')
+	check_token()
 	if password is None or role is None or group is None:
 		print(error_mess)
 	else:		
@@ -1288,20 +1314,34 @@ if form.getvalue('newuser') is not None:
 		
 if form.getvalue('updateuser') is not None:
 	email = form.getvalue('email')
-	password = form.getvalue('password')
 	role = form.getvalue('role')
 	group = form.getvalue('usergroup')
 	new_user = form.getvalue('updateuser')	
 	id = form.getvalue('id')	
 	activeuser = form.getvalue('activeuser')	
 	print('Content-type: text/html\n')
-	if password is None or role is None or group is None:
+	check_token()
+	if updateuser is None or role is None or group is None:
 		print(error_mess)
 	else:		
-		update_user(new_user, email, password, role, group, id, activeuser)
+		update_user(new_user, email, role, group, id, activeuser)
+
+
+if form.getvalue('updatepassowrd') is not None:
+	password = form.getvalue('updatepassowrd')
+	id = form.getvalue('id')	
+	print('Content-type: text/html\n')
+	check_token()
+	if password is None or id is None:
+		print(error_mess)
+	else:		
+		update_user_password(password, id)
+		print("Ok")
+		
 		
 if form.getvalue('userdel') is not None:
 	print('Content-type: text/html\n')
+	check_token()
 	if delete_user(form.getvalue('userdel')):
 		print("Ok")
 		
@@ -1321,6 +1361,7 @@ if form.getvalue('newserver') is not None:
 	desc = form.getvalue('desc')	
 	active = form.getvalue('active')	
 	print('Content-type: text/html\n')
+	check_token()
 	if ip is None or group is None or cred is None or port is None:		
 		print(error_mess)
 	else:	
@@ -1329,6 +1370,7 @@ if form.getvalue('newserver') is not None:
 		
 if form.getvalue('serverdel') is not None:
 	print('Content-type: text/html\n')
+	check_token()
 	if delete_server(form.getvalue('serverdel')):
 		delete_waf_server(form.getvalue('serverdel'))
 		print("Ok")
@@ -1337,6 +1379,7 @@ if form.getvalue('newgroup') is not None:
 	newgroup = form.getvalue('groupname')	
 	desc = form.getvalue('newdesc')
 	print('Content-type: text/html\n')
+	check_token()
 	if newgroup is None:
 		print(error_mess)
 	else:
@@ -1345,6 +1388,7 @@ if form.getvalue('newgroup') is not None:
 
 if form.getvalue('groupdel') is not None:
 	print('Content-type: text/html\n')
+	check_token()
 	if delete_group(form.getvalue('groupdel')):
 		print("Ok")
 		
@@ -1353,6 +1397,7 @@ if form.getvalue('updategroup') is not None:
 	descript = form.getvalue('descript')	
 	id = form.getvalue('id')	
 	print('Content-type: text/html\n')
+	check_token()
 	if name is None:
 		print(error_mess)
 	else:		
@@ -1373,6 +1418,7 @@ if form.getvalue('updateserver') is not None:
 	desc = form.getvalue('desc')	
 	active = form.getvalue('active')	
 	print('Content-type: text/html\n')
+	check_token()
 	if name is None or ip is None or port is None:
 		print(error_mess)
 	else:		
@@ -1385,6 +1431,7 @@ if form.getvalue('updatessh'):
 	group = form.getvalue('group')	
 	username = form.getvalue('ssh_user')		
 	password = form.getvalue('ssh_pass')
+	check_token()
 	print('Content-type: text/html\n')
 	if username is None:
 		print(error_mess)
@@ -1413,6 +1460,7 @@ if form.getvalue('new_ssh'):
 	password = form.getvalue('ssh_pass')
 	page = form.getvalue('page')
 	page = page.split("#")[0]
+	check_token()
 	if username is None or name is None:
 		print('Content-type: text/html\n')
 		print(error_mess)
@@ -1423,6 +1471,7 @@ if form.getvalue('new_ssh'):
 if form.getvalue('sshdel') is not None:
 	import funct
 	print('Content-type: text/html\n')
+	check_token()
 	fullpath = funct.get_config_var('main', 'fullpath')
 	
 	for sshs in select_ssh(id=form.getvalue('sshdel')):
@@ -1444,6 +1493,7 @@ if form.getvalue('newtelegram'):
 	group = form.getvalue('telegramgroup')	
 	page = form.getvalue('page')
 	page = page.split("#")[0]
+	check_token()
 	if token is None or chanel is None or group is None:
 		print('Content-type: text/html\n')
 		print(error_mess)
@@ -1453,6 +1503,7 @@ if form.getvalue('newtelegram'):
 			
 if form.getvalue('telegramdel') is not None:
 	print('Content-type: text/html\n')
+	check_token()
 	if delete_telegram(form.getvalue('telegramdel')):
 		print("Ok")
 	
@@ -1460,6 +1511,7 @@ if form.getvalue('getoption'):
 	group = form.getvalue('getoption')	
 	term = form.getvalue('term')	
 	print('Content-type: application/json\n')
+	check_token()
 	options = select_options(group=group,term=term)
 	a = ""
 	a = {}
@@ -1474,8 +1526,9 @@ if form.getvalue('getoption'):
 if form.getvalue('newtoption'):
 	option = form.getvalue('newtoption')	
 	group = form.getvalue('newoptiongroup')	
-	if option is None or group is None:
 	print('Content-type: text/html\n')
+	check_token()
+	if option is None or group is None:
 		print(error_mess)
 	else:
 		if insert_new_option(option, group):
@@ -1485,6 +1538,7 @@ if form.getvalue('updateoption') is not None:
 	option = form.getvalue('updateoption')
 	id = form.getvalue('id')	
 	print('Content-type: text/html\n')	
+	check_token()
 	if option is None or id is None:
 		print(error_mess)
 	else:		
@@ -1492,6 +1546,7 @@ if form.getvalue('updateoption') is not None:
 			
 if form.getvalue('optiondel') is not None:
 	print('Content-type: text/html\n')
+	check_token()
 	if delete_option(form.getvalue('optiondel')):
 		print("Ok")
 		
@@ -1508,4 +1563,6 @@ if form.getvalue('updatetoken') is not None:
 		
 if form.getvalue('updatesettings') is not None:
 	print('Content-type: text/html\n')
-	update_setting(form.getvalue('updatesettings'), form.getvalue('val') )
+	check_token()
+	if update_setting(form.getvalue('updatesettings'), form.getvalue('val')):
+		print("Ok")

inc/users.js

@@ -184,6 +184,7 @@ $( function() {
 				newgroup: "1",
 				groupname: $('#new-group-add').val(),
 				newdesc: $('#new-desc').val(),
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@@ -219,7 +220,8 @@ $( function() {
 				ssh_user: $('#ssh_user').val(),
 				ssh_pass: $('#ssh_pass').val(),
 				ssh_enable: ssh_enable,
-				page: cur_url[0]
+				page: cur_url[0],
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@@ -257,7 +259,8 @@ $( function() {
 				newtelegram: $('#telegram-token-add').val(),
 				chanel: $('#telegram-chanel-add').val(),
 				telegramgroup: $('#new-telegram-group-add').val(),
-				page: cur_url[0]
+				page: cur_url[0],
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@@ -493,7 +496,8 @@ function addUser() {
 				newrole: $('#new-role').val(),
 				activeuser: activeuser,
 				page: cur_url[0],
-				newgroupuser: $('#new-group').val()
+				newgroupuser: $('#new-group').val(),
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@@ -572,7 +576,8 @@ function addServer() {
 				metrics: metrics,
 				page: cur_url[0],
 				desc: $('#desc').val(),
-				active: active
+				active: active,
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {
@@ -608,7 +613,8 @@ function updateSettings(param, val) {
 		url: "sql.py",
 		data: {
 			updatesettings: param,
-			val: val
+			val: val,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -800,6 +806,7 @@ function removeUser(id) {
 		url: "sql.py",
 		data: {
 			userdel: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -816,6 +823,7 @@ function removeServer(id) {
 		url: "sql.py",
 		data: {
 			serverdel: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -832,6 +840,7 @@ function removeGroup(id) {
 		url: "sql.py",
 		data: {
 			groupdel: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -850,6 +859,7 @@ function removeSsh(id) {
 		url: "sql.py",
 		data: {
 			sshdel: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -868,6 +878,7 @@ function removeTelegram(id) {
 		url: "sql.py",
 		data: {
 			telegramdel: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -899,7 +910,8 @@ function updateUser(id) {
 			role: $('#role-'+id).val(),
 			usergroup: usergroup,
 			activeuser: activeuser,
-			id: id
+			id: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -927,7 +939,8 @@ function updateGroup(id) {
 		data: {
 			updategroup: $('#name-'+id).val(),
 			descript: $('#descript-'+id).val(),
-			id: id
+			id: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -991,7 +1004,8 @@ function updateServer(id) {
 			metrics: metrics,
 			alert_en: alert_en,
 			desc: $('#desc-'+id).val(),
-			active: active
+			active: active,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -1054,7 +1068,8 @@ function updateSSH(id) {
 			ssh_enable: ssh_enable,
 			ssh_user: $('#ssh_user-'+id).val(),
 			ssh_pass: $('#ssh_pass-'+id).val(),
-			id: id
+			id: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -1087,7 +1102,8 @@ function updateTelegram(id) {
 			updatetoken: $('#telegram-token-'+id).val(),
 			updategchanel: $('#telegram-chanel-'+id).val(),
 			updategroup: $('#telegramgroup-'+id).val(),
-			id: id
+			id: id,
+			token: $('#token').val()
 		},
 		type: "GET",
 		success: function( data ) {
@@ -1194,7 +1210,8 @@ function changeUserPassword(id, d) {
 			url: "sql.py",
 			data: {
 				updatepassowrd: pass,
-				id: id
+				id: id,
+				token: $('#token').val()
 			},
 			type: "GET",
 			success: function( data ) {