jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
495 Commits
4 Branches
43 Tags
1.8 MiB
Commit Graph

495 Commits (master)

Author SHA1 Message Date
Shengdun Hua 1cf19c7186
Merge pull request #346 from bhubr/set-cursor-color 
Add cursor query param to set xterm.js cursor color
 2023-05-03 06:14:39 +08:00
Benoît Hubert a1c0ded18a Add cursor query param to set xterm.js cursor color 2023-05-01 15:36:17 +02:00
Sheng 47cfeed020 Updated minor version 2023-04-09 14:37:15 +08:00
Sheng aabdfc597f Updated workflows 2023-04-09 14:31:18 +08:00
Shengdun Hua 21ab5ccd23
Merge pull request #342 from cclauss/patch-1 
README.md: Switch badge from Travis CI to GitHub Actions
 2023-04-05 16:51:59 +08:00
Christian Clauss bbdc14b128
README.md: Switch badge from Travis CI to GitHub Actions 2023-04-05 10:44:32 +02:00
Shengdun Hua bf76954874
Merge pull request #341 from cclauss/patch-1 
GitHub Action to lint and test Python code
 2023-04-05 16:34:40 +08:00
Christian Clauss c79d4bad0b
Comment out PyPy for now 2023-04-05 09:46:26 +02:00
Christian Clauss 53a3559125
pip install pytest -r requirements.txt 2023-04-05 09:38:01 +02:00
Christian Clauss 8bfbb250a9
Update and rename ruff.yml to python.yml 2023-04-05 09:34:53 +02:00
Christian Clauss b1b904c1e3
Update ruff.yml 2023-04-05 09:16:07 +02:00
Christian Clauss da68de67fa
Delete .travis.yml 2023-04-05 09:14:42 +02:00
Christian Clauss 0fb176a724
Add pytest 2023-04-05 09:13:23 +02:00
Christian Clauss b9260ec384
GitHub Action to lint Python code 
Because Travis CI is no longer free for open source.
 2023-04-05 08:54:21 +02:00
Shengdun Hua e21b6a23c6
Merge pull request #340 from klarose/fix-null-encoding 
handle invalid characeters in encoding
 2023-04-05 14:33:08 +08:00
Kyle Larose dfea8a1624
handle invalid characeters in encoding 
When establishing a connection to an SSH server, WebSSH tries to guess
at its encoding using a command sent prior to opening the terminal.
Unfortunately, sometimes this can return data which does not form proper
input for the `encode` function used by `is_valid_encoding` to test
whether the encoding is known.

In particular, we ran in to a case where the server was returning a
string which had a \0 in it when converted to ascii. That raised a
`ValueError` (as opposed to `LookupError`), which was uncaught.

Handle the `ValueError` case as well, treating it as an unknown encoding
so that we fall back on the default.
 2023-03-30 10:52:53 -04:00
Sheng 04a9bd5eff Support for Python 3.8+ 2023-03-08 11:34:26 +08:00
Sheng 5ffb1da69b Drop support for Python version below 3.8 2023-02-27 22:13:24 +08:00
Sheng bb2fba30f3 Removed LGPL 2023-01-17 13:23:41 +08:00
Sheng 04bd859f15 Bump version to 1.6.1 2022-11-21 17:12:05 +08:00
Sheng 50fc9908eb Added test_worker_closed 2022-11-21 16:48:49 +08:00
Sheng 9238c01c35 Updated test_failed_weak_ref 2022-11-21 16:39:13 +08:00
Sheng 2a46b52eac Close websocket if there is no corresponding ssh connection 2022-11-21 14:52:38 +08:00
Sheng 9a7cfe767c Use uuid4 to generate id for Python3.5 Python3.4 Python2.7 2022-11-21 14:32:41 +08:00
Shengdun Hua a3cb94b45e
Merge pull request #306 from klarose/handle-closed-worker 
do not process message for closed workers
 2022-11-21 14:01:21 +08:00
Shengdun Hua 7b18eac7a6
Merge pull request #305 from klarose/more-secure-worker-id 
use secrets to generate worker id
 2022-11-21 11:26:38 +08:00
Kyle Larose f0e2ddb821
do not process message for closed workers 
WsockHandler stores a weak reference to the ssh backend worker. The
worker closes itself if the backend connection closes (e.g. the user
exists the ssh session). That happens in parallel to the websocket
handler processing messages, so it is possible for a message to arrive
when the worker no longer has any strong references, leading to an
exception being thrown.

Handle this case by treating the None worker the same way we do invalid
messages: by simply returning.
 2022-11-18 08:55:03 -05:00
Kyle Larose 1b62f379ed
use secrets to generate worker id 
The worker ID right now is typically based off the address of an object
in memory. This could be guessed. While the worker is tied to a
specific IP, there is a chance an off-path attacker could be hosted
behind the same IP as the caller. They could possibly guess the worker
id of an unclaimed session by observing the sequence of IDs presented to
themselves, leading to them gaining access to an already authenticated
SSH session.

Use the python secrets module to generate a cryptographically secure
token to use as the worker ID. This shoud be much harder to guess.
 2022-11-17 15:26:05 -05:00
Sheng ee24eb7f65 Fixed a bug of getting custom font url 2022-10-30 14:37:11 +08:00
Shengdun Hua 4aec063197
Merge pull request #284 from kensonman/alpine 
Change the Docker base image from python:3-slim to python:3-alpine.
 2022-05-29 10:58:57 +08:00
Kenson Man 309d912985 Change the Docker base image from python:3-slim to python:3-alpine. 
The final image will be ~79.6MB instead of 163MB. It has 48% smaller.
 2022-05-27 12:47:19 +01:00
Sheng a9d959ffb7 Bump to version 1.6.0 2022-05-02 20:07:32 +08:00
Sheng 97e6d25556 Support Python 3.9 2022-05-02 19:58:38 +08:00
Shengdun Hua 685e1a7df1
Merge pull request #275 from rlucia/master 
65535/tcp is a valid port number
 2022-03-11 21:40:27 +08:00
Rocco Lucia 3c0b0fb332 65535/tcp is a valid port number 2022-03-09 18:25:09 +01:00
Sheng 86c98dacc4 Use decodeURIComponent instead of decodeURI 2022-02-23 05:14:31 +08:00
Sheng 11bd7fea47 Moved some codes into else block 2022-02-20 21:37:16 +08:00
Shengdun Hua cd3c747747
Merge pull request #270 from Zotil/encoding_timeout 
timeout on exec_command
 2022-02-20 21:18:18 +08:00
Carlos Martínez c89fcc1da9 fix line length 2022-02-13 11:04:13 -03:00
Carlos Martínez 00a4a77243 timeout on exec_command 2022-02-13 10:45:06 -03:00
Shengdun Hua d74196eb00
Merge pull request #237 from fakeyw/dev_set_font_color 
Add url param to change font color
 2021-09-04 06:10:09 +08:00
fakeyw 3192cb006c README add set_font_color example 2021-09-03 17:48:41 +08:00
fakeyw e25751c132 found the way to change font color 2021-09-03 16:31:07 +08:00
Sheng ddbb2c3fb1 Ignore invalid font size 2021-08-25 19:18:28 +08:00
Shengdun Hua de828cbabf
Merge pull request #234 from yc5/patch-1 
update readme images with relative links
 2021-08-24 21:07:45 +08:00
yc5 0d14b8d4ae
update readme images with relative links 2021-08-24 19:54:36 +08:00
Shengdun Hua e63f2674a3
Merge pull request #233 from joshua5201/master 
Add fontsize url parameter
 2021-08-23 20:55:07 +08:00
Tsung-en Hsiao e4657761c9 Add fontsize url parameter 2021-08-23 07:01:03 +00:00
Shengdun Hua 2f0d5809ae
Merge pull request #209 from svengo/patch-1 
Update Dockerfile
 2021-03-11 23:01:31 +08:00
Sven Gottwald 8238a49554
Update Dockerfile 
For security reasons, run the Docker container as an unprivileged user
 2021-03-10 15:11:20 +01:00