From ac201314adae549115506023dce7828de71ef8cf Mon Sep 17 00:00:00 2001 From: Peter Hansen Date: Sat, 28 Dec 2019 11:40:04 +0100 Subject: [PATCH 1/2] + add blacklist for commands to config + custom start page with DEFAULT_TEMPLATE --- lg.py | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/lg.py b/lg.py index b8f829c..101b5ac 100644 --- a/lg.py +++ b/lg.py @@ -37,7 +37,7 @@ from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_c import pydot -from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response, Markup +from flask import Flask, render_template, render_template_string, jsonify, redirect, session, request, abort, Response, Markup app = Flask(__name__) app.config.from_pyfile('lg.cfg') @@ -171,6 +171,8 @@ def inject_commands(): ("adv", "show route ..."), ("adv_bgpmap", "show route ... (bgpmap)"), ] + + commands = [i for i in commands if i[0] not in app.config.get("BLACKLIST_COMMANDS", [])] commands_dict = {} for id, text in commands: commands_dict[id] = text @@ -184,6 +186,12 @@ def inject_all_host(): @app.route("/") def hello(): + if app.config.get("DEFAULT_TEMPLATE", False): + first_command = next(iter(inject_commands()['commands_dict'])) + set_session(first_command, "+".join(app.config["PROXY"].keys()), "ipv4", "") + with open(app.config.get("DEFAULT_TEMPLATE"), 'r') as filehandle: + filecontent = filehandle.read() + return render_template_string(filecontent) return redirect("/summary/%s/ipv4" % "+".join(app.config["PROXY"].keys())) @@ -227,6 +235,8 @@ SUMMARY_UNWANTED_PROTOS = ["Kernel", "Static", "Device"] @app.route("/summary/") @app.route("/summary//") def summary(hosts, proto="ipv4"): + if 'summary' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 set_session("summary", hosts, proto, "") command = "show protocols" @@ -269,6 +279,9 @@ def summary(hosts, proto="ipv4"): @app.route("/detail//") def detail(hosts, proto): + if 'detail' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + name = get_query() if not name: @@ -298,6 +311,9 @@ def detail(hosts, proto): @app.route("/traceroute//") def traceroute(hosts, proto): + if 'traceroute' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + q = get_query() if not q: @@ -331,41 +347,65 @@ def traceroute(hosts, proto): @app.route("/adv//") def show_route_filter(hosts, proto): + if 'adv' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("adv", hosts, proto) @app.route("/adv_bgpmap//") def show_route_filter_bgpmap(hosts, proto): + if 'adv_bgpmap' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("adv_bgpmap", hosts, proto) @app.route("/where//") def show_route_where(hosts, proto): + if 'where' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("where", hosts, proto) @app.route("/where_detail//") def show_route_where_detail(hosts, proto): + if 'where_detail' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("where_detail", hosts, proto) @app.route("/where_bgpmap//") def show_route_where_bgpmap(hosts, proto): + if 'where_bgpmap' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("where_bgpmap", hosts, proto) @app.route("/prefix//") def show_route_for(hosts, proto): + if 'prefix' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("prefix", hosts, proto) @app.route("/prefix_detail//") def show_route_for_detail(hosts, proto): + if 'prefix_detail' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("prefix_detail", hosts, proto) @app.route("/prefix_bgpmap//") def show_route_for_bgpmap(hosts, proto): + if 'prefix_bgpmap' not in iter(inject_commands()['commands_dict']): + return render_template('error.html', errors=["Access denied"]), 403 + return show_route("prefix_bgpmap", hosts, proto) From 63a81874a60598000921e62258c7a6e079e7167c Mon Sep 17 00:00:00 2001 From: Peter Hansen Date: Sun, 14 Jun 2020 20:02:17 +0200 Subject: [PATCH 2/2] + custom startpage --- lg.cfg | 4 ++++ lg.py | 13 ++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lg.cfg b/lg.cfg index 2cc3388..7a89a3f 100644 --- a/lg.cfg +++ b/lg.cfg @@ -30,3 +30,7 @@ AS_NUMBER = { ASN_ZONE = "asn.cymru.com" SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7' + +# specifies an alternative start page template for the "/" route. +# If not specified default action is redirection to /summary/%s/ipv4. +# DEFAULT_TEMPLATE="/etc/bird-lg/index.html" \ No newline at end of file diff --git a/lg.py b/lg.py index 3616c58..ca25321 100644 --- a/lg.py +++ b/lg.py @@ -38,7 +38,7 @@ from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_c import pydot -from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response, Markup +from flask import Flask, render_template, render_template_string, jsonify, redirect, session, request, abort, Response, Markup parser = argparse.ArgumentParser() parser.add_argument('-c', dest='config_file', help='path to config file', default='lg.cfg') args = parser.parse_args() @@ -188,6 +188,17 @@ def inject_all_host(): @app.route("/") def hello(): + if app.config.get("DEFAULT_TEMPLATE", False): + # initializes session with first command of commands_dict, first host and ipv4 for rendering layout.html. + first_command = next(iter(inject_commands()['commands_dict'])) + set_session(first_command, "+".join(app.config["PROXY"].keys()), "ipv4", "") + + # usage of open + render_template_string instead of render_template allows + # file location outside of template directory. + with open(app.config.get("DEFAULT_TEMPLATE"), 'r') as filehandle: + filecontent = filehandle.read() + return render_template_string(filecontent) + return redirect("/summary/%s/ipv4" % "+".join(app.config["PROXY"].keys()))