mirror of
https://github.com/sileht/bird-lg.git
synced 2024-11-25 16:24:43 +01:00
escape some string
This commit is contained in:
parent
f715dcfeaf
commit
b593b0cfb7
18
lg.py
18
lg.py
|
@ -29,7 +29,9 @@ from urllib import quote, unquote
|
|||
import json
|
||||
import random
|
||||
|
||||
from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_cache_pickle, load_cache_pickle, get_asn_from_as
|
||||
from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_cache_pickle, load_cache_pickle, get_asn_from_as, unescape
|
||||
from xml.sax.saxutils import escape
|
||||
|
||||
|
||||
import pydot
|
||||
from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response
|
||||
|
@ -175,9 +177,12 @@ def incorrect_request(e):
|
|||
def page_not_found(e):
|
||||
return render_template('error.html', warning="The requested URL was not found on the server."), 404
|
||||
|
||||
def sanitized(*args):
|
||||
return tuple( unescape(s) for s in args)
|
||||
|
||||
@app.route("/whois/<query>")
|
||||
def whois(query):
|
||||
query = sanitized(query)
|
||||
if not query.strip():
|
||||
abort(400)
|
||||
|
||||
|
@ -200,6 +205,8 @@ SUMMARY_RE_MATCH = r"(?P<name>[\w_]+)\s+(?P<proto>\w+)\s+(?P<table>\w+)\s+(?P<st
|
|||
@app.route("/summary/<hosts>")
|
||||
@app.route("/summary/<hosts>/<proto>")
|
||||
def summary(hosts, proto="ipv4"):
|
||||
hosts, proto = sanitized(hosts, proto)
|
||||
|
||||
set_session("summary", hosts, proto, "")
|
||||
command = "show protocols"
|
||||
|
||||
|
@ -229,6 +236,9 @@ def summary(hosts, proto="ipv4"):
|
|||
@app.route("/detail/<hosts>/<proto>")
|
||||
def detail(hosts, proto):
|
||||
name = request.args.get('q', '').strip()
|
||||
|
||||
hosts, proto, name= sanitized(hosts, proto, name)
|
||||
|
||||
if not name:
|
||||
abort(400)
|
||||
|
||||
|
@ -251,6 +261,8 @@ def detail(hosts, proto):
|
|||
@app.route("/traceroute/<hosts>/<proto>")
|
||||
def traceroute(hosts, proto):
|
||||
q = request.args.get('q', '').strip()
|
||||
hosts, proto, q = sanitized(hosts, proto, q)
|
||||
|
||||
if not q:
|
||||
abort(400)
|
||||
|
||||
|
@ -344,6 +356,7 @@ def show_bgpmap():
|
|||
"""return a bgp map in a png file, from the json tree in q argument"""
|
||||
|
||||
data = request.args.get('q', '').strip()
|
||||
#data = sanitized(data)
|
||||
if not data:
|
||||
abort(400)
|
||||
|
||||
|
@ -501,7 +514,8 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
|
|||
|
||||
|
||||
def show_route(request_type, hosts, proto):
|
||||
expression = unquote(request.args.get('q', '')).strip()
|
||||
expression = request.args.get('q', '').strip()
|
||||
request_type, hosts, proto, expression = sanitized(request_type, hosts, proto, expression)
|
||||
if not expression:
|
||||
abort(400)
|
||||
|
||||
|
|
28
toolbox.py
28
toolbox.py
|
@ -22,7 +22,7 @@
|
|||
from dns import resolver
|
||||
import socket
|
||||
import pickle
|
||||
|
||||
import xml.parsers.expat
|
||||
|
||||
def resolve(n, q):
|
||||
return str(resolver.query(n,q)[0])
|
||||
|
@ -71,3 +71,29 @@ def load_cache_pickle(filename, default = None):
|
|||
pkl_file.close()
|
||||
return data
|
||||
|
||||
def unescape(s):
|
||||
want_unicode = False
|
||||
if isinstance(s, unicode):
|
||||
s = s.encode("utf-8")
|
||||
want_unicode = True
|
||||
|
||||
# the rest of this assumes that `s` is UTF-8
|
||||
list = []
|
||||
|
||||
# create and initialize a parser object
|
||||
p = xml.parsers.expat.ParserCreate("utf-8")
|
||||
p.buffer_text = True
|
||||
p.returns_unicode = want_unicode
|
||||
p.CharacterDataHandler = list.append
|
||||
|
||||
# parse the data wrapped in a dummy element
|
||||
# (needed so the "document" is well-formed)
|
||||
p.Parse("<e>", 0)
|
||||
p.Parse(s, 0)
|
||||
p.Parse("</e>", 1)
|
||||
|
||||
# join the extracted strings and return
|
||||
es = ""
|
||||
if want_unicode:
|
||||
es = u""
|
||||
return es.join(list)
|
||||
|
|
Loading…
Reference in a new issue