1
0
Fork 0
mirror of https://github.com/sileht/bird-lg.git synced 2024-11-25 16:24:43 +01:00

escape some string

This commit is contained in:
Mehdi Abaakouk 2012-10-16 08:00:10 +02:00
parent f715dcfeaf
commit b593b0cfb7
2 changed files with 43 additions and 3 deletions

18
lg.py
View file

@ -29,7 +29,9 @@ from urllib import quote, unquote
import json
import random
from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_cache_pickle, load_cache_pickle, get_asn_from_as
from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_cache_pickle, load_cache_pickle, get_asn_from_as, unescape
from xml.sax.saxutils import escape
import pydot
from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response
@ -175,9 +177,12 @@ def incorrect_request(e):
def page_not_found(e):
return render_template('error.html', warning="The requested URL was not found on the server."), 404
def sanitized(*args):
return tuple( unescape(s) for s in args)
@app.route("/whois/<query>")
def whois(query):
query = sanitized(query)
if not query.strip():
abort(400)
@ -200,6 +205,8 @@ SUMMARY_RE_MATCH = r"(?P<name>[\w_]+)\s+(?P<proto>\w+)\s+(?P<table>\w+)\s+(?P<st
@app.route("/summary/<hosts>")
@app.route("/summary/<hosts>/<proto>")
def summary(hosts, proto="ipv4"):
hosts, proto = sanitized(hosts, proto)
set_session("summary", hosts, proto, "")
command = "show protocols"
@ -229,6 +236,9 @@ def summary(hosts, proto="ipv4"):
@app.route("/detail/<hosts>/<proto>")
def detail(hosts, proto):
name = request.args.get('q', '').strip()
hosts, proto, name= sanitized(hosts, proto, name)
if not name:
abort(400)
@ -251,6 +261,8 @@ def detail(hosts, proto):
@app.route("/traceroute/<hosts>/<proto>")
def traceroute(hosts, proto):
q = request.args.get('q', '').strip()
hosts, proto, q = sanitized(hosts, proto, q)
if not q:
abort(400)
@ -344,6 +356,7 @@ def show_bgpmap():
"""return a bgp map in a png file, from the json tree in q argument"""
data = request.args.get('q', '').strip()
#data = sanitized(data)
if not data:
abort(400)
@ -501,7 +514,8 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
def show_route(request_type, hosts, proto):
expression = unquote(request.args.get('q', '')).strip()
expression = request.args.get('q', '').strip()
request_type, hosts, proto, expression = sanitized(request_type, hosts, proto, expression)
if not expression:
abort(400)

View file

@ -22,7 +22,7 @@
from dns import resolver
import socket
import pickle
import xml.parsers.expat
def resolve(n, q):
return str(resolver.query(n,q)[0])
@ -71,3 +71,29 @@ def load_cache_pickle(filename, default = None):
pkl_file.close()
return data
def unescape(s):
want_unicode = False
if isinstance(s, unicode):
s = s.encode("utf-8")
want_unicode = True
# the rest of this assumes that `s` is UTF-8
list = []
# create and initialize a parser object
p = xml.parsers.expat.ParserCreate("utf-8")
p.buffer_text = True
p.returns_unicode = want_unicode
p.CharacterDataHandler = list.append
# parse the data wrapped in a dummy element
# (needed so the "document" is well-formed)
p.Parse("<e>", 0)
p.Parse(s, 0)
p.Parse("</e>", 1)
# join the extracted strings and return
es = ""
if want_unicode:
es = u""
return es.join(list)