o

��h?�@sRdd
lZ
ddlmZ
ddlmZmZ
dd
lZdd
l	Z	ddl
mZ
Gdd�d�Zd
S)�N)
�CyberCPLogFileWriter)�HttpResponse�render)
�
Administratorc@s,eZ
dZd
ZdZdd�Zdd�Zdd�Zd	S)
�
secMiddlewarer
�
c
Cs$|j�
d
�
}
|
dur|j�
d�
}
|
S)N�HTTP_CF_CONNECTING_IP�REMOTE_ADDR)�META�get)�request�ip�r�+/usr/local/CyberCP/CyberCP/secMiddleware.py�
get_client_ips



zsecMiddleware.get_client_ipcCs
|
|_dS)
N)
�get_response)�selfrrrr�__init__s

zsecMiddleware.__init__c
Csfd
dlm
}
|
���d�
d
}d
dlm}
||�
j}d
dl}|�d�
}|dksB|dksB|dksB|d	ksB|�	d
�
sB|�
|�
sB|�	d�
rCn2z|
jd}Wn*


t|
j
�
rcd
d
d�}	t�|	�
}
t|
�
YSd
dlm}
d
dlm}
||�
YSz�|
jd}
tjj|
d�
}t�|
�
}|�d�
dkr�|
jd|ks�|jtjkr�n[|
jd=|
jd=t�t�|
�
�

ddd�}	t�|	�
}
t|
�
WSd�t�|
�
�d�
dd��
}|
jd|ks�|jtjkr�n|
jd=|
jd=t�t�|
�
�

ddd�}	t�|	�
}
t|
�
WSWn


Yt|
j
�
�r��z[|�
|�
�
r|� |
�
}|WSzt�!|
j
�
}Wn


|
j"}Y|�#�D�]5\}}d
}|dk�
rg|dk�
rgt$|�
t%k�
red
dl}|�
d|��
rL�
q't�d|���

ddd�}	t�|	�
}
t|
�

WS�
q'|dk�
rn�
q'|dk�
r�|dk�
r�|dv�
r�
q't�d|���

d d d�}	t�|	�
}
t|
�

WSt$|�
t%k�
s�t$|�
t&k�
r�n�t$|�
t'k�rnd!}|D]�}t(|t%��rk|�d"�
dk�sR|�d#�
dk�sR|�d$�
dk�sR|�d%�
dk�sR|�d&�
dk�sR|�d'�
dk�sR|�d(�
dk�sR|�d)�
dk�sR|�d*�
dk�sR|�d+�
dk�sR|�d,�
dk�sR|�d-�
dk�sR|�d.�
dk�sR|�d/�
dk�sR|�d0�
dk�sR|�d�
dk�sR|�d1�
dk�sR|�d2�
dk�sR|�d3�
dk�rkt�|
j
�

d4d4d�}	t�|	�
}
t|
�


WS�
q�n�
q'|d5k�r�|�
d6|�dk�r�|d7k�r�t�|
j
�

d8d8d�}	t�|	�
}
t|
�

WS|�d9�
dk�p�|�d:�
dk�p�|�d;�
dk�p�|�d<�
dk�p�|�d=�
dk�p�|�d>�
dk�p�|�d?�
dk�p�|�d@�
dk�p�|�dA�
dk}|�r]t(|t%t&f��r[|�d"�
dk�sD|�d#�
dk�sD|�d$�
dk�sD|�d%�
dk�sD|�dB�
dk�sD|�d&�
dk�sD|�d'�
dk�sD|�d(�
dk�sD|�d)�
dk�sD|�dC�
dk�sD|�dD�
dk�r[t�|
j
�

dEdFd�}	t�|	�
}
t|
�

WS�
q'|dGk�s�|dHk�s�|dIk�s�|dJk�s�|dKk�s�|dLk�s�|dMk�s�|dNk�s�|dOk�s�|dPk�s�|d5k�s�|dk�s�|dQk�s�|dRk�s�|dSk�s�|dTk�s�|dUk�s�|dVk�s�|dWk�s�|dXk�s�|dYk�s�|dZk�s�|d[k�s�|d\k�s�|d]k�s�|d^k�s�|d_k�s�|d`k�s�|dak�s�|dbk�r��
q'|�s�|d
k�r�t$|�
t%k�st$|�
t&k�r�|�d"�
dk�s�|�d#�
dk�s�|�d$�
dk�s�|�d%�
dk�s�|�d&�
dk�s�|�d'�
dk�s�|�d(�
dk�s�|�d)�
dk�s�|�d*�
dk�s�|�d+�
dk�s�|�d,�
dk�s�|�d-�
dk�s�|�d.�
dk�s�|�d/�
dk�s�|�d0�
dk�s�|�d�
dk�s�|�d1�
dk�s�|�d2�
dk�s�|�d3�
dk�r�t�|
j
�

d4d4d�}	t�|	�
}
t|
�

WS|�s\|�d$�
dk�sE|�d%�
dk�sE|�d&�
dk�sE|�d'�
dk�sE|�d(�
dk�sE|�d)�
dk�sE|�d*�
dk�sE|�d+�
dk�sE|�d,�
dk�sE|�d-�
dk�sE|�d.�
dk�sE|�d/�
dk�sE|�d0�
dk�sE|�d�
dk�sE|�d1�
dk�sE|�d2�
dk�sE|�d3�
dk�r\t�|
j
�

d8dcd�}	t�|	�
}
t|
�

WS�
q'Wn,t)�y�
}
zddt%|�
��ddt%|�
��d�}	t�|	�
}
t|
�
WYd}~Sd}~w
w	|� |
�
}de|df<dg|dh<di|dj<dk|dj<dl|dj<dm|dj<dn|do<dp|dq<|S)rNr
)
�ProcessUtilities�
?)
�urlparsez'^/websites/[^/]+/(webhook|gitNotify)/?$z/backup/localInitiate�
/z/verifyLoginz/logoutz/apiz	/cloudAPI�userIDzThis request need session.)�
error_message�errorMessage)
�redirect)
�
loadLoginPage)
�pk�
.����ipAddrz)Session reuse detected, IPAddress logged.�
:��portsz/firewall/modifyPortsz^[\d,:,\s]+$z*Invalid port format in CSF configuration: zRInvalid port format. Only numbers, commas, and colons are allowed for port ranges.�protocol)�TCP_IN�TCP_OUT�UDP_IN�UDP_OUTz'Invalid protocol in CSF configuration: zDInvalid protocol. Only TCP_IN, TCP_OUT, UDP_IN, UDP_OUT are allowed.rz- -�

�
;z&&�
|z...�
`�
$�
(�
)�
'�
[�
]�
{�
}�
<�
>�
&uoData supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.�backupDestinationsz.^[a-z|0-9]+:[a-z|0-9|\.]+\/?[A-Z|a-z|0-9|\.]*$�localzData supplied is not accepted.zapi/remoteTransferzapi/verifyConn�saveSpamAssassinConfigurations�docker�cloudAPI�verifyLogin�submitUserCreationz/api/zaiscanner/scheduled-scansz||z../z../../zqAPI request contains potentially dangerous characters: `;`, `&&`, `||`, `|`, `` ` ``, `$`, `../` are not allowed.z6API request contains potentially dangerous characters.�MainDashboardCSS�
ownerPassword�	scriptUrl�CLAMAV_VIRUS�Rspamdserver�
smtpd_milters�non_smtpd_milters�key�cert�recordContentAAAA�imageByPass�passwordByPass�PasswordByPass�cronCommand�emailMessage�
configData�rewriteRules�modSecRules�recordContentTXT�SecAuditLogRelevantStatus�fileContent�commands�gitHost�ipv6�
contentNow�time_of_day�notification_emails�domainsunData supplied is not accepted following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.zError: z
1; mode=blockzX-XSS-Protection�
sameoriginzX-Frame-Optionsz*script-src 'self' https://www.jsdelivr.comzContent-Security-Policyzconnect-src *;zUfont-src 'self' 'unsafe-inline' https://www.jsdelivr.com https://fonts.googleapis.comz�style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.jsdelivr.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net�nosniffzX-Content-Type-Optionszsame-originzReferrer-Policy)*�plogical.processUtilitiesr�build_absolute_uri�split�urllib.parser�path�re�compile�
startswith�match�session�bool�body�json�dumpsr�django.shortcutsr�loginSystem.viewsrr�objectsrrr�find�
securityLevel�LOW�logging�writeToFile�joinr�loads�POST�items�type�str�bytes�list�
isinstance�
BaseException)rrr�FinalURLr�
pathActualrb�webhook_pattern�val�	final_dic�
final_jsonrr�uID�adminr �response�datarF�value�valueAlreadyCheckedrv�
isAPIEndpoint�msgrrr�__call__s�





*
�
�




�



	










�








�


�












�







�




@

�
� 
$

�
�
$

�
� 
$

�
�


�

��


�
�




�

 
�������@0
0
 


�


<
2


(


2


P
�
� 
4

�
�4
�
�
4

�
�
�

F@
4

�
�
@



�

���

�

��





�
�
zsecMiddleware.__call__N)�__name__�
__module__�__qualname__�HIGHrprrr�rrrrrs

r)
�os.path�os�plogical.CyberCPLogFileWriterrrqrkrrrirb�loginSystem.modelsrrrrrr�<module>
s