diff options
Diffstat (limited to 'module/obmc/wsgi/apps/rest_dbus.py')
-rw-r--r-- | module/obmc/wsgi/apps/rest_dbus.py | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py index f92a67a..f761df9 100644 --- a/module/obmc/wsgi/apps/rest_dbus.py +++ b/module/obmc/wsgi/apps/rest_dbus.py @@ -31,6 +31,7 @@ import crypt import tempfile import re import mimetypes +import fnmatch have_wsock = True try: from geventwebsocket import WebSocketError @@ -1450,6 +1451,36 @@ class ContentCheckerPlugin(object): return self.Checker(content_type, callback) +class CheckURLPlugin(object): + ''' Ensures that anything read and written using only urls listed in + the url_config.json config file would allowed. ''' + name = 'url_checker' + api = 2 + + def __init__(self): + config_path = '/usr/share/rest-dbus/url_config.json' + url_config = {} + urls = {} + self.pattern = {} + if os.path.exists(config_path): + try: + with open(config_path) as data_file: + url_config = json.load(data_file) + urls = url_config.get("urls", ["*"]) + self.pattern = '|'.join(fnmatch.translate(p) for p in urls) + self.pattern = re.compile(self.pattern) + except ValueError as e: + abort(404, str(e)) + else: + abort(404, "Config file path not found for Whitelisted URLs") + + def apply(self, callback, route): + + def wrap(*a, **kw): + if self.pattern.match(request.path): + return callback(*a, **kw) + abort(404,"Trying to access Blocked URL") + return wrap class App(Bottle): def __init__(self, **kw): @@ -1478,6 +1509,7 @@ class App(Bottle): self.install(JsonApiResponsePlugin(self)) self.install(JsonApiRequestPlugin()) self.install(JsonApiRequestTypePlugin()) + self.install(CheckURLPlugin()) def install_hooks(self): self.error_handler_type = type(self.default_error_handler) |