dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-18 17:16:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

disallow shell scripting in web by default

Browse Source
This commit is contained in:
Jan Prochazka
2022-03-20 11:17:49 +01:00
parent 6fb582249c
commit 2bec053809
11 changed files with 204 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
packages/api/src/controllers/config.js
View File

@@ -34,6 +34,7 @@ module.exports = {
singleDatabase: connections.singleDatabase,
hideAppEditor: !!process.env.HIDE_APP_EDITOR,
allowShellConnection: platformInfo.allowShellConnection,
allowShellScripting: platformInfo.allowShellConnection,
permissions,
...currentVersion,
};

2
packages/api/src/controllers/plugins.js
View File

@@ -73,7 +73,7 @@ module.exports = {
const res = [];
for (const packageName of _.union(files1, files2)) {
if (packageName == 'dist') continue;
// if (!/^dbgate-plugin-.*$/.test(packageName)) continue;
if (!/^dbgate-plugin-.*$/.test(packageName)) continue;
try {
if (packagedContent && packagedContent[packageName]) {
const manifest = {

17
packages/api/src/controllers/runners.js
View File

@@ -6,9 +6,10 @@ const byline = require('byline');
const socket = require('../utility/socket');
const { fork } = require('child_process');
const { rundir, uploadsdir, pluginsdir, getPluginBackendPath, packagedPluginList } = require('../utility/directories');
const { extractShellApiPlugins, extractShellApiFunctionName } = require('dbgate-tools');
const { extractShellApiPlugins, extractShellApiFunctionName, jsonScriptToJavascript } = require('dbgate-tools');
const { handleProcessCommunication } = require('../utility/processComm');
const processArgs = require('../utility/processArgs');
const platformInfo = require('../utility/platformInfo');
function extractPlugins(script) {
const requireRegex = /\s*\/\/\s*@require\s+([^\s]+)\s*\n/g;
@@ -148,12 +149,18 @@ module.exports = {
},
start_meta: true,
async start({ script, isGeneratedScript }) {
if (!isGeneratedScript && process.env.DISABLE_SHELL) {
return { errorMessage: 'Shell is disabled' };
async start({ script }) {
const runid = uuidv1();
if (script.type == 'json') {
const js = jsonScriptToJavascript(script);
return this.startCore(runid, scriptTemplate(js, false));
}
if (!platformInfo.allowShellScripting) {
return { errorMessage: 'Shell scripting is not allowed' };
}
const runid = uuidv1();
return this.startCore(runid, scriptTemplate(script, false));
},

1
packages/api/src/utility/platformInfo.js
View File

@@ -40,6 +40,7 @@ const platformInfo = {
platform,
runningInWebpack: !!process.env.WEBPACK_DEV_SERVER_URL,
allowShellConnection: !!process.env.SHELL_CONNECTION || !!isElectron(),
allowShellScripting: !!process.env.SHELL_SCRIPTING || !!isElectron(),
defaultKeyfile: path.join(os.homedir(), '.ssh/id_rsa'),
};