dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-19 09:36:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

disallow shell scripting in web by default

Browse Source
This commit is contained in:
Jan Prochazka
2022-03-20 11:17:49 +01:00
parent 6fb582249c
commit 2bec053809
11 changed files with 204 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/api/src/controllers/runners.js
View File

@@ -6,9 +6,10 @@ const byline = require('byline');
const socket = require('../utility/socket');
const { fork } = require('child_process');
const { rundir, uploadsdir, pluginsdir, getPluginBackendPath, packagedPluginList } = require('../utility/directories');
const { extractShellApiPlugins, extractShellApiFunctionName } = require('dbgate-tools');
const { extractShellApiPlugins, extractShellApiFunctionName, jsonScriptToJavascript } = require('dbgate-tools');
const { handleProcessCommunication } = require('../utility/processComm');
const processArgs = require('../utility/processArgs');
const platformInfo = require('../utility/platformInfo');
function extractPlugins(script) {
const requireRegex = /\s*\/\/\s*@require\s+([^\s]+)\s*\n/g;
@@ -148,12 +149,18 @@ module.exports = {
},
start_meta: true,
async start({ script, isGeneratedScript }) {
if (!isGeneratedScript && process.env.DISABLE_SHELL) {
return { errorMessage: 'Shell is disabled' };
async start({ script }) {
const runid = uuidv1();
if (script.type == 'json') {
const js = jsonScriptToJavascript(script);
return this.startCore(runid, scriptTemplate(js, false));
}
if (!platformInfo.allowShellScripting) {
return { errorMessage: 'Shell scripting is not allowed' };
}
const runid = uuidv1();
return this.startCore(runid, scriptTemplate(script, false));
},