From cc0abda3f056418092eae3df3d1d7f9ea52ab48d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Wed, 21 Feb 2024 11:05:42 +0100 Subject: [PATCH] Update Content-Security-Policy header and fix metrics and ping data retrieval --- src/ui/main.py | 11 ++++------- src/ui/src/Instances.py | 14 ++++++++------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/src/ui/main.py b/src/ui/main.py index db31140e2..f6e7d742b 100755 --- a/src/ui/main.py +++ b/src/ui/main.py @@ -291,7 +291,7 @@ def manage_bunkerweb(method: str, *args, operation: str = "reloads", is_draft: b @app.after_request def set_csp_header(response): """Set the Content-Security-Policy header to prevent XSS attacks.""" - response.headers["Content-Security-Policy"] = "object-src 'none'; frame-ancestors 'self';" + response.headers["Content-Security-Policy"] = "object-src 'none'; frame-ancestors 'self'; default-src 'self'" return response @@ -1281,7 +1281,7 @@ def custom_plugin(plugin: str): message = f'The plugin "{plugin}" does not have a template' app.logger.error(message) return message, 404 - + # Case template, prepare data plugins = app.config["CONFIG"].get_plugins() plugin_id = None @@ -1302,13 +1302,13 @@ def custom_plugin(plugin: str): message = f'Plugin "{plugin}" not found' app.logger.error(message) return message, 404 - + config = app.config["CONFIG"].get_config(methods=False) # Check if we are using metrics for service in config.get("SERVER_NAME", "").split(" "): # specific case - if config.get(f"{service}_USE_METRICS", "no") != "no": + if config.get(f"{service}_USE_METRICS", "yes") != "no": is_metrics_on = True break @@ -1351,7 +1351,6 @@ def custom_plugin(plugin: str): if config.get(use_key, "no") != "no": is_used = True - if context == "multisite": for service in config.get("SERVER_NAME", "").split(" "): # specific case @@ -1367,7 +1366,6 @@ def custom_plugin(plugin: str): if config.get(f"{service}_{use_key}", "no") != "no": is_used = True break - return render_template( Environment(loader=FileSystemLoader(join(sep, "usr", "share", "bunkerweb", "ui", "templates") + "/")).from_string(page.decode("utf-8")), @@ -1382,7 +1380,6 @@ def custom_plugin(plugin: str): plugins_pro=PRO_PLUGINS_LIST, ) - module = db.get_plugin_actions(plugin) if module is None: diff --git a/src/ui/src/Instances.py b/src/ui/src/Instances.py index dc3b6e7e4..2e2e30fb9 100644 --- a/src/ui/src/Instances.py +++ b/src/ui/src/Instances.py @@ -382,6 +382,8 @@ class Instances: # Get metrics from all instances metrics = {} for instance in self.get_instances(): + instance_name = instance.name if instance.name != "local" else "127.0.0.1" + try: if plugin_id == "redis": resp, instance_metrics = instance.metrics_redis() @@ -394,10 +396,10 @@ class Instances: if not resp: continue - if not instance_metrics.get(instance.name, {"msg": None})["msg"] or not isinstance(instance_metrics[instance.name]["msg"], dict) or instance_metrics[instance.name]["status"] != "success": + if not isinstance(instance_metrics.get(instance_name, {"msg": None}).get("msg"), dict) or instance_metrics[instance_name].get("status", "error") != "success": continue - metric_data = instance_metrics[instance.name]["msg"] + metric_data = instance_metrics[instance_name]["msg"] # Update metrics looking for value type for key, value in metric_data.items(): @@ -436,17 +438,17 @@ class Instances: # Need at least one instance to get a success ping to return success ping = {"status": "error"} for instance in self.get_instances(): + instance_name = instance.name if instance.name != "local" else "127.0.0.1" + try: resp, ping_data = instance.ping(plugin_id) except: continue - if not resp: - continue - if instance.name not in ping_data or ping_data[instance.name]["msg"] is None: + if not resp or not isinstance(ping_data.get(instance_name, {"msg": None}).get("msg"), dict): continue - if ping_data[instance.name]["status"] == "success": + if ping_data[instance_name].get("status", "error") == "success": ping["status"] = "success" break