fix(security): add better verification for links
This commit is contained in:
parent
6f018c97d4
commit
2658a6df65
27
app.py
27
app.py
|
@ -1,17 +1,34 @@
|
|||
from flask import Flask, render_template, request, redirect, url_for, \
|
||||
make_response, Markup
|
||||
from flask import Flask, render_template, request, redirect, make_response, \
|
||||
Markup
|
||||
from enum import Enum
|
||||
from bs4 import BeautifulSoup
|
||||
import re
|
||||
|
||||
app = Flask('ui', static_url_path="/static")
|
||||
app.config['TEMPLATES_AUTO_RELOAD'] = True
|
||||
|
||||
DEBUG = False
|
||||
|
||||
|
||||
class Status(Enum):
|
||||
ERREUR_LIEN = "Le lien doit être en http ou https !"
|
||||
ERREUR_LIEN = "Le lien doit être en http ou https et valide !"
|
||||
BON = "Lien ajouté !"
|
||||
|
||||
|
||||
def valideUrl(url: str) -> bool:
|
||||
# thx django
|
||||
regex = re.compile(
|
||||
r'^(?:http|ftp)s?://' # http:// or https://
|
||||
r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain...
|
||||
r'localhost|' # localhost...
|
||||
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4
|
||||
r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6
|
||||
r'(?::\d+)?' # optional port
|
||||
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
|
||||
|
||||
return bool(re.search(regex, url))
|
||||
|
||||
|
||||
def ecritureFichierHtml(nouvLien, cheminFichier):
|
||||
with open(cheminFichier, 'r+') as file:
|
||||
soup = BeautifulSoup(file, 'html.parser')
|
||||
|
@ -46,7 +63,7 @@ def bizutage_redirect():
|
|||
def bizutage():
|
||||
if request.method == "POST":
|
||||
lien = request.values['lien'].lower()
|
||||
if not (lien.startswith("http") or lien.startswith("https")):
|
||||
if not valideUrl(lien):
|
||||
return render_template(
|
||||
"ajout.html",
|
||||
erreur=Status.ERREUR_LIEN.value
|
||||
|
@ -72,4 +89,4 @@ def bizutage():
|
|||
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(debug=True)
|
||||
app.run(debug=DEBUG)
|
||||
|
|
Loading…
Reference in a new issue