From 6f018c97d4f0d9cc3f0947b3e5c5af149fa5e479 Mon Sep 17 00:00:00 2001
From: Romain J <romain.ordi@gmail.com>
Date: Mon, 28 Sep 2020 13:54:40 +0200
Subject: [PATCH] fix(security): fix ssti, xss

---
 app.py               | 47 ++++++++++++++++++++++++++++++++------------
 templates/index.html | 45 +++++++++++++++++++++++++++---------------
 2 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/app.py b/app.py
index a60e6d7..e8468a5 100644
--- a/app.py
+++ b/app.py
@@ -1,54 +1,75 @@
-from flask import Flask, render_template, request, redirect, url_for, make_response, Markup
+from flask import Flask, render_template, request, redirect, url_for, \
+    make_response, Markup
 from enum import Enum
 from bs4 import BeautifulSoup
 
 app = Flask('ui', static_url_path="/static")
 app.config['TEMPLATES_AUTO_RELOAD'] = True
 
+
 class Status(Enum):
-    ERREUR_LIEN = "Le lien doit être en http ou https !",
+    ERREUR_LIEN = "Le lien doit être en http ou https !"
     BON = "Lien ajouté !"
 
+
 def ecritureFichierHtml(nouvLien, cheminFichier):
-    with open(cheminFichier, 'r') as file:
+    with open(cheminFichier, 'r+') as file:
         soup = BeautifulSoup(file, 'html.parser')
-        soup.find("hr").insert_after("", nouvLien)
-    with open(cheminFichier, 'w') as file:
+        soup.find("div", {'id': 'liens'}).append(nouvLien)
+        file.seek(0)
         file.write(soup.prettify())
 
+
 @app.route('/')
 def slash():
     response = make_response(render_template("index.html"))
     response.headers["Content-Security-Policy"] = "default-src 'self'"
     return response
 
+
 @app.route("/ajout")
 def ajout():
     return render_template("ajout.html")
 
+
 @app.route("/apropos")
 def apropos():
     return render_template("apropos.html")
 
+
+@app.route("/bizutage", methods=["GET"])
+def bizutage_redirect():
+    return redirect('/')
+
+
 @app.route("/bizutage", methods=["POST"])
 def bizutage():
     if request.method == "POST":
-        lien = request.values['lien'] 
+        lien = request.values['lien'].lower()
         if not (lien.startswith("http") or lien.startswith("https")):
-            return render_template("ajout.html", erreur=Status.ERREUR_LIEN.value)
+            return render_template(
+                "ajout.html",
+                erreur=Status.ERREUR_LIEN.value
+            )
 
         titre = Markup.escape(request.values['titre'])
         desc = Markup.escape(request.values['desc'])
-        nouvLien = "<div class=\"elem\"><h2>{}</h2><p><a href=\"{}\">Lien</a></p><hr><p>{}</p>".format(titre, lien, desc)
-        nouvLienHtml = BeautifulSoup(nouvLien, "html.parser")
-        nouvLienHtmlJinja = BeautifulSoup("{% raw %}" + nouvLien + "{% endraw %}", "html.parser")
 
-        ecritureFichierHtml(nouvLienHtmlJinja, "templates/index.html")
-        ecritureFichierHtml(nouvLienHtml, "lite/index.html")
+        nouvLien = f"""
+<div class="elem">
+    <h2>{titre}</h2>
+    <p><a href="{lien}">Lien</a></p>
+    <hr>
+    <p>{desc}</p>
+</div>"""
+        nouvLienHtml = BeautifulSoup(nouvLien, "html.parser") \
+            .find("div", {"class": "elem"})
+        ecritureFichierHtml(nouvLienHtml, "templates/index.html")
 
     else:
         print("error")
     return render_template("ajout.html", reussi=Status.BON.value)
 
+
 if __name__ == "__main__":
-    app.run()
+    app.run(debug=True)
diff --git a/templates/index.html b/templates/index.html
index a8c02c3..a5425d7 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -1,24 +1,37 @@
 <!DOCTYPE html>
 <html lang="fr">
 <head>
-    <meta charset="UTF-8">
-    <link rel="stylesheet" href="/static/styles/index.css">
-    <link rel="stylesheet" href="/static/styles/base.css">
-    <title>Partage de liens</title>
+    <meta charset="utf-8"/>
+    <link href="/static/styles/index.css" rel="stylesheet"/>
+    <link href="/static/styles/base.css" rel="stylesheet"/>
+    <title>
+        Partage de liens
+    </title>
 </head>
 <body>
-    <div id="menu">
-        <h1>Liens</h1> 
-        <header>
-            <a href="ajout">Ajout</a>
-            <a href="apropos">A propos</a>
-        </header>
-    </div>
-    <hr>
+<div id="menu">
+    <h1>Liens</h1>
 
-   <footer>
-        <hr>
-        Version Alpha
-   </footer>
+    <header>
+        <a href="ajout">
+            Ajout
+        </a>
+        <a href="apropos">
+            A propos
+        </a>
+    </header>
+</div>
+
+<hr/>
+
+{% raw %}
+<div id="liens"></div>
+{% endraw %}
+
+<hr/>
+
+<footer>
+    Version Alpha
+</footer>
 </body>
 </html>