Initial YakPanel commit

class/safe_warning/sw_site_spath.py

@@ -0,0 +1,93 @@
+#!/usr/bin/python
+#coding: utf-8
+# -------------------------------------------------------------------
+# YakPanel
+# -------------------------------------------------------------------
+# Copyright (c) 2015-2099 YakPanel(www.yakpanel.com) All rights reserved.
+# -------------------------------------------------------------------
+# Author: hwliang <hwl@yakpanel.com>
+# -------------------------------------------------------------------
+
+# -------------------------------------------------------------------
+# 检测网站是否开启防跨站
+# -------------------------------------------------------------------
+
+
+import os,sys,re,public
+
+_title = 'Website anti-cross-site detection'
+_version = 1.0                              # 版本
+_ps = "Check the website to prevent cross-site"              # 描述
+_level = 1                                  # 风险级别： 1.提示(低)  2.警告(中)  3.危险(高)
+_date = '2020-08-05'                        # 最后更新时间
+_ignore = os.path.exists("data/warning/ignore/sw_site_spath.pl")
+_tips = [
+    "On the [WebSite] page, [Settings]-[Site Directory], turn on the [Anti-cross-site attack (open_basedir)] function"
+    ]
+
+_help = ''
+_remind = 'This solution can prevent hackers from stealing server information across directories, and strengthen the protection of the website. '
+
+def check_run():
+    '''
+        @name 开始检测
+        @author hwliang<2020-08-05>
+        @return tuple (status<bool>,msg<string>)
+    '''
+    not_uini = []
+    site_list = public.M('sites').where('status=? AND project_type=?',(1,'PHP')).field('name,path').select()
+    for s in site_list:
+        path = get_site_run_path(s['name'],s['path'])
+        user_ini = path + '/.user.ini'
+        if os.path.exists(user_ini): continue
+        not_uini.append(s['name'])
+    if not_uini:
+        return False,'The following websites are not enabled for cross-site prevention:<br />' + ('<br />'.join(not_uini))
+    return True,'Rick-free'
+
+
+
+webserver_type = None
+setupPath = '/www/server'
+def get_site_run_path(siteName,sitePath):
+    '''
+        @name 获取网站运行目录
+        @author hwliang<2020-08-05>
+        @param siteName(string) 网站名称
+        @param sitePath(string) 网站根目录
+        @return string
+    '''
+    global webserver_type,setupPath
+    if not webserver_type:
+        webserver_type = public.get_webserver()
+    path = None
+    if webserver_type == 'nginx':
+        filename = setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
+        if os.path.exists(filename):
+            conf = public.readFile(filename)
+            rep = r'\s*root\s+(.+);'
+            tmp1 = re.search(rep,conf)
+            if tmp1: path = tmp1.groups()[0]
+
+    elif webserver_type == 'apache':
+        filename = setupPath + '/panel/vhost/apache/' + siteName + '.conf'
+        if os.path.exists(filename):
+            conf = public.readFile(filename)
+            rep = r'\s*DocumentRoot\s*"(.+)"\s*\n'
+            tmp1 = re.search(rep,conf)
+            if tmp1: path = tmp1.groups()[0]
+    else:
+        filename = setupPath + '/panel/vhost/openlitespeed/' + siteName + '.conf'
+        if os.path.exists(filename):
+            conf = public.readFile(filename)
+            rep = r"vhRoot\s*(.*)"
+            path = re.search(rep,conf)
+            if not path:
+                path = None
+            else:
+                path = path.groups()[0]
+
+    if not path:
+        path = sitePath
+
+    return path