yakpanel-core/class/panelWaf.py

#!/usr/bin/python
#coding: utf-8
# Author: lkqiang<lkq@yakpanel.com>
# panelWaf.py
# code: 面板基础安全类
# +-------------------------------------------------------------------
import re,json,sys,public,os
flag_file='/www/server/panel/data/tmp1.json'

try:
    import libinjection
except:
    if not os.path.exists(flag_file):
        public.WriteFile(flag_file,'1')
    else:
        count_size=public.ReadFile(flag_file)
        if count_size.strip().isdigit():
            if int(count_size.strip())>= 5:
                    exit(False)
            else:
                public.WriteFile(flag_file, str(int(count_size.strip())+1))
        else:public.WriteFile(flag_file,'1')
    if os.path.exists('/www/server/panel/pyenv/bin/python3'):
        public.ExecShell('/www/server/panel/pyenv/bin/pip install Cython')
        public.ExecShell('/www/server/panel/pyenv/bin/pip install libinjection-python')
    else:
        public.ExecShell('pip install Cython')
        public.ExecShell('pip install libinjection-python')

class panelWaf:
    ##json_data => {"username":"admin","password":"123456!@#$%%^"}
    def is_sql(self,json_data):
        for i in json_data:
            try:
                if type(json_data[i])==str:
                    if libinjection.is_sql_injection(json_data[i])['is_sqli']:
                        return True
            except:continue
        else:return False

    ##json_data => {"username":"admin","password":"123456!@#$%%^"}
    def is_xss(self,json_data):
        for i in json_data:
            try:
                if type(json_data[i]) == str:
                    if libinjection.is_xss(json_data[i])['is_xss']:
                        return True
            except:continue
        else:return False