Some improvements and modifications related to the issue #25

server/backend/app/blueprints/config.py

@@ -9,6 +9,7 @@ import sys
 config_bp = Blueprint("config", __name__)
 config = Config()
 
+
 @config_bp.route('/switch/<cat>/<key>', methods=['GET'])
 @require_header_token
 def switch(cat, key):
@@ -18,20 +19,21 @@ def switch(cat, key):
     """
     try:
         value = config.read_config((cat, key))
-        if value: 
+        if value:
             config.write_config(cat, key, False)
-            res = { "status"  : True, 
-                    "message" : "Key switched to false" }
+            res = {"status": True,
+                   "message": "Key switched to false"}
         else:
             config.write_config(cat, key, True)
-            res = { "status"  : True, 
-                    "message" : "Key switched to true" }
+            res = {"status": True,
+                   "message": "Key switched to true"}
     except:
-        res = { "status"  : True, 
-                "message" : "Issue while changing value" }
-        
+        res = {"status": True,
+               "message": "Issue while changing value"}
+
     return jsonify(res)
 
+
 @config_bp.route('/edit/<cat>/<key>/<path:value>', methods=['GET'])
 @require_header_token
 def edit(cat, key, value):
@@ -39,15 +41,8 @@ def edit(cat, key, value):
         Edit the string (or array) value of a configuration key.
         :return: status in JSON
     """
-    value = value.split("|") if "|" in value else value
-    if config.write_config(cat, key, value):
-        res = { "status"  : True, 
-                "message" : "Configuration updated" }
-    else:
-        res = { "status"  : False, 
-                "message" : "Can't edit this configuration key" }
-                
-    return jsonify(res)
+    return jsonify(config.write_config(cat, key, value))
+
 
 @config_bp.route('/db/export', methods=['GET'])
 @require_get_token
@@ -58,6 +53,7 @@ def export_db():
     """
     return config.export_db()
 
+
 @config_bp.route('/db/import', methods=['POST'])
 @require_header_token
 def import_db():
@@ -70,13 +66,14 @@ def import_db():
         assert f.read(15) == b"SQLite format 3"
         d = "/".join(sys.path[0].split("/")[:-2])
         f.save("/{}/tinycheck.sqlite3".format(d))
-        res = { "status"  : True, 
-                "message" : "Database updated" }
+        res = {"status": True,
+               "message": "Database updated"}
     except:
-        res = { "status"  : False, 
-                "message" : "Error while database upload" }
+        res = {"status": False,
+               "message": "Error while database upload"}
     return jsonify(res)
-    
+
+
 @config_bp.route('/list', methods=['GET'])
 def list():
     """
@@ -85,4 +82,4 @@ def list():
     """
     res = config.export_config()
     res["backend"]["password"] = ""
-    return jsonify(res)
+    return jsonify(res)

server/backend/app/classes/config.py

@@ -44,21 +44,55 @@ class Config(object):
         config = yaml.load(
             open(os.path.join(self.dir, "config.yaml"), "r"), Loader=yaml.SafeLoader)
 
+        # Some checks prior configuration changes.
+        if cat not in config:
+            return {"status": False,
+                    "message": "Wrong category specified"}
+
+        if key not in config[cat]:
+            return {"status": False,
+                    "message": "Wrong key specified"}
+
+        # Changes for network interfaces.
         if cat == "network" and key in ["in", "out"]:
             if re.match("^wlan[0-9]{1}$", value):
                 if key == "in":
                     self.edit_configuration_files(value)
                 config[cat][key] = value
             else:
-                return False
+                return {"status": False,
+                        "message": "Wrong value specified"}
+
+        # Changes for network SSIDs.
+        elif cat == "network" and key == "ssids":
+            ssids = list(set(value.split("|"))) if "|" in value else [value]
+            if len(ssids):
+                config[cat][key] = ssids
+
+        # Changes for watchers.
+        elif cat == "watchers" and key in ["iocs", "whitelists"]:
+            urls = []
+            values = list(set(value.split("|"))) if "|" in value else [value]
+            for value in values:  # Preventing SSRF based on watchers URLs.
+                if "https://raw.githubusercontent.com" in value[0:33]:
+                    urls.append(value)
+            if len(urls):
+                config[cat][key] = urls
+
+        # Changes for backend password.
         elif cat == "backend" and key == "password":
             config[cat][key] = self.make_password(value)
+
+        # Changes for anything not specified.
+        # Warning: can break your config if you play with it (eg. arrays, ints & bools).
         else:
-            config[cat][key] = value
+            if len(value):
+                config[cat][key] = value
 
         with open(os.path.join(self.dir, "config.yaml"), "w") as yaml_file:
             yaml_file.write(yaml.dump(config, default_flow_style=False))
-            return True
+            return {"status": True,
+                    "message": "Configuration updated"}
 
     def make_password(self, clear_text):
         """
@@ -86,7 +120,7 @@ class Config(object):
         try:
             return [i for i in os.listdir("/sys/class/net/") if i.startswith("wlan")]
         except:
-            return ["Fake iface1", "Fake iface 2"]
+            return ["Interface not found", "Interface not found"]
 
     def edit_configuration_files(self, iface):
         """
@@ -103,6 +137,7 @@ class Config(object):
                         content[i] = "interface {}\n".format(iface)
                 with open("/etc/dhcpcd.conf", 'w') as file:
                     file.writelines(content)
+
                 # Edit of DNSMASQ.conf
                 with open("/etc/dnsmasq.conf", 'r') as file:
                     content = file.readlines()