diff --git a/analysis/classes/suricataengine.py b/analysis/classes/suricataengine.py index c50a41f..98db0a2 100644 --- a/analysis/classes/suricataengine.py +++ b/analysis/classes/suricataengine.py @@ -28,8 +28,8 @@ class SuricataEngine(): # Generate the rule file an launch suricata. if self.generate_rule_file(): - sp.Popen("suricata -S {} -r {} -l /tmp/".format(self.rules_file, - self.pcap_path), shell=True).wait() + sp.Popen(["suricata", "-S", self.rules_file, "-r", + self.pcap_path, "-l", "/tmp/"]).wait() # Let's parse the log file. for line in open("/tmp/fast.log", "r").readlines(): diff --git a/config.yaml b/config.yaml index 5b8ecc7..a0e9539 100644 --- a/config.yaml +++ b/config.yaml @@ -29,8 +29,8 @@ analysis: # access to it from remote location. # backend: - login: tinycheck - password: 2de5a04967d6cffd33243bb226db194b97e1d6d1331eea3ad1e8c5e9f6e58315 + login: userlogin + password: userpassword remote_access: true # FRONTEND - @@ -41,7 +41,7 @@ frontend: download_links: false hide_mouse: true kiosk_mode: true - remote_access: false + remote_access: true sparklines: true virtual_keyboard: true diff --git a/server/backend/app/classes/config.py b/server/backend/app/classes/config.py index 43cd3a4..2cfbcc8 100644 --- a/server/backend/app/classes/config.py +++ b/server/backend/app/classes/config.py @@ -40,13 +40,21 @@ class Config(object): Write a new value in the configuration :return: bool, operation status """ + config = yaml.load( open(os.path.join(self.dir, "config.yaml"), "r"), Loader=yaml.SafeLoader) - config[cat][key] = value if key != "password" else self.make_password( - value) - if cat == "network" and key == "in": - self.edit_configuration_files(value) + if cat == "network" and key in ["in", "out"]: + if re.match("^wlan[0-9]{1}$", value): + if key == "in": + self.edit_configuration_files(value) + config[cat][key] = value + else: + return False + elif cat == "backend" and key == "password": + config[cat][key] = self.make_password(value) + else: + config[cat][key] = value with open(os.path.join(self.dir, "config.yaml"), "w") as yaml_file: yaml_file.write(yaml.dump(config, default_flow_style=False)) diff --git a/server/backend/main.py b/server/backend/main.py index bb71d6d..5ea6b3a 100644 --- a/server/backend/main.py +++ b/server/backend/main.py @@ -62,7 +62,7 @@ if __name__ == '__main__': ssl_key = "{}/{}".format(path[0], 'key.pem') if read_config(("backend", "remote_access")): - app.run(host="0.0.0.0", debug=True, port=443, + app.run(host="0.0.0.0", port=443, ssl_context=(ssl_cert, ssl_key)) else: - app.run(port=443, debug=True, ssl_context=(ssl_cert, ssl_key)) + app.run(port=443, ssl_context=(ssl_cert, ssl_key)) diff --git a/server/frontend/app/classes/analysis.py b/server/frontend/app/classes/analysis.py index e8ae478..8a20d75 100644 --- a/server/frontend/app/classes/analysis.py +++ b/server/frontend/app/classes/analysis.py @@ -23,8 +23,8 @@ class Analysis(object): if self.token is not None: parent = "/".join(sys.path[0].split("/")[:-2]) - sp.Popen("{} {}/analysis/analysis.py /tmp/{}".format(sys.executable, - parent, self.token), shell=True) + sp.Popen( + [sys.executable, "{}/analysis/analysis.py".format(parent), "/tmp/{}".format(self.token)]) return {"status": True, "message": "Analysis started", "token": self.token} diff --git a/server/frontend/app/classes/capture.py b/server/frontend/app/classes/capture.py index b8825ba..944a415 100644 --- a/server/frontend/app/classes/capture.py +++ b/server/frontend/app/classes/capture.py @@ -45,8 +45,8 @@ class Capture(object): mkdir(self.working_dir) try: - sp.Popen( - "tshark -i {} -w {} -f \"tcp or udp\" ".format(self.iface, self.pcap), shell=True) + sp.Popen(["tshark", "-i", self.iface, "-w", + self.pcap, "-f", "tcp or udp"]) return {"status": True, "message": "Capture started", "capture_token": self.capture_token} diff --git a/server/frontend/app/classes/network.py b/server/frontend/app/classes/network.py index 30b7205..f0f763b 100644 --- a/server/frontend/app/classes/network.py +++ b/server/frontend/app/classes/network.py @@ -132,17 +132,15 @@ class Network(object): def wifi_connect(self): """ - Connect to one of the WiFi networks present in the - WPA_CONF_PERSIT_FILE. - + Connect to one of the WiFi networks present in the wpa_supplicant.conf. :return: dict containing the TinyCheck <-> AP status. """ # Kill wpa_supplicant instances, if any. terminate_process("wpa_supplicant") # Launch a new instance of wpa_supplicant. - sp.Popen("wpa_supplicant -B -i {} -c {}".format(self.iface_out, - "/etc/wpa_supplicant/wpa_supplicant.conf"), shell=True).wait() + sp.Popen(["wpa_supplicant", "-B", "-i", self.iface_out, "-c", + "/etc/wpa_supplicant/wpa_supplicant.conf"]).wait() # Check internet status for _ in range(1, 40): if self.check_internet(): @@ -235,9 +233,9 @@ class Network(object): # Kill potential zombies of hostapd terminate_process("hostapd") - sp.Popen("ifconfig {} up".format(self.iface_in), shell=True).wait() + sp.Popen(["ifconfig", self.iface_in, "up"]).wait() sp.Popen( - "/usr/sbin/hostapd {} > /tmp/hostapd.log".format("/tmp/hostapd.conf"), shell=True) + "/usr/sbin/hostapd /tmp/hostapd.conf > /tmp/hostapd.log", shell=True) while True: if path.isfile("/tmp/hostapd.log"): @@ -293,8 +291,8 @@ class Network(object): try: sp.Popen("echo 1 > /proc/sys/net/ipv4/ip_forward", shell=True).wait() - sp.Popen("iptables -A POSTROUTING -t nat -o {} -j MASQUERADE".format( - self.iface_out), shell=True).wait() + sp.Popen(["iptables", "-A", "POSTROUTING", "-t", "nat", "-o", + self.iface_out, "-j", "MASQUERADE"]).wait() return True except: return False @@ -304,8 +302,8 @@ class Network(object): This enable interfaces, with a simple check. :return: bool if everything goes well """ - sh = sp.Popen("ifconfig {} ".format(iface), - stdout=sp.PIPE, stderr=sp.PIPE, shell=True) + sh = sp.Popen(["ifconfig", iface], + stdout=sp.PIPE, stderr=sp.PIPE) sh = sh.communicate() if b"