Skip to content

Commit

Permalink
Limit malicious requests from backend
Browse files Browse the repository at this point in the history 
Added 400 and 404 pages and corresponding handlers.
Added additional checks for any incoming HTTP requests that have input parameters.
  • Loading branch information
@yat17006
yat17006 committed Mar 14, 2021
1 parent 8b25e73 commit e5c6ce9
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 58 deletions.
131 changes: 75 additions & 56 deletions pserver.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from flask import Flask, render_template, request, send_file, jsonify
from flask import Flask, render_template, request, send_file, jsonify, abort
import zipfile
import json
import time
Expand All @@ -15,74 +15,93 @@ def runSimulation(input1):
# Parse simulation parameters.
Param = input1.split("&") # Parameters are separated by '&' delimiter.
print(Param)
ddd_state = (Param[0] == "true")
skip_sim = (Param[1] == "true")
sumOut = (Param[2] == "true")
logOut = (Param[3] == "true")
# Check parameter count.
if len(Param)==24: # VERY-IMPORTANT: Modify here if there are changes to total number of requests!
ddd_state = (Param[0] == "true")
skip_sim = (Param[1] == "true")
sumOut = (Param[2] == "true")
logOut = (Param[3] == "true")

packet_size = int(Param[4])
rtsa = int(Param[5])
max_queue_size = int(Param[6])
ddd_mapping_delay = int(Param[7])
propagation_delay = int(Param[8])
number_of_ddd_ports = int(Param[9])
time_to_next_ddd_port = int(Param[10])
overlap_time_old_ddd = int(Param[11])
durationSim = float(Param[12])
numbSynAckResends = int(Param[13])
clienttoRouter = int(Param[14])
routertoClient = int(Param[15])
routertoReflector = int(Param[16])
routertoNormal = int(Param[17])
normaltoRouter = int(Param[18])
reflectortoRouter = int(Param[19])
attackertoReflector = int(Param[20])
queueLimit = int(Param[21])
attackerType = float(Param[22])
amplification = float(Param[23])
packet_size = int(Param[4])
rtsa = int(Param[5])
max_queue_size = int(Param[6])
ddd_mapping_delay = int(Param[7])
propagation_delay = int(Param[8])
number_of_ddd_ports = int(Param[9])
time_to_next_ddd_port = int(Param[10])
overlap_time_old_ddd = int(Param[11])
durationSim = float(Param[12])
numbSynAckResends = int(Param[13])
clienttoRouter = int(Param[14])
routertoClient = int(Param[15])
routertoReflector = int(Param[16])
routertoNormal = int(Param[17])
normaltoRouter = int(Param[18])
reflectortoRouter = int(Param[19])
attackertoReflector = int(Param[20])
queueLimit = int(Param[21])
attackerType = float(Param[22])
amplification = float(Param[23])

response = main.runSimulation(ddd_state, skip_sim, sumOut,
logOut, packet_size, rtsa,
max_queue_size, ddd_mapping_delay,
propagation_delay, number_of_ddd_ports,
time_to_next_ddd_port, overlap_time_old_ddd,
durationSim, numbSynAckResends, clienttoRouter,
routertoClient, routertoReflector, routertoNormal,
normaltoRouter, reflectortoRouter,
attackertoReflector, queueLimit, attackerType,
amplification)
response = main.runSimulation(ddd_state, skip_sim, sumOut,
logOut, packet_size, rtsa,
max_queue_size, ddd_mapping_delay,
propagation_delay, number_of_ddd_ports,
time_to_next_ddd_port, overlap_time_old_ddd,
durationSim, numbSynAckResends, clienttoRouter,
routertoClient, routertoReflector, routertoNormal,
normaltoRouter, reflectortoRouter,
attackertoReflector, queueLimit, attackerType,
amplification)

print('Backend Simulation Total Elapsed Time:', time.time() - start_time, 'seconds')
print('Backend Simulation Total Elapsed Time:', time.time() - start_time, 'seconds')

# Converting response data structure into json string
return jsonify(response)
# Converting response data structure into json string
return jsonify(response)
else:
abort(400)


@app.route('/download/<fileName>') # This is the endpoint that the javascript code will call to run simulation on server
def download(fileName):
if fileName.startswith("log"):
return send_file("logs\\" + fileName, as_attachment=True)
elif fileName.startswith("summary"):
return send_file("summaries\\" + fileName, as_attachment=True)
try:
if fileName.startswith("log"):
return send_file("logs\\" + fileName, as_attachment=True)
elif fileName.startswith("summary"):
return send_file("summaries\\" + fileName, as_attachment=True)
else:
abort(400)
except FileNotFoundError:
abort(404)


@app.route('/download2/<statement>')
def download2(statement):
fileName = ""
newName = ""
for i in range(0, len(statement)):
# Search for delimiter.
if(statement[i] == '&'):
# Construct file names...
fileName = statement[:i]
newName = statement[i+1:]
break
# Things are over.
if fileName.startswith("log"):
return send_file("logs\\" + fileName, as_attachment=True, attachment_filename=newName)
elif fileName.startswith("summary"):
return send_file("summaries\\" + fileName, as_attachment=True, attachment_filename=newName)
# We may use split function to process the request.
tmp = statement.split("&")
fileName = tmp[0]
newName = tmp[1]
if len(tmp)==2:
try:
if fileName.startswith("log"):
return send_file("logs\\" + fileName, as_attachment=True, attachment_filename=newName)
elif fileName.startswith("summary"):
return send_file("summaries\\" + fileName, as_attachment=True, attachment_filename=newName)
else:
abort(400)
except FileNotFoundError:
abort(404)
else:
abort(400)

@app.route('/')
def index():
return render_template('temp_index.html') # This renders index.html as the starting screen

@app.errorhandler(400)
def badRequest(e):
return render_template("400.html"), 400

@app.errorhandler(404)
def pageNotFound(e):
return render_template("404.html"), 404
4 changes: 2 additions & 2 deletions readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ Group 22 in 2020-2021 CSE SDP is assigned to make a simulator and visualization
## Installing flask:
There are two options to get started on Windows.

### Option 1: Get Started for Flask on Windows with Python for Windows.
### Option 1: Get Started for Flask on Windows with Python for Windows. (Recommended!)
The essential thing to get started is to install `Python` and then to install `flask`. Due to the versioning issues of `Python`, please make sure you are installing the correct version. We recommend installing `Python` via the official website: https://www.python.org/downloads/ <br>
As an additional note, Windows 7 is no longer supported in `3.9.x` version of `Python`. Please download the [3.8.7 version](https://www.python.org/downloads/release/python-387/) in case you are using Windows 7.
As an additional note, Windows 7 is no longer supported in `3.9.x` version of `Python`. Please download the [3.8.8 version](https://www.python.org/downloads/release/python-388/) in case you are using Windows 7.


Follow these steps to get started:
Expand Down
8 changes: 8 additions & 0 deletions templates/400.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<!DOCTYPE html>
<html lang="en">
<body>
<h1>Request Error</h1>
<p>Further details: Error 400. Bad Request.</p>
<p>Check your URL! Either your URL does not meet our syntax, or you are not request correct thing at all!</p>
</body>
</html>
8 changes: 8 additions & 0 deletions templates/404.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<!DOCTYPE html>
<html lang="en">
<body>
<h1>Request Error</h1>
<p>Further details: Error 404. Page Not Found.</p>
<p>Check your URL! You are making an incorrect request!</p>
</body>
</html>

0 comments on commit e5c6ce9

Please sign in to comment.