From fac1dd3d61d8532cf566ad69af9ab6e28cd0216c Mon Sep 17 00:00:00 2001 From: Andrew Welker Date: Tue, 27 Oct 2020 13:43:37 -0600 Subject: [PATCH 1/2] add protections for invalid paths in logo server --- PepperDashEssentials/UI/HttpLogoServer.cs | 65 ++++++++++++----------- 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/PepperDashEssentials/UI/HttpLogoServer.cs b/PepperDashEssentials/UI/HttpLogoServer.cs index 3bebbfd8..b81a51f4 100644 --- a/PepperDashEssentials/UI/HttpLogoServer.cs +++ b/PepperDashEssentials/UI/HttpLogoServer.cs @@ -1,13 +1,10 @@ using System; using System.Collections.Generic; -using System.Linq; -using System.Text; using Crestron.SimplSharp; using Crestron.SimplSharp.CrestronIO; using Crestron.SimplSharp.Net.Http; using PepperDash.Core; -using PepperDash.Essentials.Core; namespace PepperDash.Essentials { @@ -16,12 +13,12 @@ namespace PepperDash.Essentials /// /// /// - HttpServer Server; + readonly HttpServer _server; /// /// /// - string FileDirectory; + readonly string _fileDirectory; /// /// @@ -45,18 +42,17 @@ namespace PepperDash.Essentials //{ ".js", "application/javascript" }, //{ ".json", "application/json" }, //{ ".map", "application/x-navimap" }, - { ".pdf", "application.pdf" }, + { ".pdf", "application/pdf" }, { ".png", "image/png" }, //{ ".txt", "text/plain" }, }; - Server = new HttpServer(); - Server.Port = port; - FileDirectory = directory; - Server.OnHttpRequest += new OnHttpRequestHandler(Server_OnHttpRequest); - Server.Open(); + _server = new HttpServer {Port = port}; + _fileDirectory = directory; + _server.OnHttpRequest += Server_OnHttpRequest; + _server.Open(); - CrestronEnvironment.ProgramStatusEventHandler += new ProgramStatusEventHandler(CrestronEnvironment_ProgramStatusEventHandler); + CrestronEnvironment.ProgramStatusEventHandler += CrestronEnvironment_ProgramStatusEventHandler; } /// @@ -67,27 +63,40 @@ namespace PepperDash.Essentials var path = args.Request.Path; Debug.Console(2, "HTTP Request with path: '{0}'", args.Request.Path); - if (File.Exists(FileDirectory + path)) + try { - string filePath = path.Replace('/', '\\'); - string localPath = string.Format(@"{0}{1}", FileDirectory, filePath); - - Debug.Console(2, "HTTP Logo Server attempting to find file: '{0}'", localPath); - if (File.Exists(localPath)) + if (File.Exists(_fileDirectory + path)) { - args.Response.Header.ContentType = GetContentType(new FileInfo(localPath).Extension); - args.Response.ContentStream = new FileStream(localPath, FileMode.Open, FileAccess.Read); + var filePath = path.Replace('/', '\\'); + var localPath = string.Format(@"{0}{1}", _fileDirectory, filePath); + + Debug.Console(2, "HTTP Logo Server attempting to find file: '{0}'", localPath); + if (File.Exists(localPath)) + { + args.Response.Header.ContentType = GetContentType(new FileInfo(localPath).Extension); + args.Response.ContentStream = new FileStream(localPath, FileMode.Open, FileAccess.Read); + } + else + { + Debug.Console(2, "HTTP Logo Server Cannot find file '{0}'", localPath); + args.Response.ContentString = string.Format("Not found: '{0}'", filePath); + args.Response.Code = 404; + } } else { - Debug.Console(2, "HTTP Logo Server Cannot find file '{0}'", localPath); - args.Response.ContentString = string.Format("Not found: '{0}'", filePath); + Debug.Console(2, "HTTP Logo Server: '{0}' does not exist", _fileDirectory + path); + args.Response.ContentString = string.Format("Not found: '{0}'", _fileDirectory + path); args.Response.Code = 404; } } - else + catch (Exception ex) { - Debug.Console(2, "HTTP Logo Server: '{0}' does not exist", FileDirectory + path); + Debug.Console(0, Debug.ErrorLogLevel.Error, "Exception getting file: {0}", ex.Message); + Debug.Console(0, Debug.ErrorLogLevel.Error, "Stack Trace: {0}", ex.StackTrace); + + args.Response.Code = 400; + args.Response.ContentString = string.Format("invalid request"); } } @@ -97,7 +106,7 @@ namespace PepperDash.Essentials void CrestronEnvironment_ProgramStatusEventHandler(eProgramStatusEventType programEventType) { if (programEventType == eProgramStatusEventType.Stopping) - Server.Close(); + _server.Close(); } /// @@ -107,11 +116,7 @@ namespace PepperDash.Essentials /// public static string GetContentType(string extension) { - string type; - if (ExtensionContentTypes.ContainsKey(extension)) - type = ExtensionContentTypes[extension]; - else - type = "text/plain"; + var type = ExtensionContentTypes.ContainsKey(extension) ? ExtensionContentTypes[extension] : "text/plain"; return type; } } From dd6e26ae4bd590835f313cc3c9fb6caeccf1541f Mon Sep 17 00:00:00 2001 From: Andrew Welker Date: Tue, 27 Oct 2020 13:43:58 -0600 Subject: [PATCH 2/2] add logic to only start logo server if it's required --- PepperDashEssentials/ControlSystem.cs | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/PepperDashEssentials/ControlSystem.cs b/PepperDashEssentials/ControlSystem.cs index 9802c176..9f8022de 100644 --- a/PepperDashEssentials/ControlSystem.cs +++ b/PepperDashEssentials/ControlSystem.cs @@ -538,6 +538,20 @@ namespace PepperDash.Essentials /// void LoadLogoServer() { + if (ConfigReader.ConfigObject.Rooms == null) + { + Debug.Console(0, Debug.ErrorLogLevel.Notice, "No rooms configured. Bypassing Logo server startup."); + return; + } + + if ( + !ConfigReader.ConfigObject.Rooms.Any( + CheckRoomConfig)) + { + Debug.Console(0, Debug.ErrorLogLevel.Notice, "No rooms configured to use system Logo server. Bypassing Logo server startup"); + return; + } + try { LogoServer = new HttpLogoServer(8080, Global.DirectorySeparator + "html" + Global.DirectorySeparator + "logo"); @@ -547,5 +561,30 @@ namespace PepperDash.Essentials Debug.Console(0, Debug.ErrorLogLevel.Notice, "NOTICE: Logo server cannot be started. Likely already running in another program"); } } + + private bool CheckRoomConfig(DeviceConfig c) + { + string logoDark = null; + string logoLight = null; + string logo = null; + + if (c.Properties["logoDark"] != null) + { + logoDark = c.Properties["logoDark"].Value("type"); + } + + if (c.Properties["logoLight"] != null) + { + logoLight = c.Properties["logoLight"].Value("type"); + } + + if (c.Properties["logo"] != null) + { + logo = c.Properties["logo"].Value("type"); + } + + return ((logoDark != null && logoDark == "system") || + (logoLight != null && logoLight == "system") || (logo != null && logo == "system")); + } } }