Webserver merged with cloned from github

DczAnt · Oct 18, 2021 · 842ec53 · 842ec53
1 parent 34f2a2d
commit 842ec53
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 54 deletions.
diff --git a/webserver/core/modbus_master.cpp b/webserver/core/modbus_master.cpp
@@ -60,7 +60,7 @@ struct MB_address
 
 struct MB_device
 {
-	modbus_t *mb_ctx;
+    modbus_t *mb_ctx;
     char dev_name[100];
     uint8_t protocol;
     char dev_address[100];
@@ -69,9 +69,9 @@ struct MB_device
     char rtu_parity;
     int rtu_data_bit;
     int rtu_stop_bit;
-	int rtu_tx_pause;
+    int rtu_tx_pause;
     uint8_t dev_id;
-	bool isConnected;
+    bool isConnected;
 
     struct MB_address discrete_inputs;
     struct MB_address coils;
@@ -167,8 +167,8 @@ void parseConfig()
                     char temp_buffer[5];
                     getData(line_str, temp_buffer, '"', '"');
                     num_devices = atoi(temp_buffer);
-					//initializes the allocated memory to zero
-					mb_devices = calloc(num_devices, sizeof(struct MB_device));
+                    //initializes the allocated memory to zero
+                    mb_devices = calloc(num_devices, sizeof(struct MB_device));
                 }
                 else if (!strncmp(line_str, "Polling_Period", 14))
                 {
@@ -243,7 +243,7 @@ void parseConfig()
                         getData(line_str, temp_buffer, '"', '"');
                         mb_devices[deviceNumber].rtu_stop_bit = atoi(temp_buffer);
                     }
-					else if (!strncmp(functionType, "RTU_TX_Pause", 12))
+                    else if (!strncmp(functionType, "RTU_TX_Pause", 12))
                     {
                         char temp_buffer[10];
                         getData(line_str, temp_buffer, '"', '"');
@@ -364,27 +364,27 @@ void *querySlaveDevices(void *arg)
         for (int i = 0; i < num_devices; i++)
         {
             //Check if there is a connected RTU device using the same port
-			bool found_sharing = false;
+            bool found_sharing = false;
             bool rtu_port_connected = false;
-			if (mb_devices[i].protocol == MB_RTU)
-			{
-				for (int a = 0; a < num_devices; a++)
-				{
-					if (a != i && !strcmp(mb_devices[i].dev_address, mb_devices[a].dev_address))
-					{
-						found_sharing = true;
-						if (mb_devices[a].isConnected)
-						{
-							rtu_port_connected = true;
-						}
-					}
-				}
-				if (found_sharing)
-				{
-					//Must reset mb context to current device's slave id
-					modbus_set_slave(mb_devices[i].mb_ctx, mb_devices[i].dev_id);
-				}
-			}
+            if (mb_devices[i].protocol == MB_RTU)
+            {
+                for (int a = 0; a < num_devices; a++)
+                {
+                    if (a != i && !strcmp(mb_devices[i].dev_address, mb_devices[a].dev_address))
+                    {
+                        found_sharing = true;
+                        if (mb_devices[a].isConnected)
+                        {
+                            rtu_port_connected = true;
+                        }
+                    }
+                }
+                if (found_sharing)
+                {
+                    //Must reset mb context to current device's slave id
+                    modbus_set_slave(mb_devices[i].mb_ctx, mb_devices[i].dev_id);
+                }
+            }
 
             //Verify if device is connected
             if (!mb_devices[i].isConnected && !rtu_port_connected)
@@ -423,7 +423,7 @@ void *querySlaveDevices(void *arg)
                 //Read discrete inputs
                 if (mb_devices[i].discrete_inputs.num_regs != 0)
                 {
-					sleepms(mb_devices[i].rtu_tx_pause);
+                    sleepms(mb_devices[i].rtu_tx_pause);
                     uint8_t *tempBuff;
                     tempBuff = (uint8_t *)malloc(mb_devices[i].discrete_inputs.num_regs);
                     nanosleep(&ts, NULL); 
@@ -459,7 +459,7 @@ void *querySlaveDevices(void *arg)
                 //Write coils
                 if (mb_devices[i].coils.num_regs != 0)
                 {
-					sleepms(mb_devices[i].rtu_tx_pause);
+                    sleepms(mb_devices[i].rtu_tx_pause);
                     uint8_t *tempBuff;
                     tempBuff = (uint8_t *)malloc(mb_devices[i].coils.num_regs);
 
@@ -492,7 +492,7 @@ void *querySlaveDevices(void *arg)
                 //Read input registers
                 if (mb_devices[i].input_registers.num_regs != 0)
                 {
-					sleepms(mb_devices[i].rtu_tx_pause);
+                    sleepms(mb_devices[i].rtu_tx_pause);
                     uint16_t *tempBuff;
                     tempBuff = (uint16_t *)malloc(2*mb_devices[i].input_registers.num_regs);
                     nanosleep(&ts, NULL); 
@@ -528,7 +528,7 @@ void *querySlaveDevices(void *arg)
                 //Read holding registers
                 if (mb_devices[i].holding_read_registers.num_regs != 0)
                 {
-					sleepms(mb_devices[i].rtu_tx_pause);
+                    sleepms(mb_devices[i].rtu_tx_pause);
                     uint16_t *tempBuff;
                     tempBuff = (uint16_t *)malloc(2*mb_devices[i].holding_read_registers.num_regs);
                     nanosleep(&ts, NULL); 
@@ -563,7 +563,7 @@ void *querySlaveDevices(void *arg)
                 //Write holding registers
                 if (mb_devices[i].holding_registers.num_regs != 0)
                 {
-					sleepms(mb_devices[i].rtu_tx_pause);
+                    sleepms(mb_devices[i].rtu_tx_pause);
                     uint16_t *tempBuff;
                     tempBuff = (uint16_t *)malloc(2*mb_devices[i].holding_registers.num_regs);
 
@@ -615,34 +615,33 @@ void initializeMB()
         }
         else if (mb_devices[i].protocol == MB_RTU)
         {
-			//Check if there is a device using the same port
-			int share_index = -1;
+            //Check if there is a device using the same port
+            int share_index = -1;
             for (int a = 0; a < num_devices && a < i; a++)
             {
                 if (strcmp(mb_devices[i].dev_address, mb_devices[a].dev_address) == 0)
                 {
-					share_index = a;
-					break;
-				}
-
+                    share_index = a;
+                    break;
+                }
+            }
+            if (share_index != -1)
+            {
+                if (mb_devices[i].rtu_baud != mb_devices[share_index].rtu_baud || mb_devices[i].rtu_parity != mb_devices[share_index].rtu_parity || 
+                    mb_devices[i].rtu_data_bit != mb_devices[share_index].rtu_data_bit || mb_devices[i].rtu_stop_bit != mb_devices[share_index].rtu_stop_bit)
+                {
+                    unsigned char log_msg[1000];
+                    sprintf(log_msg, "Warning MB device %s port setting missmatch\n", mb_devices[i].dev_name);
+                    log(log_msg);
+                }
+                mb_devices[i].mb_ctx = mb_devices[share_index].mb_ctx;
             }
-			if (share_index != -1)
-			{
-				if (mb_devices[i].rtu_baud != mb_devices[share_index].rtu_baud || mb_devices[i].rtu_parity != mb_devices[share_index].rtu_parity || 
-					mb_devices[i].rtu_data_bit != mb_devices[share_index].rtu_data_bit || mb_devices[i].rtu_stop_bit != mb_devices[share_index].rtu_stop_bit)
-				{
-					unsigned char log_msg[1000];
-					sprintf(log_msg, "Warning MB device %s port setting missmatch\n", mb_devices[i].dev_name);
-					log(log_msg);
-				}
-				mb_devices[i].mb_ctx = mb_devices[share_index].mb_ctx;
+            else
+            {
+                mb_devices[i].mb_ctx = modbus_new_rtu(mb_devices[i].dev_address, mb_devices[i].rtu_baud,
+                                                mb_devices[i].rtu_parity, mb_devices[i].rtu_data_bit,
+                                                mb_devices[i].rtu_stop_bit);
             }
-			else
-			{
-				mb_devices[i].mb_ctx = modbus_new_rtu(mb_devices[i].dev_address, mb_devices[i].rtu_baud,
-												mb_devices[i].rtu_parity, mb_devices[i].rtu_data_bit,
-												mb_devices[i].rtu_stop_bit);
-			}
         }
 
         //slave id

diff --git a/webserver/webserver.py b/webserver/webserver.py
@@ -892,6 +892,8 @@ def upload_program_action():
         prog_descr = flask.request.form['prog_descr']
         prog_file = flask.request.form['prog_file']
         epoch_time = flask.request.form['epoch_time']
+
+        (prog_name, prog_descr, prog_file, epoch_time) = sanitize_input(prog_name, prog_descr, prog_file, epoch_time)
 
         database = "openplc.db"
         conn = create_connection(database)
@@ -1157,6 +1159,9 @@ def add_modbus_device():
             aow_start = flask.request.form.get('aow_start')
             aow_size = flask.request.form.get('aow_size')
 
+            (devname, devtype, devid, devcport, devbaud, devparity, devdata, devstop, devpause, devip, devport, di_start, di_size, do_start, do_size, ai_start, ai_size, aor_start, aor_size, aow_start, aow_size) \
+                = sanitize_input(devname, devtype, devid, devcport, devbaud, devparity, devdata, devstop, devpause, devip, devport, di_start, di_size, do_start, do_size, ai_start, ai_size, aor_start, aor_size, aow_start, aow_size)
+
             database = "openplc.db"
             conn = create_connection(database)
             if (conn != None):
@@ -1264,7 +1269,7 @@ def modbus_edit_device():
                             port_name = port
                         if (str(row[4]) == port_name):
                             return_str += "<option selected='selected' value'" + port_name + "'>" + port_name + "</option>"
-                        else:     
+                        else:   
                             return_str += "<option value='" + port_name + "'>" + port_name + "</option>"
 
                     return_str += pages.edit_slave_devices_tail
@@ -1329,6 +1334,9 @@ def modbus_edit_device():
             aow_start = flask.request.form.get('aow_start')
             aow_size = flask.request.form.get('aow_size')
 
+            (devname, devtype, devid, devcport, devbaud, devparity, devdata, devstop, devpause, devip, devport, di_start, di_size, do_start, do_size, ai_start, ai_size, aor_start, aor_size, aow_start, aow_size, devid_db) \
+                = sanitize_input(devname, devtype, devid, devcport, devbaud, devparity, devdata, devstop, devpause, devip, devport, di_start, di_size, do_start, do_size, ai_start, ai_size, aor_start, aor_size, aow_start, aow_size, devid_db)
+
             database = "openplc.db"
             conn = create_connection(database)
             if (conn != None):
@@ -1849,6 +1857,9 @@ def add_user():
             username = flask.request.form['user_name']
             email = flask.request.form['user_email']
             password = flask.request.form['user_password']
+
+            (name, username, email) = sanitize_input(name, username, email)
+
             form_has_picture = True
             if ('file' not in flask.request.files):
                 form_has_picture = False
@@ -1977,6 +1988,7 @@ def edit_user():
             username = flask.request.form['user_name']
             email = flask.request.form['user_email']
             password = flask.request.form['user_password']
+            (user_id, name, username, email) = sanitize_input(user_id, name, username, email)
             form_has_picture = True
             if ('file' not in flask.request.files):
                 form_has_picture = False
@@ -2225,6 +2237,8 @@ def settings():
             slave_polling = flask.request.form.get('slave_polling_period')
             slave_timeout = flask.request.form.get('slave_timeout')
 
+            (modbus_port, dnp3_port, enip_port, pstorage_poll, start_run, slave_polling, slave_timeout) = sanitize_input(modbus_port, dnp3_port, enip_port, pstorage_poll, start_run, slave_polling, slave_timeout)
+
             database = "openplc.db"
             conn = create_connection(database)
             if (conn != None):
@@ -2311,6 +2325,40 @@ def create_connection(db_file):
 
    return None
 
+
+#----------------------------------------------------------------------------
+#Returns a generator that yields the sanitized arguments.
+#----------------------------------------------------------------------------
+def sanitize_input(*args):
+   return (escape(a) for a in args)
+
+#----------------------------------------------------------------------------
+# Taken from the html module of the python 3.9 standard library
+# exact lines of code can be found here:
+# https://github.com/python/cpython/blob/3.9/Lib/html/__init__.py#L12
+# Modified to convert to String but preserve NoneType.
+# Preserving NoneType is necessary to ensure program logic is not affected by None being converted to "None",
+# this is relevant in setttings()
+#----------------------------------------------------------------------------
+def escape(s, quote=True):
+    """
+    Replace special characters "&", "<" and ">" to HTML-safe sequences.
+    If the optional flag quote is true (the default), the quotation mark
+    characters, both double quote (") and single quote (') characters are also
+    translated.
+    """
+    if s is None: 
+        return s
+    s = str(s) # force string
+    s = s.replace("&", "&amp;") # Must be done first!
+    s = s.replace("<", "&lt;")
+    s = s.replace(">", "&gt;")
+    if quote:
+        s = s.replace('"', "&quot;")
+        s = s.replace('\'', "&#x27;")
+    return s
+
+
 #----------------------------------------------------------------------------
 #Main dummy function. Only displays a message and exits. The app keeps
 #running on the background by Flask