App-Foca
view release on metacpan or search on metacpan
All commands that Foca knows about it are listed in a YAML file. Foca
uses a default timeout value for all commands but with this YAML file
you can give a specific timeout to a specific command. All commands are
executed with IPC (open3).
Now the question is.. is Foca secure? Well it depends on you. Depends if
you run it as non-root user and the commands you define. Foca will try
to do things to protect, for example it will reject all requests that
have pipes (|), I/O redirection (>, <, <<, >>), additionally the HTTP
request will be validated before it gets executed via the call of
"validate_request()" (App::Foca returns true all the time so if you want
to add extra functionality please create a subclass and re-define the
method).
EXAMPLE
my $server = App::Foca::Server->new(
port => $port,
commands_file => $commands,
commands_timeout => $timeout,
debug => $debug);
prepare_foca_response($connection, $request)
Prepares a response (HTTP::Response) for a given foca request
(HTTP::Request).
build_response($code, $body)
Builds a HTTP response ("HTTP::Response") based on the given HTTP status
code and optionally adds a body.
Returns a "HTTP::Response" so it can be send via the opened connection.
validate_request($command, $request)
re-define this method if you want to add some extra security. By default
all requests are valid at this point.
run_cmd($connection, $name, $cmd, $params)
Runs whatever the command is and sets a timeout to it. If it takes too
long then it will try to kill the process.
Depending on the settings given to the command it will return the STDOUT
or STDERR or even both. The rules are:
lib/App/Foca/Server.pm view on Meta::CPAN
returned as a HTTP response.
All commands that Foca knows about it are listed in a YAML file. Foca uses a
default timeout value for all commands but with this YAML file you can give
a specific timeout to a specific command. All commands are executed with IPC
(open3).
Now the question is.. is Foca secure? Well it depends on you. Depends if you
run it as non-root user and the commands you define. Foca will try to do
things to protect, for example it will reject all requests that have pipes (|),
I/O redirection (>, <, <<, >>), additionally the HTTP request will be validated
before it gets executed via the call of C<validate_request()> (L<App::Foca::Server>
returns true all the time so if you want to add extra functionality please
create a subclass and re-define the method).
=head1 EXAMPLE
my $server = App::Foca::Server->new(
port => $port,
commands_file => $commands,
commands_timeout => $timeout,
debug => $debug);
lib/App/Foca/Server.pm view on Meta::CPAN
$commands = {} unless $commands;
unless ($commands) {
log_error("There are no commands available");
return $self->build_response(HTTP_NOT_IMPLEMENTED, "No commands available");
}
# Ok, the command is valid?
unless ($commands->{$command}) {
return $self->build_response(HTTP_NOT_FOUND, "Unknown command");
}
# Validate request
my ($is_valid, $msg) = $self->validate_request($command, $request);
unless ($is_valid) {
if ($msg) {
return $self->build_response(HTTP_FORBIDDEN, $msg);
} else {
return $self->build_response(HTTP_FORBIDDEN);
}
}
my ($code, $output) = $self->run_cmd(
$connection,
lib/App/Foca/Server.pm view on Meta::CPAN
Returns a C<HTTP::Response> so it can be send via the opened connection.
=cut
sub build_response {
my ($self, $code, $body) = @_;
my $res = HTTP::Response->new($code, status_message($code));
my %default_headers = (
pragma => "must-revalidate, no-cache, no-store, expires: -1",
no_cache => 1,
expires => -1,
cache_control => "no-cache, no-store, must-revalidate",
content_type => 'text/plain',
);
while(my($k, $v) = each %default_headers) {
$res->header($k, $v);
}
# A body?
$res->content($body) if $body;
return $res;
}
=head2 B<validate_request($command, $request)>
re-define this method if you want to add some extra security. By default all
requests are valid at this point.
=cut
sub validate_request {
my ($self, $command, $request) = @_;
return 1;
}
=head2 B<run_cmd($connection, $name, $cmd, $params)>
Runs whatever the command is and sets a timeout to it. If it takes too long
then it will try to kill the process.
( run in 0.263 second using v1.01-cache-2.11-cpan-4d50c553e7e )