APPRISE_ALLOW_SERVICES and APPRISE_DENY_SERVICES globals added (#64)

This commit is contained in:
Chris Caron 2021-12-01 21:28:02 -05:00 committed by GitHub
parent efe88a52d3
commit 2943bce981
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 445 additions and 7 deletions

View File

@ -197,6 +197,9 @@ The use of environment variables allow you to provide over-rides to default sett
| `APPRISE_STATELESS_URLS` | For a non-persistent solution, you can take advantage of this global variable. Use this to define a default set of Apprise URLs to notify when using API calls to `/notify`. If no `{KEY}` is defined when calling `/notify` then the URLs defined here are used instead. By default, nothing is defined for this variable. | `APPRISE_STATELESS_URLS` | For a non-persistent solution, you can take advantage of this global variable. Use this to define a default set of Apprise URLs to notify when using API calls to `/notify`. If no `{KEY}` is defined when calling `/notify` then the URLs defined here are used instead. By default, nothing is defined for this variable.
| `APPRISE_STATEFUL_MODE` | This can be set to the following possible modes:<br/>📌 **hash**: This is also the default. It stores the server configuration in a hash formatted that can be easily indexed and compressed.<br/>📌 **simple**: Configuration is written straight to disk using the `{KEY}.cfg` (if `TEXT` based) and `{KEY}.yml` (if `YAML` based).<br/>📌 **disabled**: Straight up deny any read/write queries to the servers stateful store. Effectively turn off the Apprise Stateful feature completely. | `APPRISE_STATEFUL_MODE` | This can be set to the following possible modes:<br/>📌 **hash**: This is also the default. It stores the server configuration in a hash formatted that can be easily indexed and compressed.<br/>📌 **simple**: Configuration is written straight to disk using the `{KEY}.cfg` (if `TEXT` based) and `{KEY}.yml` (if `YAML` based).<br/>📌 **disabled**: Straight up deny any read/write queries to the servers stateful store. Effectively turn off the Apprise Stateful feature completely.
| `APPRISE_CONFIG_LOCK` | Locks down your API hosting so that you can no longer delete/update/access stateful information. Your configuration is still referenced when stateful calls are made to `/notify`. The idea of this switch is to allow someone to set their (Apprise) configuration up and then as an added security tactic, they may choose to lock their configuration down (in a read-only state). Those who use the Apprise CLI tool may still do it, however the `--config` (`-c`) switch will not successfully reference this access point anymore. You can however use the `apprise://` plugin without any problem ([see here for more details](https://github.com/caronc/apprise/wiki/Notify_apprise_api)). This defaults to `no` and can however be set to `yes` by simply defining the global variable as such. | `APPRISE_CONFIG_LOCK` | Locks down your API hosting so that you can no longer delete/update/access stateful information. Your configuration is still referenced when stateful calls are made to `/notify`. The idea of this switch is to allow someone to set their (Apprise) configuration up and then as an added security tactic, they may choose to lock their configuration down (in a read-only state). Those who use the Apprise CLI tool may still do it, however the `--config` (`-c`) switch will not successfully reference this access point anymore. You can however use the `apprise://` plugin without any problem ([see here for more details](https://github.com/caronc/apprise/wiki/Notify_apprise_api)). This defaults to `no` and can however be set to `yes` by simply defining the global variable as such.
| `APPRISE_DENY_SERVICES` | A comma separated set of entries identifying what plugins to deny access to. You only need to identify one schema entry associated with a plugin to in turn disable all of it. Hence, if you wanted to disable the `glib` plugin, you do not need to additionally include `qt` as well since it's included as part of the (`dbus`) package; consequently specifying `qt` would in turn disable the `glib` module as well (another way to acomplish the same task). To exclude/disable more the one upstream service, simply specify additional entries separated by a `,` (comma) or ` ` (space). The `APPRISE_DENY_SERVICES` entries are ignored if the `APPRISE_ALLOW_SERVICES` is identified. By default, this is initialized to `windows, dbus, gnome, macos, syslog` (blocking local actions from being issued inside of the docker container)
| `APPRISE_ALLOW_SERVICES` | A comma separated set of entries identifying what plugins to allow access to. You may only use alpha-numeric characters as is the restriction of Apprise Schemas (schema://) anyway. To exclusivly include more the one upstream service, simply specify additional entries separated by a `,` (comma) or ` ` (space). The `APPRISE_DENY_SERVICES` entries are ignored if the `APPRISE_ALLOW_SERVICES` is identified.
| `SECRET_KEY` | A Django variable acting as a *salt* for most things that require security. This API uses it for the hash sequences when writing the configuration files to disk (`hash` mode only). | `SECRET_KEY` | A Django variable acting as a *salt* for most things that require security. This API uses it for the hash sequences when writing the configuration files to disk (`hash` mode only).
| `ALLOWED_HOSTS` | A list of strings representing the host/domain names that this API can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations. By default this is set to `*` allowing any host. Use space to delimit more than one host. | `ALLOWED_HOSTS` | A list of strings representing the host/domain names that this API can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations. By default this is set to `*` allowing any host. Use space to delimit more than one host.
| `BASE_URL` | Those who are hosting the API behind a proxy that requires a subpath to gain access to this API should specify this path here as well. By default this is not set at all. | `BASE_URL` | Those who are hosting the API behind a proxy that requires a subpath to gain access to this API should specify this path here as well. By default this is not set at all.

View File

@ -41,7 +41,7 @@ class GetTests(SimpleTestCase):
""" """
# our key to use # our key to use
key = 'test_get_config' key = 'test_get_config_'
# GET returns 405 (not allowed) # GET returns 405 (not allowed)
response = self.client.get('/get/{}'.format(key)) response = self.client.get('/get/{}'.format(key))
@ -49,7 +49,7 @@ class GetTests(SimpleTestCase):
# No content saved to the location yet # No content saved to the location yet
response = self.client.post('/get/{}'.format(key)) response = self.client.post('/get/{}'.format(key))
assert response.status_code == 204 self.assertEqual(response.status_code, 204)
# Add some content # Add some content
response = self.client.post( response = self.client.post(

View File

@ -54,7 +54,7 @@ class JsonUrlsTests(SimpleTestCase):
# Nothing to return # Nothing to return
response = self.client.get('/json/urls/{}'.format(key)) response = self.client.get('/json/urls/{}'.format(key))
assert response.status_code == 204 self.assertEqual(response.status_code, 204)
# Add some content # Add some content
response = self.client.post( response = self.client.post(

View File

@ -22,7 +22,7 @@
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE. # THE SOFTWARE.
from django.test import SimpleTestCase from django.test import SimpleTestCase, override_settings
from unittest.mock import patch from unittest.mock import patch
from ..forms import NotifyForm from ..forms import NotifyForm
import json import json
@ -342,3 +342,153 @@ class NotifyTests(SimpleTestCase):
assert response.status_code == 200 assert response.status_code == 200
assert mock_notify.call_count == 1 assert mock_notify.call_count == 1
assert response['content-type'] == 'text/html' assert response['content-type'] == 'text/html'
@patch('apprise.plugins.NotifyEmail.send')
def test_notify_with_filters(self, mock_send):
"""
Test workings of APPRISE_DENY_SERVICES and APPRISE_ALLOW_SERVICES
"""
# Set our return value
mock_send.return_value = True
# our key to use
key = 'test_notify_with_restrictions'
# Add some content
response = self.client.post(
'/add/{}'.format(key),
{'urls': 'mailto://user:pass@yahoo.ca'})
assert response.status_code == 200
# Preare our JSON data
json_data = {
'body': 'test notifiction',
'type': apprise.NotifyType.WARNING,
}
# Verify by default email is enabled
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is True
# Send our service with the `mailto://` denied
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES="mailto"):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# mailto:// is disabled
assert response.status_code == 424
assert mock_send.call_count == 0
# What actually took place behind close doors:
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is False
# Reset our flag (for next test)
apprise.plugins.SCHEMA_MAP['mailto'].enabled = True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `mailto://` denied
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES="invalid, syslog"):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# mailto:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify that mailto was never turned off
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `mailto://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="mailto"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# mailto:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify email was never turned off
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `mailto://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="invalid, mailtos"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# mailto:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify email was never turned off
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `mailto://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="syslog"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# mailto:// is disabled
assert response.status_code == 424
assert mock_send.call_count == 0
# What actually took place behind close doors:
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is False
# Reset our flag (for next test)
apprise.plugins.SCHEMA_MAP['mailto'].enabled = True
# Reset Mock
mock_send.reset_mock()
# Test case where there is simply no over-rides defined
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify/{}'.format(key),
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is disabled
assert response.status_code == 200
assert mock_send.call_count == 1
# nothing was changed
assert apprise.plugins.SCHEMA_MAP['mailto'].enabled is True

View File

@ -89,6 +89,9 @@ class StatelessNotifyTests(SimpleTestCase):
Test sending multiple notifications where one fails Test sending multiple notifications where one fails
""" """
# Ensure we're enabled for the purpose of our testing
apprise.plugins.SCHEMA_MAP['mailto'].enabled = True
# Set our return value; first we return a true, then we fail # Set our return value; first we return a true, then we fail
# on the second call # on the second call
mock_notify.side_effect = (True, False) mock_notify.side_effect = (True, False)
@ -110,7 +113,7 @@ class StatelessNotifyTests(SimpleTestCase):
assert response.status_code == 424 assert response.status_code == 424
assert mock_notify.call_count == 2 assert mock_notify.call_count == 2
@override_settings(APPRISE_STATELESS_URLS="windows://") @override_settings(APPRISE_STATELESS_URLS="mailto://user:pass@localhost")
@patch('apprise.Apprise.notify') @patch('apprise.Apprise.notify')
def test_notify_default_urls(self, mock_notify): def test_notify_default_urls(self, mock_notify):
""" """
@ -249,3 +252,152 @@ class StatelessNotifyTests(SimpleTestCase):
# Still supported # Still supported
assert response.status_code == 400 assert response.status_code == 400
assert mock_notify.call_count == 0 assert mock_notify.call_count == 0
@patch('apprise.plugins.NotifyJSON.send')
def test_notify_with_filters(self, mock_send):
"""
Test workings of APPRISE_DENY_SERVICES and APPRISE_ALLOW_SERVICES
"""
# Set our return value
mock_send.return_value = True
# Preare our JSON data
json_data = {
'urls': 'json://user:pass@yahoo.ca',
'body': 'test notifiction',
'type': apprise.NotifyType.WARNING,
}
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# Ensure we're enabled for the purpose of our testing
apprise.plugins.SCHEMA_MAP['json'].enabled = True
# Send our service with the `json://` denied
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES="json"):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is disabled
assert response.status_code == 204
assert mock_send.call_count == 0
# What actually took place behind close doors:
assert apprise.plugins.SCHEMA_MAP['json'].enabled is False
# Reset our flag (for next test)
apprise.plugins.SCHEMA_MAP['json'].enabled = True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `json://` denied
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES="invalid, syslog"):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify that json was never turned off
assert apprise.plugins.SCHEMA_MAP['json'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `json://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="json"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify email was never turned off
assert apprise.plugins.SCHEMA_MAP['json'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `json://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="invalid, jsons"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is enabled
assert response.status_code == 200
assert mock_send.call_count == 1
# Verify email was never turned off
assert apprise.plugins.SCHEMA_MAP['json'].enabled is True
# Reset Mock
mock_send.reset_mock()
# Send our service with the `json://` being the only accepted type
with override_settings(APPRISE_ALLOW_SERVICES="syslog"):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is disabled
assert response.status_code == 204
assert mock_send.call_count == 0
# What actually took place behind close doors:
assert apprise.plugins.SCHEMA_MAP['json'].enabled is False
# Reset our flag (for next test)
apprise.plugins.SCHEMA_MAP['json'].enabled = True
# Reset Mock
mock_send.reset_mock()
# Test case where there is simply no over-rides defined
with override_settings(APPRISE_ALLOW_SERVICES=""):
with override_settings(APPRISE_DENY_SERVICES=""):
# Send our notification as a JSON object
response = self.client.post(
'/notify',
data=json.dumps(json_data),
content_type='application/json',
)
# json:// is disabled
assert response.status_code == 200
assert mock_send.call_count == 1
# nothing was changed
assert apprise.plugins.SCHEMA_MAP['json'].enabled is True

View File

@ -46,6 +46,12 @@ import apprise
import json import json
import re import re
# import the logging library
import logging
# Get an instance of a logger
logger = logging.getLogger('django')
# Content-Type Parsing # Content-Type Parsing
# application/x-www-form-urlencoded # application/x-www-form-urlencoded
# application/x-www-form-urlencoded # application/x-www-form-urlencoded
@ -560,6 +566,63 @@ class NotifyView(View):
status=status, status=status,
) )
#
# Apply Any Global Filters (if identified)
#
if settings.APPRISE_ALLOW_SERVICES:
alphanum_re = re.compile(
r'^(?P<name>[a-z][a-z0-9]+)', re.IGNORECASE)
entries = \
[alphanum_re.match(x).group('name').lower()
for x in re.split(r'[ ,]+', settings.APPRISE_ALLOW_SERVICES)
if alphanum_re.match(x)]
for plugin in set(apprise.plugins.SCHEMA_MAP.values()):
if entries:
# Get a list of the current schema's associated with
# a given plugin
schemas = set(apprise.plugins.details(plugin)
['tokens']['schema']['values'])
# Check what was defined and see if there is a hit
for entry in entries:
if entry in schemas:
# We had a hit; we're done
break
if entry in schemas:
entries.remove(entry)
# We can keep this plugin enabled and move along to the
# next one...
continue
# if we reach here, we have to block our plugin
plugin.enabled = False
for entry in entries:
# Generate some noise for those who have bad configurations
logger.warning(
'APPRISE_ALLOW_SERVICES plugin %s:// was not found - '
'ignoring.', entry)
elif settings.APPRISE_DENY_SERVICES:
alphanum_re = re.compile(
r'^(?P<name>[a-z][a-z0-9]+)', re.IGNORECASE)
entries = \
[alphanum_re.match(x).group('name').lower()
for x in re.split(r'[ ,]+', settings.APPRISE_DENY_SERVICES)
if alphanum_re.match(x)]
for name in entries:
try:
# Force plugin to be disabled
apprise.plugins.SCHEMA_MAP[name].enabled = False
except KeyError:
logger.warning(
'APPRISE_DENY_SERVICES plugin %s:// was not found -'
' ignoring.', name)
# Prepare ourselves a default Asset # Prepare ourselves a default Asset
asset = None if not body_format else \ asset = None if not body_format else \
apprise.AppriseAsset(body_format=body_format) apprise.AppriseAsset(body_format=body_format)
@ -648,7 +711,7 @@ class NotifyView(View):
# the response to a 424 error code # the response to a 424 error code
msg = _('One or more notification could not be sent.') msg = _('One or more notification could not be sent.')
status = ResponseCode.failed_dependency status = ResponseCode.failed_dependency
return HttpResponse(msg, status=status) \ return HttpResponse(response if response else msg, status=status) \
if not json_response else JsonResponse({ if not json_response else JsonResponse({
'error': msg, 'error': msg,
}, },
@ -726,6 +789,63 @@ class StatelessNotifyView(View):
asset = None if not body_format else \ asset = None if not body_format else \
apprise.AppriseAsset(body_format=body_format) apprise.AppriseAsset(body_format=body_format)
#
# Apply Any Global Filters (if identified)
#
if settings.APPRISE_ALLOW_SERVICES:
alphanum_re = re.compile(
r'^(?P<name>[a-z][a-z0-9]+)', re.IGNORECASE)
entries = \
[alphanum_re.match(x).group('name').lower()
for x in re.split(r'[ ,]+', settings.APPRISE_ALLOW_SERVICES)
if alphanum_re.match(x)]
for plugin in set(apprise.plugins.SCHEMA_MAP.values()):
if entries:
# Get a list of the current schema's associated with
# a given plugin
schemas = set(apprise.plugins.details(plugin)
['tokens']['schema']['values'])
# Check what was defined and see if there is a hit
for entry in entries:
if entry in schemas:
# We had a hit; we're done
break
if entry in schemas:
entries.remove(entry)
# We can keep this plugin enabled and move along to the
# next one...
continue
# if we reach here, we have to block our plugin
plugin.enabled = False
for entry in entries:
# Generate some noise for those who have bad configurations
logger.warning(
'APPRISE_ALLOW_SERVICES plugin %s:// was not found - '
'ignoring.', entry)
elif settings.APPRISE_DENY_SERVICES:
alphanum_re = re.compile(
r'^(?P<name>[a-z][a-z0-9]+)', re.IGNORECASE)
entries = \
[alphanum_re.match(x).group('name').lower()
for x in re.split(r'[ ,]+', settings.APPRISE_DENY_SERVICES)
if alphanum_re.match(x)]
for name in entries:
try:
# Force plugin to be disabled
apprise.plugins.SCHEMA_MAP[name].enabled = False
except KeyError:
logger.warning(
'APPRISE_DENY_SERVICES plugin %s:// was not found -'
' ignoring.', name)
# Prepare our apprise object # Prepare our apprise object
a_obj = apprise.Apprise(asset=asset) a_obj = apprise.Apprise(asset=asset)

View File

@ -150,3 +150,16 @@ APPRISE_STATELESS_URLS = os.environ.get('APPRISE_STATELESS_URLS', '')
# - simple: content is just written straight to disk 'as-is' # - simple: content is just written straight to disk 'as-is'
# - disabled: disable all stateful functionality # - disabled: disable all stateful functionality
APPRISE_STATEFUL_MODE = os.environ.get('APPRISE_STATEFUL_MODE', 'hash') APPRISE_STATEFUL_MODE = os.environ.get('APPRISE_STATEFUL_MODE', 'hash')
# Our Apprise Deny List
# - By default we disable all non-remote calling servicess
# - You do not need to identify every schema supported by the service you
# wish to disable (only one). For example, if you were to specify
# xml, that would include the xmls entry as well (or vs versa)
APPRISE_DENY_SERVICES = os.environ.get('APPRISE_DENY_SERVICES', ','.join((
'windows', 'dbus', 'gnome', 'macosx', 'syslog')))
# Our Apprise Exclusive Allow List
# - anything not identified here is denied/disabled)
# - this list trumps the APPRISE_DENY_SERVICES identified above
APPRISE_ALLOW_SERVICES = os.environ.get('APPRISE_ALLOW_SERVICES', '')

View File

@ -1,6 +1,6 @@
django django
cryptography == 3.3.2 cryptography == 3.3.2
apprise == 0.9.5.1 apprise == 0.9.6
# 3rd party service support # 3rd party service support
slixmpp slixmpp