admin_tools_ennder 1.3.20

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 914697432a11230253094fb760a955bb70acf1ed48cad60666cd90c2e26a503f
+  data.tar.gz: 7f6c9d5c95756f9a65f55ca60307e6ca1daeda7b9e08bb62f6efb84729ee5fe7
+SHA512:
+  metadata.gz: 4ca48d5aac8bd546ea828c500ed33cc35d9d2d753f6c892c62d6401f7172d5d2227cba82a984a9f2250f1a3b6807acbea81fd8d620c7099a7713bf952e545794
+  data.tar.gz: b3c1a0c5c2ed2616bd082593500674b865e7b2f7bb2ab8db250d84acfdb16b08dc9e28c4fb8150ce44cffca5492a347327034d6d0d4259b63887f03fe8abd0c5

data/Changelog

@@ -0,0 +1,158 @@
+== 1.3.20 / 2018-09-21
+* commands controller : http authentication password compromission fixed
+DO NOT USE previous gem versions, they can be used to execute arbitrary commands on your server !
+
+== 1.3.19 / 2018-09-13
+* commands controller : protected attributes
+
+== 1.3.18 / 2018-09-13
+* migration version = 5.0
+
+== 1.3.17 / 2018-09-13
+* migration with version if Rails 5+
+
+== 1.3.16 / 2018-09-13
+* fixed previous fix, sorry !
+
+== 1.3.15 / 2018-09-13
+* fixed before_filter renamed before_action in Rails 5.1
+
+== 1.3.14 / 2018-04-27
+* avoid 2 warnings
+gems/admin_tools_ennder-1.3.12/app/controllers/commands_controller.rb:110: warning: assigned but unused variable - pid
+gems/admin_tools_ennder-1.3.12/app/controllers/commands_controller.rb:110: warning: assigned but unused variable - stdin
+
+== 1.3.13 / 2018-04-27
+* removed
+
+== 1.3.12 / 2017-03-22
+* /admin/routes fixed for Rails 5
+
+== 1.3.11 / 2017-03-21
+* test with ruby 2.3
+
+== 1.3.8 / 2016-02-04
+* css id on command_result pre in action command/new
+
+== 1.3.7 / 2016-02-03
+* bugfix : command/new
+
+== 1.3.6 / 2016-02-03
+* bugfix : error messages partial
+
+== 1.3.5 / 2016-02-03
+* error messages partial
+
+== 1.3.4 / 2016-02-03
+* Compatibility : Rails 3+4
+
+== 1.3.3 / 2014-03-16
+* GMM : sort models
+
+== 1.3.2 / 2014-02-23
+* GMM : display model relations with type
+
+== 1.3.1 / 2014-02-23
+* GMM : display model relations
+
+== 1.3.0 / 2014-02-16
+* new admin page : Global Model Manipulation (GMM)
+
+== 1.2.12 / 2011-12-22
+* info version de Ruby dans le menu admin
+
+== 1.2.11 / 2011-06-08
+* Utilisation de Rails.application.routes pour Rails 3
+
+== 1.2.10 / 2011-05-12
+* Infos Urls : Rails 3 request_uri => fullpath
+
+== 1.2.9 / 2011-03-28
+* Urls liens d'admin générées par rails
+
+== 1.2.8 / 2011-03-28
+* route admin/menu
+* correction annomalie route admin/gems
+
+== 1.2.7 / 2011-03-28
+* tests quasi complets
+* liste Gems de l'appli pour Rails 3
+
+== 1.2.5 / 2011-03-28
+* correction anomalie menu admin_menu
+
+== 1.2.4 / 2011-03-25
+* portage à rails 3 avec un engine pour les routes
+
+== 1.2.4 / 2011-03-24
+* portage à rails 3
+* tests inclus dans les applis test_gems_ennder_rails{2, 3}
+
+== 1.2.3 / 2011-02-09
+* changement mot de passe admin : execution de commandes
+* titre info gems : gems chargés
+
+== 1.2.2 / 2011-02-07
+* Correction anomalie liste des chemins
+
+== 1.2.0 / 2011-02-06
+* Nouvelle page liste des gems
+
+== 1.2.1 / 2011-02-07
+* Infos liste des gems OK
+* Ajout liste des chemin source des Gems
+
+== 1.1.11 / 2011-02-05
+* execute_command dans la bonne action
+
+== 1.1.10 / 2011-02-04
+* Ajout lien execute dans le show
+* Ajout partiel _execute_results pour l'utiliser dans les action new et execute
+
+== 1.1.9 / 2011-02-04
+* correction erreur sur nouvelle route execute dans la vue, manquait le param commande
+
+== 1.1.8 / 2011-02-04
+* correction erreur sur nouvelle route execute dans la vue
+
+== 1.1.7 / 2011-02-04
+* correction erreur sur nouvelle route execute
+
+== 1.1.6 / 2011-02-04
+* gestion exception sur execution commande
+* possibilité de réexecuter une commande
+
+== 1.1.5 / 2011-02-04
+* correction erreur sur précédente évolution
+
+== 1.1.4 / 2011-02-03
+* execution de commande, infos stderr
+
+== 1.1.3 / 2011-01-24
+* ajout mention exemple dans inflexions
+
+== 1.1.2 / 2011-01-03
+* Correction erreur dans le menu
+
+== 1.1.1 / 2011-01-03
+* Déplacement de routes_custom.rb dans lib/config
+
+== 1.1.0 / 2011-01-03
+
+* Ajout dynamique des nouvelles routes
+* Renommage de la page admin_routes_infos en admin_routes
+
+== 1.0.0 / 2011-01-02
+
+* 1 major enhancement
+Migration en Gem, et posé sur RubyGem
+
+== 0.9.9 / 2010-12-31
+* Posé sur GitHub
+git remote add origin git@github.com:Ennder/admin_tools_ennder.git
+
+== 0.9.0 / 2010-09-08
+* Ajout de la route pour la page de menu
+
+== 0.1.0 / 2010-05-05
+* Création Plugin

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2016 Ennder
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,89 @@
+# admin_tools_ennder
+===========
+
+Pages informatives de test et de développement
+
+- DO NOT USE previous gem versions before 1.3.20, they can be used to execute arbitrary commands on your server !
+
+Features
+--------
+
+1. Ajoute une page de menu d'admin
+2. Ajoute tous les sous-menus de cette page
+
+La page de menu a pour Url : /admin/menu (route automatique : **admin_menu_url**)
+
+**Menu**
+
+* Liste des inflexions
+* Liste des traductions
+* Liste des routes
+* Liste des gems
+<br/>
+* Liste des processus du serveur
+* Liste des processus du serveur (metal)
+<br/>
+* Infos de developpement
+* Infos de l'Url courante
+<br/>
+* Execution de commandes shell
+* Télécharger un fichier
+
+Unsolved problems :
+No tests developped
+
+Examples
+--------
+
+    <%= link_to "Menu d'administration", admin_menu_url %>
+
+Requirements
+------------
+
+- Rails 3 or greater
+- gem Open4 pour l'execution des commandes
+- a file named : config/auth_password_admin.secret in your app :
+Containing the http authentication password needed for the commands controller
+
+Install
+-------
+
+- install the gem manually
+[sudo] gem install admin_tools_ennder
+Or
+- add id to your Gemfile
+- Create a file containing the http authentication password needed for the commands controller
+echo '<A PASSWORD>' >config/auth_password_admin.secret
+Change <A PASSWORD> for a reliable password.
+
+Author
+------
+
+Original author: Ennder
+
+License
+-------
+
+(The MIT License)
+
+Copyright (c) 2010-2016 Ennder
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/Rakefile

@@ -0,0 +1,2 @@
+task :default => 'test:run'
+task 'gem:release' => 'test:run'

data/app/controllers/admin_dev_infos_controller.rb

@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+class AdminDevInfosController < ApplicationController
+	def index
+		respond_to do |format|
+			format.html # index.html.erb
+		end
+	end
+
+	def show
+		if params[:nom_objet].blank?
+			flash[:notice] = 'Il faut spécifier un nom de Classe.'
+			redirect_to( :action => :index )
+
+			return
+		end
+
+		_defini = false
+		begin
+			#Exceptions enterrées
+			_defini = Object.const_defined?(params[:nom_objet])
+		rescue
+		end
+
+		if ! _defini
+			flash[:notice] = "La Classe #{params[:nom_objet]} n'existe pas."
+			redirect_to( :action => :index )
+
+			return
+		end
+
+		_La_classe = Object::const_get(params[:nom_objet])
+
+		if ! _La_classe.respond_to?(:new)
+			flash[:notice] = "La Classe #{_La_classe} ne fournit pas la méthode new()."
+			redirect_to( :action => :index )
+
+			return
+		end
+
+		@l_objet = _La_classe.new()
+
+		respond_to do |format|
+			format.html # show.html.erb
+		end
+	end
+end

data/app/controllers/admin_gems_controller.rb

@@ -0,0 +1,24 @@
+if Rails::VERSION::MAJOR >= 3
+	require 'bundler'
+end
+
+class AdminGemsController < ApplicationController
+	def index
+		#mygems = Bundler.load.specs.map { |spec| spec.name }
+
+		if Rails::VERSION::MAJOR < 3
+			application_gems = Rails.configuration.gems
+		else
+			application_gems = Bundler.load.specs
+		end
+
+		@application_gems = application_gems.collect{|g|
+			[
+				g.name,
+				( (Rails::VERSION::MAJOR < 3) ? g.requirement : g.version.to_s ) || '?'
+			]
+		}.sort!{|a, b|
+			a[0] <=> b[0]
+		}
+	end
+end

data/app/controllers/admin_inflexions_controller.rb

@@ -0,0 +1,6 @@
+class AdminInflexionsController < ApplicationController
+	def index
+		@inflections_plur = ActiveSupport::Inflector.inflections.plurals
+		@inflections_sing = ActiveSupport::Inflector.inflections.singulars
+	end
+end

data/app/controllers/admin_menu_controller.rb

@@ -0,0 +1,2 @@
+class AdminMenuController < ApplicationController
+end

data/app/controllers/admin_routes_controller.rb

@@ -0,0 +1,21 @@
+class AdminRoutesController < ApplicationController
+	def index
+		if Rails::VERSION::MAJOR >= 3
+			all_routes = Rails.application.routes
+		else
+			all_routes = ActionController::Routing::Routes
+		end
+
+		if all_routes.named_routes.respond_to?(:routes)
+			@routes_hash = all_routes.routes
+			@named_routes_hash = all_routes.named_routes.routes
+		else
+			@routes_hash = all_routes.routes.to_a
+			@named_routes_hash = all_routes.named_routes.to_a
+		end
+
+		respond_to do |format|
+			format.html # index.html.erb
+		end
+	end
+end

data/app/controllers/admin_send_file_controller.rb

@@ -0,0 +1,8 @@
+class AdminSendFileController < ApplicationController
+	def index
+	end
+
+	def download
+		send_file params[:chemin], :type=>"video/x-msvideo", :x_sendfile=>true
+	end
+end

data/app/controllers/admin_translations_controller.rb

@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+class AdminTranslationsController < ApplicationController
+	def index
+		#TODO Ennder correction : Rails 3 ? I18n.backend.send(:translations) renvoie une liste vide
+		begin
+			@traductions_all = I18n.backend.send(:translations)
+		rescue _exception
+			@traductions_all = []
+			logger.error "échec I18n.backend.send(:translations) [#{_exception.message}]"
+		end
+		logger.debug "[#{@traductions_all.size}] traduction(s)"
+
+		@locales_list = I18n.available_locales.inject(''){ |list, l|
+			list << '&nbsp;&nbsp;<b>' + l.to_s + '</b>'
+		}
+
+		respond_to do |format|
+			format.html # index.html.erb
+		end
+	end
+end

data/app/controllers/admin_url_infos_controller.rb

@@ -0,0 +1,7 @@
+class AdminUrlInfosController < ApplicationController
+	def index
+		respond_to do |format|
+			format.html # index.html.erb
+		end
+	end
+end

data/app/controllers/application_controller.rb

@@ -0,0 +1,10 @@
+# Filters added to this controller apply to all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+
+class ApplicationController < ActionController::Base
+  helper :all # include all helpers, all the time
+  protect_from_forgery # See ActionController::RequestForgeryProtection for details
+
+  # Scrub sensitive parameters from your log
+  # filter_parameter_logging :password
+end

data/app/controllers/commands_controller.rb

@@ -0,0 +1,152 @@
+require "open4"
+
+class CommandsController < ApplicationController
+  if respond_to?(:before_action)
+    before_action :authenticate_commands, except: [:index, :show, :new, :destroy]
+  else
+    before_filter :authenticate_commands, except: [:index, :show, :new, :destroy]
+  end
+
+  # GET /commands
+  # GET /commands.xml
+  def index
+    @commands_nb = Command.count
+    @commands = Command.all
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @commands }
+    end
+  end
+
+  # GET /commands/1
+  # GET /commands/1.xml
+  def show
+    @command = Command.find(params[:id])
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @command }
+    end
+  end
+
+  # GET /commands/new
+  # GET /commands/new.xml
+  def new
+    @command = Command.new
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @command }
+    end
+  end
+
+  # POST /commands
+  # POST /commands.xml
+  def create
+    @command = Command.new(command_params)
+
+    respond_to do |format|
+      _result = @command.save
+      @commands_nb = Command.count
+      @commands = Command.all
+
+      if _result
+#        @command_result = %x[#{@command.execute.to_s}]
+        execute_command
+
+        @command = Command.new
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @command, :status => :created, :location => @command }
+      else
+        format.html { redirect_to(@command) }
+        format.xml  { render :xml => @command.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # GET /commands/1/execute
+  # GET /commands/1/execute.xml
+  def execute
+    @command = Command.find(params[:id])
+    execute_command
+
+    respond_to do |format|
+      format.html { render :action => "executed" }
+      format.xml  { render :xml => @command }
+    end
+  end
+
+  # GET /commands/1/executed
+  # GET /commands/1/executed.xml
+  def executed
+    @command = Command.find(params[:id])
+
+    respond_to do |format|
+      format.html { render :action => "execute" }
+      format.xml  { render :xml => @command }
+    end
+  end
+
+  # DELETE /commands/1
+  # DELETE /commands/1.xml
+  def destroy
+    @command = Command.find(params[:id])
+    @command.destroy
+
+    respond_to do |format|
+      format.html { redirect_to(commands_url) }
+      format.xml  { head :ok }
+    end
+  end
+
+
+private
+
+  def authenticate_commands
+    authenticate_or_request_with_http_basic do |name, password|
+      auth_password_admin = nil
+      begin
+        auth_password_admin = get_auth_password_admin
+      rescue Exception => e
+        Rails.logger.error "==>commands_controller #{e.message}"
+      end
+
+      if auth_password_admin
+        name == 'admin' && password == auth_password_admin
+      else
+        false
+      end
+    end
+  end
+
+  def execute_command
+    begin
+      # pid, stdin
+      _, _, stdout, stderr = Open4::popen4 @command.execute.to_s
+      @command_result = stdout.read.strip
+      @command_error = stderr.read.strip
+    rescue Exception => e
+      @command_error = "Exception: #{e.inspect}"
+    end
+  end
+
+  def command_params
+    params.require(:command).permit(
+        :execute
+      )
+  end
+
+  def get_auth_password_admin
+    auth_password_file = File.join(Rails.root.to_s, 'config', 'auth_password_admin.secret')
+
+    auth_password_admin = nil
+    if File.readable? auth_password_file
+      auth_password_admin = File.read(auth_password_file).chomp
+    else
+      raise "#{auth_password_file} not found or not readable, can't check http authentification password"
+    end
+
+    auth_password_admin
+  end
+end