mauricelambert · mauricelambert · Jun 13, 2024 · Apr 7, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/.github/workflows/ZAP2.yml b/.github/workflows/ZAP2.yml
@@ -31,9 +31,8 @@ jobs:
  python3.11 -m WebScripts --accept-unauthenticated-user --accept-unknow-user --blacklist-time 0 --auth-failures-to-blacklist 99999 & 
 
  - name: ZAP Scan
- uses: zaproxy/action-full-scan@v0.2.0
+ uses: zaproxy/action-full-scan@master
  with:
- docker_name: 'owasp/zap2docker-stable'
  target: 'http://127.0.0.1:8000'
  cmd_options: '-a'
  fail_action: false

diff --git a/PKG-INFO b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: WebScripts
-Version: 3.0.33
+Version: 3.0.35
 Summary: This tool runs CLI scripts and displays output in a Web Interface.
 Home-page: https://github.com/mauricelambert/WebScripts
 Author: Maurice Lambert

diff --git a/WebScripts.egg-info/PKG-INFO b/WebScripts.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: WebScripts
-Version: 3.0.33
+Version: 3.0.35
 Summary: This tool runs CLI scripts and displays output in a Web Interface.
 Home-page: https://github.com/mauricelambert/WebScripts
 Author: Maurice Lambert

diff --git a/WebScripts/__init__.py b/WebScripts/__init__.py
@@ -23,7 +23,7 @@
 This tool runs CLI scripts and displays output in a Web Interface.
 """
 
-__version__ = "3.0.34"
+__version__ = "3.0.35"
 __author__ = "Maurice Lambert"
 __author_email__ = "mauricelambert434@gmail.com"
 __maintainer__ = "Maurice Lambert"

diff --git a/WebScripts/__main__.py b/WebScripts/__main__.py
@@ -23,7 +23,7 @@
 This tool runs CLI scripts and displays output in a Web Interface.
 """
 
-__version__ = "3.0.34"
+__version__ = "3.0.35"
 __author__ = "Maurice Lambert"
 __author_email__ = "mauricelambert434@gmail.com"
 __maintainer__ = "Maurice Lambert"

diff --git a/WebScripts/config/server.json b/WebScripts/config/server.json
@@ -49,7 +49,7 @@
  "JsonRpc",
  "notification"
  ],
- "modules_path": "./modules/",
+ "modules_path": ["./modules/"],
  "js_path": [
  "./static/js/*.js"
  ],

diff --git a/WebScripts/scripts/passwords/new_password_share.py b/WebScripts/scripts/passwords/new_password_share.py
@@ -3,7 +3,7 @@
 
 ###################
 # This file can share a password securely
-# Copyright (C) 2021, 2022, 2024 Maurice Lambert
+# Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -25,7 +25,7 @@
 This file can share a password securely.
 """
 
-__version__ = "1.0.1"
+__version__ = "1.0.2"
 __author__ = "Maurice Lambert"
 __author_email__ = "mauricelambert434@gmail.com"
 __maintainer__ = "Maurice Lambert"
@@ -39,7 +39,7 @@
 __url__ = "https://github.com/mauricelambert/WebScripts"
 
 copyright = """
-WebScripts Copyright (C) 2021, 2022, 2024 Maurice Lambert
+WebScripts Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
 This program comes with ABSOLUTELY NO WARRANTY.
 This is free software, and you are welcome to redistribute it
 under certain conditions.
@@ -144,29 +144,11 @@ def get_printable(password: bytes, key: bytes) -> Tuple[str, str]:
 
 def get_url(token: str) -> str:
  """
- This function build an URL to get
+ This returns the relative URL to get
  the password share.
-
- This function comes from PEP-3333:
- - https://www.python.org/dev/peps/pep-3333/#url-reconstruction
  """
 
- url = environ["wsgi.url_scheme"] + "://"
-
- if environ.get("HTTP_HOST"):
- url += environ["HTTP_HOST"]
- else:
- url += environ["SERVER_NAME"]
-
- if environ["wsgi.url_scheme"] == "https":
- if environ["SERVER_PORT"] != "443":
- url += ":" + environ["SERVER_PORT"]
- else:
- if environ["SERVER_PORT"] != "80":
- url += ":" + environ["SERVER_PORT"]
-
- url += f"get_password_share.py?token={quote(token)}"
- return url
+ return "./get_password_share.py?token=" + quote(token)
 
 
 def main() -> int:

diff --git a/WebScripts/static/html/index.html b/WebScripts/static/html/index.html
@@ -6,7 +6,7 @@
 <table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading">
 <tr bgcolor="#9286C2">
 <td valign=bottom>&nbsp;<br>
-<font color="#ffffff" face="helvetica, arial">&nbsp;<br><big><big><strong>__init__</strong></big></big> (version 3.0.33)</font></td
+<font color="#ffffff" face="helvetica, arial">&nbsp;<br><big><big><strong>__init__</strong></big></big> (version 3.0.35)</font></td
 ><td align=right valign=bottom
 ><font color="#ffffff" face="helvetica, arial"><a href=".">index</a><br><a href="__init__.py">__init__.py</a></font></td></tr></table>
  <p><tt>This&nbsp;tool&nbsp;runs&nbsp;CLI&nbsp;scripts&nbsp;and&nbsp;displays&nbsp;output&nbsp;in&nbsp;a&nbsp;Web&nbsp;Interface.</tt></p>

diff --git a/WebScripts/static/js/webscripts_script_js_scripts.js b/WebScripts/static/js/webscripts_script_js_scripts.js
@@ -1,7 +1,7 @@
 /*
 
  Scripts for script.html
- Copyright (C) 2021, 2022 Maurice Lambert
+ Copyright (C) 2021, 2022, 2024 Maurice Lambert
 
  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -1338,18 +1338,19 @@ class ShortTable {
  let table = this.closest('table');
  let id = Array.from(this.parentNode.children).indexOf(this);
 
- Array.from(table.querySelectorAll('tr:nth-child(n+2)'))
+ Array.from(table.querySelectorAll('tbody > tr'))
+ .filter(tr => table == tr.closest('table'))
  .sort(ShortTable.prototype.get_callback(id, window.ascendant = !
  window.ascendant))
- .forEach(line => table.appendChild(line));
+ .forEach(line => line.parentNode.appendChild(line));
  }
 
  /*
  This function adds listeners on each table headers.
  */
  add_listeners() {
 
- document.querySelectorAll('th').forEach((header) => {
+ Array.from(document.querySelectorAll('th')).forEach((header) => {
  if (!header.have_short_event) {
  header.addEventListener('click', ShortTable
  .prototype.event.bind(header));

diff --git a/WebScripts/static/templates/script.html b/WebScripts/static/templates/script.html
@@ -27,7 +27,7 @@
  <link rel="stylesheet" type="text/css" href="%(subpath)sstatic/webscripts_style.css" integrity="sha512-hn9MUcYe4YQLkgIXDHwxakJ89R4IZl/M3RbJLcJsw8NjkPKyviVLuGj/TVQ016w7upj6x2TVbOhXqJBRwhZ5Cg==">
  <link rel="stylesheet" type="text/css" href="%(subpath)sstatic/webscripts_script_style.css" integrity="sha512-sRgxcUILghgOO/kSIGuJ/GaTsu0IMhKPMCeToWrQHjm1puraV0yqi476xMZrVNiKd+hAWCxrR39jxJdyylmDnA==">
  <script type="text/javascript" src="%(subpath)sjs/webscripts_js_scripts.js" integrity="sha512-uAGwtr6/fo9DjmY3UipxyYIFWGq4eDPWPa2iYMTFX5TPh3f+LPTyTG+CASiH3z8PK9Qf8VIyfzd8yZmycVJkwg=="></script>
- <script type="text/javascript" src="%(subpath)sjs/webscripts_script_js_scripts.js" integrity="sha512-OjcVV+fQY6xheL8919kMQkV24qWeqBSTFDSs3YDGG1gwZQymaEdR1aNak3Xjr/quIergwh/zg48v4d7caOSzPQ=="></script>
+ <script type="text/javascript" src="%(subpath)sjs/webscripts_script_js_scripts.js" integrity="sha512-qb2wIBtSsCrrs8/Z7hjMDMvKJ6sT4n3NepWhyuHsw0+ncr5xMXTY6Y4bPImjinFtgEPKbubPyK896IreKgM5JA=="></script>
  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; navigate-to 'self'; worker-src 'none'; style-src-elem 'self'; style-src-attr 'none'; style-src 'self'; script-src-attr 'none'; object-src 'none'; media-src 'none'; manifest-src 'none'; connect-src 'self'; font-src 'none'; img-src 'self'; base-uri 'none'; child-src 'none'; form-action 'none'; script-src 'self' 'nonce-%(nonce)s' 'require-trusted-types-for'">
  </head>
 

diff --git a/docs/Modules.md b/docs/Modules.md
@@ -86,6 +86,56 @@ def example3(
 
 The `arguments` and `inputs` lists are built if you respect the default JSON body of *WebScripts Server*. If the body of the request is JSON without `arguments` *key*/*attribute*, `arguments` will be a *dict* or *list*. If the body of the request is not JSON, `arguments` will be *bytes*.
 
+#### Examples
+
+1. WebScripts request:
+
+```
+POST /ModuleName/ClassName/method_name/little_string_argument HTTP/1.1
+Host: webscripts.local
+User-Agent: WebScripts client
+Origin: http://127.0.0.1:8000
+Content-Type: application/json
+
+{"arguments": {"arg1": {"value": "my argument", "input": false}, "--optional-arg1": {"value": "WebScripts is good !", "input": false}, "arg1": {"value": "my input", "input": true}}}
+```
+
+ - `filename` will be `little_string_argument`
+ - `arguments` will be a list with `my argument`, `--optional-arg1` and `WebScripts is good !` as values (`arg1` don't start with `-`: is not in the list, but `--optional-arg1` start with `-`: is in the arguments list)
+ - `inputs` will be a list with `my input` as values
+
+2. JSON request:
+
+```
+POST /ModuleName/ClassName/method_name/ HTTP/1.1
+Host: webscripts.local
+User-Agent: WebScripts client
+Origin: http://127.0.0.1:8000
+Content-Type: application/json
+
+{"my dict": {"my list": [1, 2.5], "my string": "WebScripts is good !", "my int": 678, "my float": 45.6, "null": null, "true": true, "false": false}}
+```
+
+ - `filename` will be empty string
+ - `arguments` will be a dict: `{"my dict": {"my list": [1, 2.5], "my string": "WebScripts is good !", "my int": 678, "my float": 45.6, "null": None, "true": True, "false": False}}`
+ - `inputs` will be a empty list
+
+3. Others request:
+
+```
+POST /ModuleName/ClassName/method_name/xml_is_bad HTTP/1.1
+Host: webscripts.local
+User-Agent: WebScripts client
+Origin: http://127.0.0.1:8000
+Content-Type: application/xml
+
+<ilove>JSON</ilove>
+```
+
+ - `filename` will be a string with `xml_is_bad` as value
+ - `arguments` will be bytes with `<ilove>JSON</ilove>` as value (you can send binary data, like archives, images, office documents, executables, ect...)
+ - `inputs` will be a empty list
+
 ### Return
 
  1. Response `HTTP code` (`str`): the HTTP status of the response, the first three digits are required (example: `200 OK`)

diff --git a/requirenments.txt b/requirenments.txt