yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(shell): make restricted_shell prompt more friendly.

This commit is contained in:
zhongwencool 2022-02-07 10:31:00 +08:00
parent b189d594c3
commit f24c05b1bd
2 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
apps/emqx_machine/src/emqx_restricted_shell.erl
View File

@ -30,8 +30,8 @@
-define(RED_BG, "\e[48;2;184;0;0m"). -define(RED_BG, "\e[48;2;184;0;0m").
-define(RESET, "\e[0m"). -define(RESET, "\e[0m").
-define(LOCAL_NOT_ALLOWED, [halt, q]). -define(LOCAL_PROHIBITED, [halt, q]).
-define(NON_LOCAL_NOT_ALLOWED, [{erlang, halt}, {c, q}, {init, stop}, {init, restart}, {init, reboot}]). -define(REMOTE_PROHIBITED, [{erlang, halt}, {c, q}, {init, stop}, {init, restart}, {init, reboot}]).
is_locked() -> is_locked() ->
{ok, false} =/= application:get_env(?APP, ?IS_LOCKED). {ok, false} =/= application:get_env(?APP, ?IS_LOCKED).
@ -51,21 +51,25 @@ prompt_func(PropList) ->
end. end.
local_allowed(MF, Args, State) -> local_allowed(MF, Args, State) ->
IsAllowed = is_allowed(MF, ?LOCAL_NOT_ALLOWED), Allowed = check_allowed(MF, ?LOCAL_PROHIBITED),
log(IsAllowed, MF, Args), log(Allowed, MF, Args),
{IsAllowed, State}. {is_allowed(Allowed), State}.
non_local_allowed(MF, Args, State) -> non_local_allowed(MF, Args, State) ->
IsAllowed = is_allowed(MF, ?NON_LOCAL_NOT_ALLOWED), Allow = check_allowed(MF, ?REMOTE_PROHIBITED),
log(IsAllowed, MF, Args), log(Allow, MF, Args),
{IsAllowed, State}. {is_allowed(Allow), State}.
is_allowed(MF, NotAllowed) -> check_allowed(MF, NotAllowed) ->
case lists:member(MF, NotAllowed) of case {lists:member(MF, NotAllowed), is_locked()} of
true -> not is_locked(); {true, false} -> exempted;
false -> true {true, true} -> prohibited;
{false, _} -> ignore
end. end.
is_allowed(prohibited) -> false;
is_allowed(_) -> true.
limit_warning(MF, Args) -> limit_warning(MF, Args) ->
max_heap_size_warning(MF, Args), max_heap_size_warning(MF, Args),
max_args_warning(MF, Args). max_args_warning(MF, Args).
@ -96,10 +100,13 @@ max_heap_size_warning(MF, Args) ->
max_heap_size => ?MAX_HEAP_SIZE}) max_heap_size => ?MAX_HEAP_SIZE})
end. end.
log(true, MF, Args) -> limit_warning(MF, Args); log(prohibited, MF, Args) ->
log(false, MF, Args) -> warning("DANGEROUS FUNCTION: FORBIDDEN IN SHELL!!!!!", []),
warning("DANGEROUS FUNCTION: DO NOT ALLOWED IN SHELL!!!!!", []), ?SLOG(error, #{msg => "execute_function_in_shell_prohibited", function => MF, args => Args});
?SLOG(error, #{msg => "execute_function_in_shell_not_allowed", function => MF, args => Args}). log(exempted, MF, Args) ->
limit_warning(MF, Args),
?SLOG(error, #{msg => "execute_dangerous_function_in_shell_exempted", function => MF, args => Args});
log(ignore, MF, Args) -> limit_warning(MF, Args).
warning(Format, Args) -> warning(Format, Args) ->
io:format(?RED_BG ++ Format ++ ?RESET ++ "~n", Args). io:format(?RED_BG ++ Format ++ ?RESET ++ "~n", Args).

3
apps/emqx_machine/src/user_default.erl
View File

@ -15,11 +15,14 @@
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
-module(user_default). -module(user_default).
%% INCLUDE BEGIN
%% Import all the record definitions from the header file into the erlang shell.
-include_lib("emqx/include/emqx.hrl"). -include_lib("emqx/include/emqx.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("emqx/include/emqx_mqtt.hrl"). -include_lib("emqx/include/emqx_mqtt.hrl").
-include_lib("emqx_conf/include/emqx_conf.hrl"). -include_lib("emqx_conf/include/emqx_conf.hrl").
-include_lib("emqx_dashboard/include/emqx_dashboard.hrl"). -include_lib("emqx_dashboard/include/emqx_dashboard.hrl").
%% INCLUDE END
%% API %% API
-export([lock/0, unlock/0]). -export([lock/0, unlock/0]).