script-server
Script-server is a Web UI for scripts.
As an administrator, you add your existing scripts into Script server and other users would be able to execute them via a web interface.The UI is very straightforward and can be used by non-tech people.
No script modifications are needed - you configure each script in Script server and it creates the corresponding UI with parameters and takes care of validation, execution, etc.
Features
- Different types of script parameters (text, flag, dropdown, file upload, etc.)
- Real-time script output
- Users can send input during script execution
- Auth (optional): LDAP, Google OAuth, htpasswd file
- Access control
- Alerts
- Logging and auditing
- Formatted output support (colors, styles, cursor positioning, clearing)
- Download of script output files
- Execution history
- Admin page for script configuration
For more details check how to configure a scriptor how to configure the server
Requirements
Server-side
Python 3.6 or higher with the following modules:
- Tornado 5 / 6
Some features can require additional modules. Such requirements are specified in a corresponding feature description.
OS support:
- Linux (main). Tested and working on Debian 10,11
- Windows (additional). Light testing
- macOS (additional). Light testing
Client-side
Any more or less up to date browser with enabled JS
Internet connection is not needed. All the files are loaded from the server.
Installation
For production
- Download script-server.zip file from Latest release or Dev release
- Create script-server folder anywhere on your PC and extract zip content to this folder
(For detailed steps on linux with virtualenv, please see Installation guide)
As a docker container
Please find pre-built images here: https://hub.docker.com/r/bugy/script-server/tags
For the usage please check this ticket
For development
- Clone/download the repository
- Run 'tools/init.py --no-npm' script
init.py script should be run after pulling any new changes
If you are making changes to web files, use npm run build or npm run serve
Setup and run
- Create configurations for your scripts in conf/runners/ folder (see script config page for details)
- Launch launcher.py from script-server folder
- Windows command: launcher.py
- Linux command: ./launcher.py
- Add/edit scripts on the admin page
By default, the server will run on http://localhost:5000
Server config
All the features listed above and some other minor features can be configured in conf/conf.json file.It is allowed not to create this file. In this case, default values will be used.See server config page for details
Admin panel
Admin panel is accessible on admin.html page (e.g. http://localhost:5000/admin.html)
Logging
All web/operating logs are written to the logs/server.logAdditionally each script logs are written to separate file in logs/processes. File name format is{script_name}_{client_address}_{date}_{time}.log.
Testing/demo
Script-server has bundled configs/scripts for testing/demo purposes, which are located in samples folder. You canlink/copy these config files (samples/configs/*.json) to server config folder (conf/runners).
Security
I do my best to make script-server secure and invulnerable to attacks, injections or user data security. However to beon the safe side, it's better to run Script server only on a trusted network.
Any security leaks report or recommendations are greatly appreciated!
Shell commands injection
Script server guarantees that all user parameters are passed to an executable script as arguments and won't be executedunder any conditions. There is no way to inject fraud command from a client-side. However, user parameters are notescaped, so scripts should take care of not executing them also (general recommendation for bash is at least to wrap allarguments in double-quotes). It's recommended to use typed parameters when appropriate, because they are validated forproper values and so they are harder to be subject of commands injection. Such attempts would be easier to detect also.
Important! Command injection protection is fully supported for Linux, but only for .bat and .exe files on Windows
XSS and CSRF
(v1.0 - v1.16)
Script server is vulnerable to these attacks.
(v1.17+)
Script server is protected against XSRF attacks via a special token.
XSS protection: the code is written according toOWASP Cheat Sheetand the only known vulnerabilities are:
output_format=html_iframe, see the reasoning in thelinked Wiki page
Contribution
If you like the project and think you could help with making it better, there are many ways you can do it:
- Create a new issue for new feature proposal or a bug
- Implement existing issues (there are quite some of them: frontend/backend, simple/complex, choose whatever you like)
- Help with improving the documentation
- Set up a demo server
- Spread a word about the project to your colleagues, friends, blogs or any other channels
- Any other things you could imagine
Any contribution would be of great help and I will highly appreciate it!If you have any questions, please create a new issue, or contact me via buggygm@gmail.com
Asking questions
If you have any questions, feel free to:
- Ask in gitter: https://gitter.im/script-server/community
- or create a ticket
- or contact me via email: buggygm@gmail.com (for some non-shareable questions)
Special thanks
-
Rails源码阅读(二)_script/server 如果明白了script/console,那么理解script/server会轻松些; 区别在于,启动console其实是需要加载irb,而启动server则要处理http请求; 应该先看看本系列的如下文章: boot:Rails源码阅读(零)_config/boot http-server:动手写rails(一)_Rack标准和HttpSe
-
①<script runat="server">代码段与<%%>内联代码段的区别 在asp.net页面的aspx文件中允许使用<script runat="server">和<%%>标记来插入代码片断。这两种方式有什么区别呢? <script runat="server">标记中的代码跟.cs文件中的代码地位是一致的,比如像下面这样声明一段事件处理代码 <script runat="server"
-
1、初始化 npm init,生成package.json文件 2、安装 npm webpack webpak-cli html --save-dev –save-dev开发过程中需要使用的一些文件,在项目最终运行时是不需要的,简写-D,将模块名和版本号添加到devDependencies部分 –save 在线上环境运行时会将包安装,将模块名和版本号添加到dependencies部分 3、创建we
-
阿里云 Ubuntu18 安装Redis报错如下: dpkg: error processing package redis-server (--configure): installed redis-server package post-installation script subprocess returned error exit status 1 Errors were encoun
-
要搭建一个dhcp的服务器,结果安装的时候遇到一个问题: guoyanzhang@bogon:~$ sudo apt-get install isc-dhcp-server-ldap 正在读取软件包列表... 完成 正在分析软件包的依赖关系树 正在读取状态信息... 完成 将会同时安装下列软件: isc-dhcp-server 下列【新】软件包将被安装: isc
-
今天在ubuntu上使用apt-get安装redis-server。报如下错误: Do you want to continue? [Y/n] Y Setting up redis-server (5:4.0.9-1) ... Job for redis-server.service failed because a timeout was exceeded. See "systemctl sta
-
运行vue项目报错,webpack-dev-server: Permission denied 无权限, npm run dev >@1.0.0 dev /Users/log/Desktop/vue/ > webpack-dev-server --inline --progress --config build/webpack.dev.conf.js sh: /Users/log/Deskto
-
报错情况: The CLI moved into a separate package: webpack-cli. Please install 'webpack-cli' in addition to webpack itself to use the CLI. -> When using npm: npm install webpack-cli -D -> When using yarn: y
-
Kafka brokers need to finish the shutdown process before the zookeepers do. So start the zookeepers, then the kafka brokers will retry the shutdown process. 先关闭Kafka,等关闭完之后再关闭Zookeeper,否则,Kafka broker
-
一、什么是web-dev-server 1.基于nodejs的使用了express的http服务器。能够实现页面的热加载、热替换。 2.这个 Http服务器 和 client 使用了 websocket 通讯协议。原始文件(测到入口文件以及依赖的变化)作出改动后, 会自动编译, 并实时更新。 3.对于编译并打包的的文件,并没有存储在output.pat
-
start: Job failed to start invoke-rc.d: initscript mysql, action "start" failed. dpkg: error processing mysql-server-5.5 (--configure): subprocess installed post-installation script returned error ex
-
1、问题:mysql安装不上,出现报错 mysql-server depends on mysql-server-5.5; however: Package mysql-server-5.5 is not configured yet. dpkg: error processing mysql-server-5.5 (--configure): subprocess installed p
-
错误如下: npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! webpack5@1.0.0 dev: `webpack-dev-server` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the webpack5@1.0.0 dev script. npm ERR! This is pro
-
ubuntu安装mysql过程中电脑突然关机,重新安装一直报错: Renaming removed key_buffer and myisam-recover options (if present) Job for mysql.service failed because the control process exited with error code. See "systemctl sta
-
错误描述 [webpack-cli] For using 'serve' command you need to install: 'webpack-dev-server' package [webpack-cli] Would you like to install 'webpack-dev-server' package? (That will run 'npm install -D webp
-
此文章转自linux公社 原文章链接 问题描述: Ubuntu下安装完Mysql之后出现这样的提示 正在设置 mysql-server-5.5 (5.5.27-0ubuntu2) ...start: Job failed to startinvoke-rc.d: initscript mysql, action "start" failed.dpkg: error processing mys
-
webpack-dev-server webpack-dev-server是一个小型的Node.js Express服务器,它使用webpack-dev-middleware来服务于webpack的包,除此自外,它还有一个通过Sock.js来连接到服务器的微型运行时. 我们来看一下下面的配置文件(webpack.config.js) var path = require("path"); modu
-
devstack 安装openstack出现rabbitmq-server安装错误,因为修改过hostsname后,重新安装才导致这个错误,下面是解决办法. 问题: Starting rabbitmq-server: FAILED - check /var/log/rabbitmq/startup_log, _err rabbitmq-server. invoke-rc.d: initsc
-
错误信息: npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! vueDemoTow@1.0.0 dev: `webpack-dev-server` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the vueDemoTow@1.0.0 dev script. npm ERR! This is
-
from: http://blog.sina.com.cn/s/blog_417ad82e0101el5i.html Ubuntu安装数据库的时候,报错,查了好久,感谢这位仁兄,这解决方案,完美解决了我遇到的问题,Mark一下. start: Job failed to start invoke-rc.d: initscript mysql, action "start" failed. dpkg
-
今天我们要把typescript结合前端构建工具(webpack)来运行。 前面我们的案列(User类),我们已经在终端下运行过(node.js环境下),没有问题。 "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); // 引入 var User_1 = require("./User"); va
-
vue npm run dev 启动 报错 dev: node build/dev-server.js 解决 问题描述 npm run dev 启动报错如下: [HPM] Proxy rewrite rule created: “^/api” ~> “” Starting dev server… events.js:137 throw er; // Unhandled ‘error’ event
-
拉取了项目后,cnpm install安装依赖,然后再npm start运行报错: Error: spawn webpack-dev-server ENOENT at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19) at onErrorNT (internal/child_process.js:415:1
-
最近在使用devstack部署开发环境的时候,遇到了rabbitmq-server安装后运行启动脚本失败的情况: invoke-rc.d: initscript rabbitmq-server, action "start" failed. 原因在于rabbitmq会在启动前会解析主机名的地址是否可通。 需要在你的/etc/hosts添加上: 127.0.1.1 hostname.domainn
-
Vue 项目运行 npm run dev 命令时会报错:“'webpack-dev-server' 不是内部或外部命令,也不是可运行的程序” 的解决办法 对于已经创建的工程,如果删除了 node_modules 文件夹,当再运行 npm run dev 命令时会报错:“'webpack-dev-server' 不是内部或外部命令,也不是可运行的程序”,解决办法如下。 进入工程目录,比如 E:\la
-
<script> defer 和 async 有什么区别? 相同点: <script> 标签必须有 src 属性,不能是内联脚本 加载是异步的 脚本中不能调用 document.write() 不同点: defer 在 HTML 4 中被定义,async 在 HTML 5 中定义 defer 使脚本在 HTML 解析完且触发 DOMContentLoaded 之前按照声明顺序执行,async 则是
-
我们把项目查看模式切换成Android,所有的文件会通过类型进行归类,这个并不是实际在电脑中的文件结构哦,如果想看实际的物理结构请切换到Project. 切换成Android可以查看所有的Gradle Script: 每个文件后面都有一个灰色字体描述: 1.build.gradle: Project构建文件 2.build.gradle: Module构建文件 3.gradle.propertie
-
SCRIPT FLUSH 清除所有 Lua 脚本缓存。 关于使用 Redis 对 Lua 脚本进行求值的更多信息,请参见 EVAL 命令。 可用版本: >= 2.6.0 复杂度: O(N) , N 为缓存中脚本的数量。 返回值: 总是返回 OK redis> SCRIPT FLUSH OK
-
SCRIPT KILL 杀死当前正在运行的 Lua 脚本,当且仅当这个脚本没有执行过任何写操作时,这个命令才生效。 这个命令主要用于终止运行时间过长的脚本,比如一个因为 BUG 而发生无限 loop 的脚本,诸如此类。 SCRIPT KILL 执行之后,当前正在运行的脚本会被杀死,执行这个脚本的客户端会从 EVAL 命令的阻塞当中退出,并收到一个错误作为返回值。 另一方面,假如当前正在运行的脚本已
-
SCRIPT EXISTS script [script ...] 给定一个或多个脚本的 SHA1 校验和,返回一个包含 0 和 1 的列表,表示校验和所指定的脚本是否已经被保存在缓存当中。 关于使用 Redis 对 Lua 脚本进行求值的更多信息,请参见 EVAL 命令。 可用版本: >= 2.6.0 时间复杂度: O(N) , N 为给定的 SHA1 校验和的数量。 返回值: 一个列表,包含
-
SCRIPT LOAD script 将脚本 script 添加到脚本缓存中,但并不立即执行这个脚本。 EVAL 命令也会将脚本添加到脚本缓存中,但是它会立即对输入的脚本进行求值。 如果给定的脚本已经在缓存里面了,那么不做动作。 在脚本被加入到缓存之后,通过 EVALSHA 命令,可以使用脚本的 SHA1 校验和来调用这个脚本。 脚本可以在缓存中保留无限长的时间,直到执行 SCRIPT FLUSH
-
1. 前言 前面一系列动态 SQL 小节的学习中,我们都是在 xml 中书写 SQL 的。注解无法发挥 MyBatis 动态 SQL 的真正威力,但是 if、choose、bind、where 等标签还是可以在注解中使用的。 MyBatis 官方文档对于此的介绍只有寥寥一句话和一个简单的例子,在实际的应用中也几乎没有人这样去做,因为它确实不太美观,但是考虑到这个知识点并不复杂,也极有可能成为一个刁
-
Notepad++ 的 CS-Script 工具 CS-Script tools suite 是 NotePad++的轻量级扩展工具集。可以利用它有效的进行 C# 的编写/执行开发,而无须像传统的开发工具那样需要额外的开销。同时它也提供了一个完整的 IDE 的众多功能特性。但是它并不打算取代任何一个 IDE,只是作为一个成熟 IDE 和普通的文本编辑器之间的补充而存在。 CS-Script too