Directory Structure
Entrypoints
API
CLI
UI
Schemas
Build
Test
Security
Bookmarks

.github
- workflows
- CODEOWNERS
- CODE_OF_CONDUCT.md
- FUNDING.yml
- ISSUE_TEMPLATE.md
- stale.yml
ansible
- roles
  - network
    - tasks
      - main.yml
    - templates
      - wifi-connect.service
    - vars
      - main.yml
  - screenly
  - splashscreen
    - files
    - tasks
      - main.yml
  - system
    - files
      - 01_nodoc
      - rc.local
    - tasks
      - main.yml
- site.yml
anthias_app
- migrations
- __init__.py
- admin.py
- apps.py
- helpers.py
- models.py
- tests.py
- urls.py
- views.py
anthias_django
- __init__.py
- asgi.py
- settings.py
- urls.py
- wsgi.py
api
- migrations
  - __init__.py
- serializers
  - __init__.py
  - mixins.py
  - v1_1.py
  - v1_2.py
  - v2.py
- views
  - __init__.py
  - mixins.py
  - v1.py
  - v1_1.py
  - v1_2.py
  - v2.py
- __init__.py
- admin.py
- apps.py
- helpers.py
- tests.py
- urls.py
bin
- add_certificate.sh
- cec_test.sh
- deploy_to_balena.sh
- enable_ssl.sh
- install.sh
- install_poetry.sh
- prepare_test_environment.sh
- run_upgrade.sh
- start_development_server.sh
- start_server.sh
- start_viewer.sh
- start_wifi_connect.sh
- upgrade_containers.sh
- wait.py
docker
- nginx
  - nginx.development.conf
  - nginx.production.conf
- Dockerfile.base.j2
- Dockerfile.celery.j2
- Dockerfile.nginx.j2
- Dockerfile.redis.j2
- Dockerfile.server.j2
- Dockerfile.test.j2
- Dockerfile.viewer.j2
- Dockerfile.websocket.j2
- Dockerfile.wifi-connect.j2
docs
- d2
  - anthias-diagram-overview.d2
  - anthias-diagram-overview.svg
- images
- README.md
- balena-fleet-deployment.md
- developer-documentation.md
- installation-options.md
- migrating-assets-to-screenly.md
- qa-checklist.md
- wifi-setup.md
- x86-installation.md
lib
- __init__.py
- auth.py
- backup_helper.py
- device_helper.py
- diagnostics.py
- errors.py
- github.py
- media_player.py
- utils.py
requirements
- requirements-websocket.txt
- requirements.dev.txt
- requirements.host.txt
- requirements.local.txt
- requirements.txt
- requirements.viewer.txt
- requirements.wifi-connect.txt
static
- coffee
  - specs
    - screenly-spec.coffee
- css
  - datepicker.css
  - timepicker.css
- favicons
- fontawesome
  - css
  - webfonts
- img
- js
- sass
- spec
templates
- auth_basic.html
- base.html
- footer.html
- head.html
- header.html
- hotspot.html
- index.html
- integrations.html
- settings.html
- splash-page.html
- system-info.html
tests
- assets
  - asset.mov
- config
  - ffserver.conf
- __init__.py
- test_app.py
- test_backup_helper.py
- test_celery_tasks.py
- test_scheduler.py
- test_settings.py
- test_updates.py
- test_utils.py
- test_viewer.py
tools
- image_builder
  - __init__.py
  - __main__.py
- __init__.py
- migrate-assets-to-screenly.py
website
- assets
  - images
  - styles
    - style.css
- bin
  - build-pi-imager-json.py
- Dockerfile.rpi-imager
- docker-compose.yml
- index.html
webview
- res
- src
- .gitignore
- Dockerfile
- Dockerfile.x86
- README.md
- ScreenlyWebview.pro
- build_qt5.sh
- build_qt6.sh
- build_x86.sh
- docker-compose.x86.yml
.dockerignore
.flake8
.gitignore
LICENSE
README.md
balena.yml
celery_tasks.py
docker-compose.balena.dev.yml.tmpl
docker-compose.balena.yml.tmpl
docker-compose.dev.yml
docker-compose.test.yml
docker-compose.yml.tmpl
host_agent.py
manage.py
package-lock.json
package.json
poetry.lock
pyproject.toml
run_gunicorn.py
send_zmq_message.py
settings.py
start_wifi_connect_service.sh
viewer.py
webpack.common.js
webpack.dev.js
webpack.prod.js
websocket_server_layer.py

Your advanced code editor is loading.

Please wait a moment.

#editor-loading { display: none; }

#!/usr/bin/env python3

-- coding: utf-8 --

from future import unicode_literals

author = “Nash Kaminski”

license = “Dual License: GPLv2 and Commercial License”

import ipaddress

import json

import logging

import netifaces

import os

import redis

import subprocess

REDIS_ARGS = dict(host=”127.0.0.1”, port=6379, db=0)

Name of redis channel to listen to

CHANNEL_NAME = b’hostcmd’

SUPPORTED_INTERFACES = (

‘wlan’,

‘eth’,

‘wlp’,

‘enp’,

)

def get_ip_addresses():

return [

ip[‘addr’]

for interface in netifaces.interfaces()

if interface.startswith(SUPPORTED_INTERFACES)

for ip in (

netifaces.ifaddresses(interface).get(netifaces.AF_INET, []) +

netifaces.ifaddresses(interface).get(netifaces.AF_INET6, [])

)

if not ipaddress.ip_address(ip[‘addr’]).is_link_local

]

def set_ip_addresses():

rdb = redis.Redis(**REDIS_ARGS)

ip_addresses = get_ip_addresses()

rdb.set('ip_addresses', json.dumps(ip_addresses))

Explicit command whitelist for security reasons, keys as bytes objects

CMD_TO_ARGV = {

b’reboot’: [‘/usr/bin/sudo’, ‘-n’, ‘/usr/bin/systemctl’, ‘reboot’],

b’shutdown’: [‘/usr/bin/sudo’, ‘-n’, ‘/usr/bin/systemctl’, ‘poweroff’],

b’set_ip_addresses’: set_ip_addresses

}

def execute_host_command(cmd_name):

cmd = CMD_TO_ARGV.get(cmd_name, None)

if cmd is None:

logging.warning(

“Unable to perform host command %s: no such command!”, cmd_name)

elif os.getenv(‘TESTING’):

logging.warning(

“Would have executed %s but not doing so as TESTING is defined”,

cmd,

)

elif cmd_name in [b’reboot’, b’shutdown’]:

logging.info(“Executing host command %s”, cmd_name)

phandle = subprocess.run(cmd)

logging.info(

“Host command %s (%s) returned %s”,

cmd_name,

cmd,

phandle.returncode,

)

else:

logging.info(‘Calling function %s’, cmd)

cmd()

def process_message(message):

if (

message.get(‘type’, ”) == ‘message’

and message.get(‘channel’, b”) == CHANNEL_NAME

execute_host_command(message.get(‘data’, b”))

else:

logging.info(“Received unsolicited message: %s”, message)

def subscriber_loop():

Connect to redis on localhost and wait for messages

logging.info(“Connecting to redis…”)

rdb = redis.Redis(**REDIS_ARGS)

pubsub = rdb.pubsub(ignore_subscribe_messages=True)

pubsub.subscribe(CHANNEL_NAME)

rdb.set(‘host_agent_ready’, ‘true’)

logging.info(

“Subscribed to channel %s, ready to process messages”, CHANNEL_NAME)

for message in pubsub.listen():

process_message(message)

if name == ‘main’:

Init logging

logging.basicConfig()

logging.getLogger().setLevel(logging.INFO)

# Loop forever processing messages
          
          subscriber_loop()

Explanation

The host_agent.py script is designed to handle remote commands sent to a host machine via Redis.

Core Functionality

IP Address Management:

get_ip_addresses(): Retrieves all IP addresses associated with network interfaces on the host. It filters out link-local addresses and those not starting with supported interface prefixes (wlan, eth, wlp, enp).
set_ip_addresses(): Stores the fetched IP addresses as a JSON string in a Redis key named ip_addresses.

Command Handling:

CMD_TO_ARGV: A dictionary mapping command names (as byte strings) to corresponding command arguments. The supported commands are:
reboot: Executes the systemctl reboot command with sudo.
shutdown: Executes the systemctl poweroff command with sudo.
set_ip_addresses: Calls the set_ip_addresses function to update the Redis key.
execute_host_command(cmd_name): Handles execution of commands based on their names. It uses the CMD_TO_ARGV mapping to retrieve arguments, logs command execution details, and takes precautions against potential risks (e.g., checking for testing environment).

Redis Subscription:

subscriber_loop(): Connects to a Redis instance (defaults to 127.0.0.1:6379, db=0), subscribes to the hostcmd channel, and listens for incoming messages.
process_message(message): Parses incoming messages. If the message type is ‘message’ and its channel is hostcmd, it extracts the command data and executes the corresponding host command.

Security Considerations

The script implements a command whitelist (CMD_TO_ARGV) to prevent unauthorized actions.
There’s an os.getenv('TESTING') check to prevent execution of sensitive commands in a testing environment.

Overall Structure

The script follows a straightforward structure:

Defines helper functions for retrieving IP addresses and executing commands.
Establishes a Redis connection and subscribes to the hostcmd channel.
Enters a loop to continuously listen for messages and process them accordingly.

Potential Improvements

Error Handling: Could be enhanced by adding more robust error handling for both network and command execution failures.
Command Validation: Adding validation checks for command arguments (e.g., data types, ranges) could increase security and robustness.
Redis Key Management: Consider using a more specific key prefix for the ip_addresses key to avoid potential conflicts.
Security Auditing: Logging attempted commands and execution outcomes could provide valuable security auditing capabilities.

Your advanced code editor is loading.

Please wait a moment.

Explanation

Graph

Symbols

We couldn't identify any entrypoints. If you believe this to be incorrect then please contact support.