From afe2bf605c3945c9380657bcd24b7fa7314099c9 Mon Sep 17 00:00:00 2001
From: istiak101 <30789544+istiak101@users.noreply.github.com>
Date: Sun, 22 Aug 2021 21:49:56 +0600
Subject: [PATCH] Security: Prevent leaking load average data

Prevent leaking load average data to non-logged in users.
---
 baseTemplate/views.py | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/baseTemplate/views.py b/baseTemplate/views.py
index 36bf36d42..ff9c1d2da 100755
--- a/baseTemplate/views.py
+++ b/baseTemplate/views.py
@@ -75,14 +75,19 @@ def getSystemStatus(request):
         return HttpResponse("Can not get admin Status")
 
 def getLoadAverage(request):
-    loadAverage = SystemInformation.cpuLoad()
-    loadAverage = list(loadAverage)
-    one = loadAverage[0]
-    two = loadAverage[1]
-    three = loadAverage[2]
-    loadAvg = {"one": one, "two": two,"three": three}
-    json_data = json.dumps(loadAvg)
-    return HttpResponse(json_data)
+    try:
+        val = request.session['userID']
+        currentACL = ACLManager.loadedACL(val)
+        loadAverage = SystemInformation.cpuLoad()
+        loadAverage = list(loadAverage)
+        one = loadAverage[0]
+        two = loadAverage[1]
+        three = loadAverage[2]
+        loadAvg = {"one": one, "two": two,"three": three}
+        json_data = json.dumps(loadAvg)
+        return HttpResponse(json_data)
+    except KeyError:
+        return HttpResponse("Not allowed.")
 
 @ensure_csrf_cookie
 def versionManagment(request):