dxs/onionr
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

refreshed and renamed docs, added bootstrap server, added default config for sec auditing

Browse source
This commit is contained in:
Kevin Froman 2020-02-04 14:46:17 -06:00
parent fe36b87c57
commit 6960d9209d
270 changed files with 20816 additions and 8345 deletions
Download patch file Download diff file Expand all files Collapse all files

77
docs/html/src/bigbrother/ministry/index.html Normal file
View file

@ -0,0 +1,77 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="generator" content="pdoc 0.7.4" />
<title>src.bigbrother.ministry API documentation</title>
<meta name="description" content="" />
<link href='https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css' rel='stylesheet'>
<link href='https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/8.0.0/sanitize.min.css' rel='stylesheet'>
<link href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css" rel="stylesheet">
<style>.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{font-weight:bold}#index h4 + ul{margin-bottom:.6em}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style>
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style>
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style>
</head>
<body>
<main>
<article id="content">
<header>
<h1 class="title">Module <code>src.bigbrother.ministry</code></h1>
</header>
<section id="section-intro">
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">from . import ofcommunication # noqa
from . import ofexec # noqa</code></pre>
</details>
</section>
<section>
<h2 class="section-title" id="header-submodules">Sub-modules</h2>
<dl>
<dt><code class="name"><a title="src.bigbrother.ministry.ofcommunication" href="ofcommunication.html">src.bigbrother.ministry.ofcommunication</a></code></dt>
<dd>
<section class="desc"><p>Onionr - Private P2P Communication …</p></section>
</dd>
<dt><code class="name"><a title="src.bigbrother.ministry.ofexec" href="ofexec.html">src.bigbrother.ministry.ofexec</a></code></dt>
<dd>
<section class="desc"><p>Onionr - Private P2P Communication …</p></section>
</dd>
</dl>
</section>
<section>
</section>
<section>
</section>
<section>
</section>
</article>
<nav id="sidebar">
<h1>Index</h1>
<div class="toc">
<ul></ul>
</div>
<ul id="index">
<li><h3>Super-module</h3>
<ul>
<li><code><a title="src.bigbrother" href="../index.html">src.bigbrother</a></code></li>
</ul>
</li>
<li><h3><a href="#header-submodules">Sub-modules</a></h3>
<ul>
<li><code><a title="src.bigbrother.ministry.ofcommunication" href="ofcommunication.html">src.bigbrother.ministry.ofcommunication</a></code></li>
<li><code><a title="src.bigbrother.ministry.ofexec" href="ofexec.html">src.bigbrother.ministry.ofexec</a></code></li>
</ul>
</li>
</ul>
</nav>
</main>
<footer id="footer">
<p>Generated by <a href="https://pdoc3.github.io/pdoc"><cite>pdoc</cite> 0.7.4</a>.</p>
</footer>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad()</script>
</body>
</html>

149
docs/html/src/bigbrother/ministry/ofcommunication.html Normal file
View file

@ -0,0 +1,149 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="generator" content="pdoc 0.7.4" />
<title>src.bigbrother.ministry.ofcommunication API documentation</title>
<meta name="description" content="Onionr - Private P2P Communication …" />
<link href='https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css' rel='stylesheet'>
<link href='https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/8.0.0/sanitize.min.css' rel='stylesheet'>
<link href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css" rel="stylesheet">
<style>.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{font-weight:bold}#index h4 + ul{margin-bottom:.6em}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style>
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style>
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style>
</head>
<body>
<main>
<article id="content">
<header>
<h1 class="title">Module <code>src.bigbrother.ministry.ofcommunication</code></h1>
</header>
<section id="section-intro">
<p>Onionr - Private P2P Communication.</p>
<p>Ensure sockets don't get made to non localhost</p>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">&#34;&#34;&#34;Onionr - Private P2P Communication.
Ensure sockets don&#39;t get made to non localhost
&#34;&#34;&#34;
import ipaddress
import logger
from onionrexceptions import NetworkLeak
&#34;&#34;&#34;
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;https://www.gnu.org/licenses/&gt;.
&#34;&#34;&#34;
def detect_socket_leaks(socket_event):
&#34;&#34;&#34;Is called by the big brother broker whenever.
a socket connection happens.
raises exception &amp; logs if not to loopback
&#34;&#34;&#34;
ip_address = socket_event[1][0]
# validate is valid ip address (no hostname, etc)
# raises NetworkLeak if not
try:
ipaddress.ip_address(ip_address)
except ValueError:
logger.warn(f&#39;Conn made to {ip_address} outside of Tor/similar&#39;)
raise \
NetworkLeak(&#39;Conn to host/non local IP, this is a privacy issue!&#39;)
# Validate that the IP is localhost ipv4
if not ip_address.startswith(&#39;127&#39;):
logger.warn(f&#39;Conn made to {ip_address} outside of Tor/similar&#39;)
raise NetworkLeak(&#39;Conn to non local IP, this is a privacy concern!&#39;)</code></pre>
</details>
</section>
<section>
</section>
<section>
</section>
<section>
<h2 class="section-title" id="header-functions">Functions</h2>
<dl>
<dt id="src.bigbrother.ministry.ofcommunication.detect_socket_leaks"><code class="name flex">
<span>def <span class="ident">detect_socket_leaks</span></span>(<span>socket_event)</span>
</code></dt>
<dd>
<section class="desc"><p>Is called by the big brother broker whenever.</p>
<p>a socket connection happens.
raises exception &amp; logs if not to loopback</p></section>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">def detect_socket_leaks(socket_event):
&#34;&#34;&#34;Is called by the big brother broker whenever.
a socket connection happens.
raises exception &amp; logs if not to loopback
&#34;&#34;&#34;
ip_address = socket_event[1][0]
# validate is valid ip address (no hostname, etc)
# raises NetworkLeak if not
try:
ipaddress.ip_address(ip_address)
except ValueError:
logger.warn(f&#39;Conn made to {ip_address} outside of Tor/similar&#39;)
raise \
NetworkLeak(&#39;Conn to host/non local IP, this is a privacy issue!&#39;)
# Validate that the IP is localhost ipv4
if not ip_address.startswith(&#39;127&#39;):
logger.warn(f&#39;Conn made to {ip_address} outside of Tor/similar&#39;)
raise NetworkLeak(&#39;Conn to non local IP, this is a privacy concern!&#39;)</code></pre>
</details>
</dd>
</dl>
</section>
<section>
</section>
</article>
<nav id="sidebar">
<h1>Index</h1>
<div class="toc">
<ul></ul>
</div>
<ul id="index">
<li><h3>Super-module</h3>
<ul>
<li><code><a title="src.bigbrother.ministry" href="index.html">src.bigbrother.ministry</a></code></li>
</ul>
</li>
<li><h3><a href="#header-functions">Functions</a></h3>
<ul class="">
<li><code><a title="src.bigbrother.ministry.ofcommunication.detect_socket_leaks" href="#src.bigbrother.ministry.ofcommunication.detect_socket_leaks">detect_socket_leaks</a></code></li>
</ul>
</li>
</ul>
</nav>
</main>
<footer id="footer">
<p>Generated by <a href="https://pdoc3.github.io/pdoc"><cite>pdoc</cite> 0.7.4</a>.</p>
</footer>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad()</script>
</body>
</html>

227
docs/html/src/bigbrother/ministry/ofexec.html Normal file
View file

@ -0,0 +1,227 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="generator" content="pdoc 0.7.4" />
<title>src.bigbrother.ministry.ofexec API documentation</title>
<meta name="description" content="Onionr - Private P2P Communication …" />
<link href='https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css' rel='stylesheet'>
<link href='https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/8.0.0/sanitize.min.css' rel='stylesheet'>
<link href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css" rel="stylesheet">
<style>.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{font-weight:bold}#index h4 + ul{margin-bottom:.6em}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style>
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style>
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style>
</head>
<body>
<main>
<article id="content">
<header>
<h1 class="title">Module <code>src.bigbrother.ministry.ofexec</code></h1>
</header>
<section id="section-intro">
<p>Onionr - Private P2P Communication.</p>
<p>Prevent eval/exec/os.system and log it</p>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">&#34;&#34;&#34;Onionr - Private P2P Communication.
Prevent eval/exec/os.system and log it
&#34;&#34;&#34;
import base64
import platform
import logger
from utils import identifyhome
from onionrexceptions import ArbitraryCodeExec
&#34;&#34;&#34;
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;https://www.gnu.org/licenses/&gt;.
&#34;&#34;&#34;
def block_system(cmd):
&#34;&#34;&#34;Prevent os.system except for whitelisted commands+contexts.&#34;&#34;&#34;
allowed = &#39;taskkill /PID &#39;
is_ok = False
if platform.system() == &#39;Windows&#39;:
if cmd.startswith(allowed):
for c in cmd.split(allowed)[1]:
if not c.isalnum() or c not in (&#39;/&#39;, &#39;F&#39;, &#39; &#39;):
break
else:
is_ok = True
if not is_ok:
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED, SEE LOGS&#39;, terminal=True)
logger.warn(f&#39;POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}&#39;)
raise ArbitraryCodeExec(&#39;os.system command not in whitelist&#39;)
def block_exec(event, info):
&#34;&#34;&#34;Prevent arbitrary code execution in eval/exec and log it.&#34;&#34;&#34;
# because libraries have stupid amounts of compile/exec/eval,
# We have to use a whitelist where it can be tolerated
# Generally better than nothing, not a silver bullet
whitelisted_code = [
&#39;netrc.py&#39;,
&#39;shlex.py&#39;,
&#39;gzip.py&#39;,
&#39;&lt;werkzeug routing&gt;&#39;,
&#39;werkzeug/test.py&#39;,
&#39;multiprocessing/popen_fork.py&#39;,
&#39;multiprocessing/util.py&#39;,
&#39;multiprocessing/connection.py&#39;,
&#39;onionrutils/escapeansi.py&#39;,
&#39;stem/connection.py&#39;,
&#39;stem/response/add_onion.py&#39;,
&#39;stem/response/authchallenge.py&#39;,
&#39;stem/response/getinfo.py&#39;,
&#39;stem/response/getconf.py&#39;,
&#39;stem/response/mapaddress.py&#39;,
&#39;stem/response/protocolinfo.py&#39;
]
home = identifyhome.identify_home()
code_b64 = base64.b64encode(info[0].co_code).decode()
for source in whitelisted_code:
if info[0].co_filename.endswith(source):
return
if home + &#39;plugins/&#39; in info[0].co_filename:
return
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED, SEE LOGS&#39;, terminal=True)
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED: &#39; + info[0].co_filename)
logger.warn(&#39;Prevented exec/eval. Report this with the sample below&#39;)
logger.warn(f&#39;{event} code in base64 format: {code_b64}&#39;)
raise ArbitraryCodeExec(&#34;Arbitrary code (eval/exec) detected.&#34;)</code></pre>
</details>
</section>
<section>
</section>
<section>
</section>
<section>
<h2 class="section-title" id="header-functions">Functions</h2>
<dl>
<dt id="src.bigbrother.ministry.ofexec.block_exec"><code class="name flex">
<span>def <span class="ident">block_exec</span></span>(<span>event, info)</span>
</code></dt>
<dd>
<section class="desc"><p>Prevent arbitrary code execution in eval/exec and log it.</p></section>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">def block_exec(event, info):
&#34;&#34;&#34;Prevent arbitrary code execution in eval/exec and log it.&#34;&#34;&#34;
# because libraries have stupid amounts of compile/exec/eval,
# We have to use a whitelist where it can be tolerated
# Generally better than nothing, not a silver bullet
whitelisted_code = [
&#39;netrc.py&#39;,
&#39;shlex.py&#39;,
&#39;gzip.py&#39;,
&#39;&lt;werkzeug routing&gt;&#39;,
&#39;werkzeug/test.py&#39;,
&#39;multiprocessing/popen_fork.py&#39;,
&#39;multiprocessing/util.py&#39;,
&#39;multiprocessing/connection.py&#39;,
&#39;onionrutils/escapeansi.py&#39;,
&#39;stem/connection.py&#39;,
&#39;stem/response/add_onion.py&#39;,
&#39;stem/response/authchallenge.py&#39;,
&#39;stem/response/getinfo.py&#39;,
&#39;stem/response/getconf.py&#39;,
&#39;stem/response/mapaddress.py&#39;,
&#39;stem/response/protocolinfo.py&#39;
]
home = identifyhome.identify_home()
code_b64 = base64.b64encode(info[0].co_code).decode()
for source in whitelisted_code:
if info[0].co_filename.endswith(source):
return
if home + &#39;plugins/&#39; in info[0].co_filename:
return
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED, SEE LOGS&#39;, terminal=True)
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED: &#39; + info[0].co_filename)
logger.warn(&#39;Prevented exec/eval. Report this with the sample below&#39;)
logger.warn(f&#39;{event} code in base64 format: {code_b64}&#39;)
raise ArbitraryCodeExec(&#34;Arbitrary code (eval/exec) detected.&#34;)</code></pre>
</details>
</dd>
<dt id="src.bigbrother.ministry.ofexec.block_system"><code class="name flex">
<span>def <span class="ident">block_system</span></span>(<span>cmd)</span>
</code></dt>
<dd>
<section class="desc"><p>Prevent os.system except for whitelisted commands+contexts.</p></section>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">def block_system(cmd):
&#34;&#34;&#34;Prevent os.system except for whitelisted commands+contexts.&#34;&#34;&#34;
allowed = &#39;taskkill /PID &#39;
is_ok = False
if platform.system() == &#39;Windows&#39;:
if cmd.startswith(allowed):
for c in cmd.split(allowed)[1]:
if not c.isalnum() or c not in (&#39;/&#39;, &#39;F&#39;, &#39; &#39;):
break
else:
is_ok = True
if not is_ok:
logger.warn(&#39;POSSIBLE EXPLOIT DETECTED, SEE LOGS&#39;, terminal=True)
logger.warn(f&#39;POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}&#39;)
raise ArbitraryCodeExec(&#39;os.system command not in whitelist&#39;)</code></pre>
</details>
</dd>
</dl>
</section>
<section>
</section>
</article>
<nav id="sidebar">
<h1>Index</h1>
<div class="toc">
<ul></ul>
</div>
<ul id="index">
<li><h3>Super-module</h3>
<ul>
<li><code><a title="src.bigbrother.ministry" href="index.html">src.bigbrother.ministry</a></code></li>
</ul>
</li>
<li><h3><a href="#header-functions">Functions</a></h3>
<ul class="">
<li><code><a title="src.bigbrother.ministry.ofexec.block_exec" href="#src.bigbrother.ministry.ofexec.block_exec">block_exec</a></code></li>
<li><code><a title="src.bigbrother.ministry.ofexec.block_system" href="#src.bigbrother.ministry.ofexec.block_system">block_system</a></code></li>
</ul>
</li>
</ul>
</nav>
</main>
<footer id="footer">
<p>Generated by <a href="https://pdoc3.github.io/pdoc"><cite>pdoc</cite> 0.7.4</a>.</p>
</footer>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad()</script>
</body>
</html>