From 6f72e8c06c3bed44d90b2eea1c70c4c1f6ac66cc Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sun, 4 Nov 2018 17:01:58 -0600 Subject: [PATCH] better address validation and removed dependency --- onionr/onionrblacklist.py | 11 ++++++----- onionr/onionrutils.py | 6 ++++++ onionr/static-data/default-plugins/pms/main.py | 1 - requirements.txt | 1 - 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/onionr/onionrblacklist.py b/onionr/onionrblacklist.py index f87ccd65..1d7e83f7 100644 --- a/onionr/onionrblacklist.py +++ b/onionr/onionrblacklist.py @@ -32,7 +32,8 @@ class OnionrBlackList: retData = False if not hashed.isalnum(): raise Exception("Hashed data is not alpha numeric") - + if len(hashed) > 64: + raise Exception("Hashed data is too large") for i in self._dbExecute("select * from blacklist where hash='%s'" % (hashed,)): retData = True # this only executes if an entry is present by that hash break @@ -95,9 +96,8 @@ class OnionrBlackList: ''' # we hash the data so we can remove data entirely from our node's disk hashed = self._core._utils.bytesToStr(self._core._crypto.sha3Hash(data)) - - if self.inBlacklist(hashed): - return + if len(hashed) > 64: + raise Exception("Hashed data is too large") if not hashed.isalnum(): raise Exception("Hashed data is not alpha numeric") @@ -109,7 +109,8 @@ class OnionrBlackList: int(expire) except ValueError: raise Exception("expire is not int") - #TODO check for length sanity + if self.inBlacklist(hashed): + return insert = (hashed,) blacklistDate = self._core._utils.getEpoch() self._dbExecute("insert into blacklist (hash, dataType, blacklistDate, expire) VALUES('%s', %s, %s, %s);" % (hashed, dataType, blacklistDate, expire)) diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index f102a3a1..3bab70b0 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -483,6 +483,12 @@ class OnionrUtils: retVal = False if not idNoDomain.isalnum(): retVal = False + + # Validate address is valid base32 (when capitalized and minus extension); v2/v3 onions and .b32.i2p use base32 + try: + base64.b32decode(idNoDomain.upper().encode()) + except binascii.Error: + retVal = False return retVal except: diff --git a/onionr/static-data/default-plugins/pms/main.py b/onionr/static-data/default-plugins/pms/main.py index 981979ee..6e7dda24 100644 --- a/onionr/static-data/default-plugins/pms/main.py +++ b/onionr/static-data/default-plugins/pms/main.py @@ -60,7 +60,6 @@ class MailStrings: class OnionrMail: def __init__(self, pluginapi): self.myCore = pluginapi.get_core() - #self.dataFolder = pluginapi.get_data_folder() self.strings = MailStrings(self) self.sentboxTools = sentboxdb.SentBox(self.myCore) diff --git a/requirements.txt b/requirements.txt index 754a0da9..2375324d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,4 +7,3 @@ defusedxml==0.5.0 Flask==1.0.2 PySocks==1.6.8 stem==1.6.0 -ntfy==2.6.0