make lan server test only a few ports, add run time test grace period in service detection attack prevetion mechanism

2020-06-19 01:08:39 -05:00 · 2020-06-19 01:08:39 -05:00 · 7205189d62
parent 5751468e8a
commit 7205189d62
2 changed files with 5 additions and 2 deletions
--- a/src/lan/server/init.py
+++ b/src/lan/server/init.py
@ -3,6 +3,7 @@
 LAN transport server thread
 """
 import ipaddress
+import time
 from threading import Thread

 from gevent.pywsgi import WSGIServer
@ -36,6 +37,7 @@ from utils.bettersleep import better_sleep
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 """
 ports = range(1337, 1340)
+_start_time = time.time()

 class LANServer:
    def __init__(self, shared_state):
@ -50,7 +52,8 @@ class LANServer:
        @app.before_request
        def dns_rebinding_prevention():
            if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
-                abort(403)
+                if time.time() - _start_time < 600:
+                    abort(403)
            if request.host != f'{self.host}:{self.port}':
                logger.warn('Potential DNS rebinding attack on LAN server:')
                logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')
--- a/src/runtests/lanservertest.py
+++ b/src/runtests/lanservertest.py
@ -10,7 +10,7 @@ import logger

 def test_lan_server(testmanager):
    start_time = get_epoch()
-    for i in range(1024, 65536):
+    for i in range(1337, 1340):
        try:
            if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
                bl = insert('test data')