added big brother security auditing to prevent some RCE and leaks
parent
47e69bab99
commit
ae416bc650
|
@ -35,6 +35,9 @@ def _auditing_supported():
|
|||
def sys_hook_entrypoint(event, info):
|
||||
if event == 'socket.connect':
|
||||
ministry.ofcommunication.detect_socket_leaks(info)
|
||||
elif event == 'exec':
|
||||
# logs and block both exec and eval
|
||||
ministry.ofexec.block_exec(event, info)
|
||||
|
||||
|
||||
def enable_ministries(disable_hooks: Iterable = []):
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
from . import ofcommunication
|
||||
from . import ofcommunication # noqa
|
||||
from . import ofexec # noqa
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
import ipaddress
|
||||
|
||||
import logger
|
||||
from onionrexceptions import NetworkLeak
|
||||
"""
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -30,9 +31,15 @@ def detect_socket_leaks(socket_event):
|
|||
ip_address = socket_event[1][0]
|
||||
|
||||
# validate is valid ip address (no hostname, etc)
|
||||
# raises valueerror if not
|
||||
ipaddress.ip_address(ip_address)
|
||||
# raises NetworkLeak if not
|
||||
try:
|
||||
ipaddress.ip_address(ip_address)
|
||||
except ValueError:
|
||||
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
|
||||
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')
|
||||
|
||||
# Validate that the IP is localhost ipv4
|
||||
|
||||
if not ip_address.startswith('127'):
|
||||
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
|
||||
raise ValueError('Conn to non loopback IP, this is a privacy concern!')
|
||||
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
"""
|
||||
Onionr - Private P2P Communication
|
||||
|
||||
Prevent eval/exec and log it
|
||||
"""
|
||||
import base64
|
||||
|
||||
import logger
|
||||
from utils import identifyhome
|
||||
from onionrexceptions import ArbitraryCodeExec
|
||||
"""
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
|
||||
def block_exec(event, info):
|
||||
"""Prevent arbitrary code execution in eval/exec and log it"""
|
||||
# because libraries have stupid amounts of compile/exec/eval,
|
||||
# We have to use a whitelist where it can be tolerated
|
||||
whitelisted_code = [
|
||||
'netrc.py',
|
||||
'<werkzeug routing>',
|
||||
'werkzeug/test.py',
|
||||
'multiprocessing/popen_fork.py',
|
||||
'multiprocessing/util.py',
|
||||
'multiprocessing/connection.py',
|
||||
'onionrutils/escapeansi.py'
|
||||
]
|
||||
home = identifyhome.identify_home()
|
||||
|
||||
for source in whitelisted_code:
|
||||
if info[0].co_filename.endswith(source):
|
||||
return
|
||||
|
||||
if info[0].co_filename.startswith(home + 'plugins/'):
|
||||
return
|
||||
|
||||
code_b64 = base64.b64encode(info[0].co_code).decode()
|
||||
logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True)
|
||||
logger.warn('POSSIBLE EXPLOIT DETECTED: ' + info[0].co_filename)
|
||||
logger.warn('Prevented exec/eval. Report this with the sample below')
|
||||
logger.warn(f'{event} code in base64 format: {code_b64}')
|
||||
raise ArbitraryCodeExec("Arbitrary code (eval/exec) detected.")
|
|
@ -105,5 +105,15 @@ class MissingAddress(Exception):
|
|||
class ContactDeleted(Exception):
|
||||
pass
|
||||
|
||||
# Version Errors
|
||||
|
||||
class PythonVersion(Exception):
|
||||
pass
|
||||
|
||||
# Auditing exceptions
|
||||
|
||||
class NetworkLeak(Exception):
|
||||
pass
|
||||
|
||||
class ArbitraryCodeExec(Exception):
|
||||
pass
|
||||
|
|
Loading…
Reference in New Issue