added big brother security auditing to prevent some RCE and leaks

master
Kevin Froman 2019-12-14 13:45:18 -06:00
parent 47e69bab99
commit ae416bc650
6 changed files with 79 additions and 4 deletions

View File

@ -35,6 +35,9 @@ def _auditing_supported():
def sys_hook_entrypoint(event, info):
if event == 'socket.connect':
ministry.ofcommunication.detect_socket_leaks(info)
elif event == 'exec':
# logs and block both exec and eval
ministry.ofexec.block_exec(event, info)
def enable_ministries(disable_hooks: Iterable = []):

View File

@ -1 +1,2 @@
from . import ofcommunication
from . import ofcommunication # noqa
from . import ofexec # noqa

View File

@ -6,6 +6,7 @@
import ipaddress
import logger
from onionrexceptions import NetworkLeak
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -30,9 +31,15 @@ def detect_socket_leaks(socket_event):
ip_address = socket_event[1][0]
# validate is valid ip address (no hostname, etc)
# raises valueerror if not
ipaddress.ip_address(ip_address)
# raises NetworkLeak if not
try:
ipaddress.ip_address(ip_address)
except ValueError:
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')
# Validate that the IP is localhost ipv4
if not ip_address.startswith('127'):
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
raise ValueError('Conn to non loopback IP, this is a privacy concern!')
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')

View File

@ -0,0 +1,54 @@
"""
Onionr - Private P2P Communication
Prevent eval/exec and log it
"""
import base64
import logger
from utils import identifyhome
from onionrexceptions import ArbitraryCodeExec
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def block_exec(event, info):
"""Prevent arbitrary code execution in eval/exec and log it"""
# because libraries have stupid amounts of compile/exec/eval,
# We have to use a whitelist where it can be tolerated
whitelisted_code = [
'netrc.py',
'<werkzeug routing>',
'werkzeug/test.py',
'multiprocessing/popen_fork.py',
'multiprocessing/util.py',
'multiprocessing/connection.py',
'onionrutils/escapeansi.py'
]
home = identifyhome.identify_home()
for source in whitelisted_code:
if info[0].co_filename.endswith(source):
return
if info[0].co_filename.startswith(home + 'plugins/'):
return
code_b64 = base64.b64encode(info[0].co_code).decode()
logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True)
logger.warn('POSSIBLE EXPLOIT DETECTED: ' + info[0].co_filename)
logger.warn('Prevented exec/eval. Report this with the sample below')
logger.warn(f'{event} code in base64 format: {code_b64}')
raise ArbitraryCodeExec("Arbitrary code (eval/exec) detected.")

View File

@ -105,5 +105,15 @@ class MissingAddress(Exception):
class ContactDeleted(Exception):
pass
# Version Errors
class PythonVersion(Exception):
pass
# Auditing exceptions
class NetworkLeak(Exception):
pass
class ArbitraryCodeExec(Exception):
pass