add gzip to exec bigbrother for sites and fix passphase print in site creator

2020-01-29 15:44:44 -06:00 · 2020-01-29 15:44:44 -06:00 · 2bc14b5c63
commit 2bc14b5c63
parent d0291c2fb3
2 changed files with 3 additions and 1 deletions
--- a/src/bigbrother/ministry/ofexec.py
+++ b/src/bigbrother/ministry/ofexec.py
@ -45,9 +45,11 @@ def block_exec(event, info):
    """Prevent arbitrary code execution in eval/exec and log it."""
    # because libraries have stupid amounts of compile/exec/eval,
    # We have to use a whitelist where it can be tolerated
+    # Generally better than nothing, not a silver bullet
    whitelisted_code = [
                        'netrc.py',
                        'shlex.py',
+                        'gzip.py',
                        '<werkzeug routing>',
                        'werkzeug/test.py',
                        'multiprocessing/popen_fork.py',
--- a/src/onionrcommands/sitecreator.py
+++ b/src/onionrcommands/sitecreator.py
@ -40,7 +40,7 @@ If you want to update your site later you must remember the passphrase.''',

        passphrase = getpass.getpass(
            'Please enter a site passphrase of at least ' +
-            onionrvalues.PASSWORD_LENGTH + ' characters.')
+            str(onionrvalues.PASSWORD_LENGTH) + ' characters.')

        confirm = getpass.getpass('Confirm passphrase:')
        if passphrase != confirm: