kev
/
Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

added big brother event auditor

This commit is contained in:
Kevin Froman 2019-12-13 12:24:29 -06:00
parent bb87bc192e
commit 47e69bab99
5 changed files with 107 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/__init__.py
View File

@ -1,12 +1,12 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
''' """
Onionr - Private P2P Communication Onionr - Private P2P Communication
This file initializes Onionr when ran to be a daemon or with commands This file initializes Onionr when ran to be a daemon or with commands
Run with 'help' for usage. Run with 'help' for usage.
''' """
''' """
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
@ -19,7 +19,7 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' """
# Set the user's locale for encoding reasons # Set the user's locale for encoding reasons
import locale # noqa import locale # noqa
@ -37,8 +37,12 @@ except ModuleNotFoundError as e:
print('Onionr needs ' + str(e) + ' installed') print('Onionr needs ' + str(e) + ' installed')
# Onionr imports # Onionr imports
from etc import onionrvalues # For different Onionr related constants such as versions
import onionrsetup as setup # For different Onionr related constants such as versions
from etc import onionrvalues # noqa
import onionrexceptions # noqa
import onionrsetup as setup # noqa
min_ver = onionrvalues.MIN_PY_VERSION min_ver = onionrvalues.MIN_PY_VERSION
@ -51,10 +55,20 @@ if sys.version_info[0] == 2 or sys.version_info[1] < min_ver:
from utils import createdirs from utils import createdirs
createdirs.create_dirs() createdirs.create_dirs()
from onionrcommands import parser import bigbrother # noqa
from onionrplugins import onionrevents as events from onionrcommands import parser # noqa
from onionrplugins import onionrevents as events # noqa
setup.setup_config() setup.setup_config()
import config # noqa
if config.get('advanced.security_auditing', True):
try:
bigbrother.enable_ministries()
except onionrexceptions.PythonVersion:
pass
setup.setup_default_plugins() setup.setup_default_plugins()

43
src/bigbrother/__init__.py Normal file
View File

@ -0,0 +1,43 @@
"""
Onionr - Private P2P Communication
Processes interpreter hook events to detect security leaks
"""
import sys
from typing import Iterable
from onionrexceptions import PythonVersion
from . import ministry
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def _auditing_supported():
try:
sys.audit
sys.addaudithook
except AttributeError:
raise PythonVersion('Auditing not supported interpreter')
def sys_hook_entrypoint(event, info):
if event == 'socket.connect':
ministry.ofcommunication.detect_socket_leaks(info)
def enable_ministries(disable_hooks: Iterable = []):
"""Enable auditors"""
_auditing_supported() # raises PythonVersion exception if <3.8
sys.addaudithook(sys_hook_entrypoint)

1
src/bigbrother/ministry/__init__.py Normal file
View File

@ -0,0 +1 @@
from . import ofcommunication

38
src/bigbrother/ministry/ofcommunication.py Normal file
View File

@ -0,0 +1,38 @@
"""
Onionr - Private P2P Communication
Ensure sockets don't get made to non localhost
"""
import ipaddress
import logger
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def detect_socket_leaks(socket_event):
"""is called by the big brother broker whenever
a socket connection happens.
raises exception & logs if not to loopback
"""
ip_address = socket_event[1][0]
# validate is valid ip address (no hostname, etc)
# raises valueerror if not
ipaddress.ip_address(ip_address)
if not ip_address.startswith('127'):
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
raise ValueError('Conn to non loopback IP, this is a privacy concern!')

3
src/onionrexceptions.py
View File

@ -104,3 +104,6 @@ class MissingAddress(Exception):
class ContactDeleted(Exception): class ContactDeleted(Exception):
pass pass
class PythonVersion(Exception):
pass