better address validation and removed dependency

This commit is contained in:
Kevin Froman 2018-11-04 17:01:58 -06:00
parent 293b36e3ad
commit 6f72e8c06c
4 changed files with 12 additions and 7 deletions

View File

@ -32,7 +32,8 @@ class OnionrBlackList:
retData = False retData = False
if not hashed.isalnum(): if not hashed.isalnum():
raise Exception("Hashed data is not alpha numeric") raise Exception("Hashed data is not alpha numeric")
if len(hashed) > 64:
raise Exception("Hashed data is too large")
for i in self._dbExecute("select * from blacklist where hash='%s'" % (hashed,)): for i in self._dbExecute("select * from blacklist where hash='%s'" % (hashed,)):
retData = True # this only executes if an entry is present by that hash retData = True # this only executes if an entry is present by that hash
break break
@ -95,9 +96,8 @@ class OnionrBlackList:
''' '''
# we hash the data so we can remove data entirely from our node's disk # we hash the data so we can remove data entirely from our node's disk
hashed = self._core._utils.bytesToStr(self._core._crypto.sha3Hash(data)) hashed = self._core._utils.bytesToStr(self._core._crypto.sha3Hash(data))
if len(hashed) > 64:
if self.inBlacklist(hashed): raise Exception("Hashed data is too large")
return
if not hashed.isalnum(): if not hashed.isalnum():
raise Exception("Hashed data is not alpha numeric") raise Exception("Hashed data is not alpha numeric")
@ -109,7 +109,8 @@ class OnionrBlackList:
int(expire) int(expire)
except ValueError: except ValueError:
raise Exception("expire is not int") raise Exception("expire is not int")
#TODO check for length sanity if self.inBlacklist(hashed):
return
insert = (hashed,) insert = (hashed,)
blacklistDate = self._core._utils.getEpoch() blacklistDate = self._core._utils.getEpoch()
self._dbExecute("insert into blacklist (hash, dataType, blacklistDate, expire) VALUES('%s', %s, %s, %s);" % (hashed, dataType, blacklistDate, expire)) self._dbExecute("insert into blacklist (hash, dataType, blacklistDate, expire) VALUES('%s', %s, %s, %s);" % (hashed, dataType, blacklistDate, expire))

View File

@ -483,6 +483,12 @@ class OnionrUtils:
retVal = False retVal = False
if not idNoDomain.isalnum(): if not idNoDomain.isalnum():
retVal = False retVal = False
# Validate address is valid base32 (when capitalized and minus extension); v2/v3 onions and .b32.i2p use base32
try:
base64.b32decode(idNoDomain.upper().encode())
except binascii.Error:
retVal = False
return retVal return retVal
except: except:

View File

@ -60,7 +60,6 @@ class MailStrings:
class OnionrMail: class OnionrMail:
def __init__(self, pluginapi): def __init__(self, pluginapi):
self.myCore = pluginapi.get_core() self.myCore = pluginapi.get_core()
#self.dataFolder = pluginapi.get_data_folder()
self.strings = MailStrings(self) self.strings = MailStrings(self)
self.sentboxTools = sentboxdb.SentBox(self.myCore) self.sentboxTools = sentboxdb.SentBox(self.myCore)

View File

@ -7,4 +7,3 @@ defusedxml==0.5.0
Flask==1.0.2 Flask==1.0.2
PySocks==1.6.8 PySocks==1.6.8
stem==1.6.0 stem==1.6.0
ntfy==2.6.0