From c35242be1a03f36178912d4a3d89a0691ff0fed0 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Fri, 26 Jan 2018 03:46:21 -0600 Subject: [PATCH] added id verification --- onionr/core.py | 5 +++++ onionr/onionrutils.py | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/onionr/core.py b/onionr/core.py index 4943b5da..fe1b824c 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -22,6 +22,8 @@ from Crypto.Cipher import AES from Crypto import Random import netcontroller +import onionrutils + if sys.version_info < (3, 6): try: import sha3 @@ -39,6 +41,7 @@ class Core: self.ownPGPID = '' self.blockDB = 'data/blocks.db' self.blockDataLocation = 'data/blocks/' + self._utils = onionrutils.OnionrUtils(self) return @@ -63,6 +66,8 @@ class Core: ''' Add a peer by their ID, with an optional name, to the peer database.''' ''' DOES NO SAFETY CHECKS if the ID is valid, but prepares the insertion. ''' # This function simply adds a peer to the DB + if not self._utils.validateID(peerID): + return False conn = sqlite3.connect(self.peerDB) c = conn.cursor() t = (peerID, name, 'unknown') diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index a1213341..d846a6f9 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -102,3 +102,32 @@ class OnionrUtils: except ValueError: retVal = False return retVal + def validateID(self, id): + '''validate if a user ID is a valid tor or i2p hidden service''' + idLength = len(id) + retVal = True + idNoDomain = '' + #if idLength != 60 and idLength != 22 and idLength != 62: + if idLength == 60: + if not id.endsWith('.b32.i2p'): + retVal = False + else: + idNoDomain = id.split('.b32.i2p')[0] + elif idLength == 22 or idLength == 62: + if not id.endsWith('.onion'): + retVal = False + else: + idNoDomain = id.split('.onion')[0] + else: + retVal = False + if retVal: + if id.endsWith('.onion'): + try: + int(idNoDomain, 16) + except ValueError: + retVal = False + elif id.endsWith('.b32.i2p'): + if not idNoDomain.isalnum(): + retVal = False + return retVal +