handle invalid input when adding peer better

2020-10-15 22:02:51 +00:00 · 2020-10-15 22:02:51 +00:00 · cf669024bf
commit cf669024bf
parent a9096dc048
3 changed files with 45 additions and 25 deletions
--- a/src/coredb/keydb/addkeys.py
+++ b/src/coredb/keydb/addkeys.py
@ -1,9 +1,15 @@
-'''
-    Onionr - Private P2P Communication
+"""Onionr - Private P2P Communication.

-    add user keys or transport addresses
-'''
-'''
+add user keys or transport addresses
+"""
+import sqlite3
+from onionrutils import stringvalidators
+from . import listkeys
+from utils import gettransports
+from .. import dbfiles
+import onionrcrypto
+from etc import onionrvalues
+"""
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
@ -16,20 +22,11 @@

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-'''
-import sqlite3
-from onionrplugins import onionrevents as events
-from onionrutils import stringvalidators
-from . import listkeys
-from utils import gettransports
-from .. import dbfiles
-import onionrcrypto
-from etc import onionrvalues
+"""
+

 def add_peer(peerID, name=''):
-    '''
-        Adds a public key to the key database (misleading function name)
-    '''
+    """Add a public key to the key database (misleading function name)."""
    if peerID in listkeys.list_peers() or peerID == onionrcrypto.pub_key:
        raise ValueError("specified id is already known")

@ -37,8 +34,6 @@ def add_peer(peerID, name=''):
    if not stringvalidators.validate_pub_key(peerID):
        return False

-    #events.event('pubkey_add', data = {'key': peerID}, onionr = core_inst.onionrInst)
-
    conn = sqlite3.connect(dbfiles.user_id_info_db, timeout=onionrvalues.DATABASE_LOCK_TIMEOUT)
    hashID = ""
    c = conn.cursor()
@ -60,9 +55,9 @@ def add_peer(peerID, name=''):
    return True

 def add_address(address):
-    '''
+    """
        Add an address to the address database (only tor currently)
-    '''
+    """

    if type(address) is None or len(address) == 0:
        return False
@ -89,8 +84,6 @@ def add_address(address):
        conn.commit()
        conn.close()

-        #events.event('address_add', data = {'address': address}, onionr = core_inst.onionrInst)
-
        return True
    else:
        return False
--- a/src/httpapi/miscclientapi/addpeer.py
+++ b/src/httpapi/miscclientapi/addpeer.py
@ -1,11 +1,27 @@
+"""Onionr - Private P2P Communication.
+
+add a transport address to the db
+"""
 from onionrutils.stringvalidators import validate_transport
 from coredb.keydb.addkeys import add_address
 from coredb.keydb.listkeys import list_adders
+"""
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.

+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+"""

 def add_peer(peer):
-    # this is ok for security since add_address does this manually
-    assert validate_transport(peer)
+
    if peer in list_adders():
        return "already added"
    if add_address(peer):
--- a/static-data/www/shared/sidebar/sidebar.js
+++ b/static-data/www/shared/sidebar/sidebar.js
@ -13,11 +13,22 @@ fetch('/shared/sidebar/sidebar.html', {
 function sidebarAddPeerRegister(){
    document.getElementById('addPeerBtn').onclick = function(){
        let newPeer = document.getElementById('addPeerInput').value
+
+        if (! newPeer.includes(".")){
+            PNotify.error({text: "Invalid peer address"})
+            return
+        }
        fetch('/addpeer/' + newPeer, {
            method: 'POST',
            headers: {
            "token": webpass
            }})
+        .then(function(resp){
+            if (! resp.ok){
+                PNotify.error({text: "Could not add peer. Is your input valid?"})
+                throw new Error("Could not add peer " + newPeer)
+            }
+        })
        .then((resp) => resp.text())
        .then(function(data) {
            if (data == "success"){