indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for contradicting browsers within user agent

main
bashrc 2026-04-07 16:13:20 +01:00
parent 9e52c7e438
commit 339e466838
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
daemon_get.py
View File

@ -96,6 +96,7 @@ from flags import is_artist
from flags import is_blog_post from flags import is_blog_post
from timeFunctions import date_utcnow from timeFunctions import date_utcnow
from timeFunctions import get_current_time_int from timeFunctions import get_current_time_int
from utils import check_mixed_user_agent
from utils import string_starts_with from utils import string_starts_with
from utils import is_yggdrasil_address from utils import is_yggdrasil_address
from utils import replace_strings from utils import replace_strings
@ -382,6 +383,12 @@ def daemon_http_get(self) -> None:
ua_str = get_user_agent(self) ua_str = get_user_agent(self)
# contradictory browsers within the user agent indicate
# malevolent intent
if check_mixed_user_agent(ua_str):
http_400(self)
return
if ua_str: if ua_str:
if 'Epicyon/' in ua_str: if 'Epicyon/' in ua_str:
log_epicyon_instances(self.server.base_dir, ua_str, log_epicyon_instances(self.server.base_dir, ua_str,

7
daemon_post.py
View File

@ -12,6 +12,7 @@ import errno
import json import json
from socket import error as SocketError from socket import error as SocketError
from flags import is_corporate from flags import is_corporate
from utils import check_mixed_user_agent
from utils import string_starts_with from utils import string_starts_with
from utils import is_yggdrasil_address from utils import is_yggdrasil_address
from utils import replace_strings from utils import replace_strings
@ -282,6 +283,12 @@ def daemon_http_post(self) -> None:
ua_str = get_user_agent(self) ua_str = get_user_agent(self)
# contradictory browsers within the user agent indicate
# malevolent intent
if check_mixed_user_agent(ua_str):
http_400(self)
return
if ua_str: if ua_str:
if 'Epicyon/' in ua_str: if 'Epicyon/' in ua_str:
log_epicyon_instances(self.server.base_dir, ua_str, log_epicyon_instances(self.server.base_dir, ua_str,

16
utils.py
View File

@ -4104,6 +4104,22 @@ def get_instance_url(calling_domain: str,
return instance_url return instance_url
def check_mixed_user_agent(ua_str: str):
"""Check if there are contradicting browsers within the user agent
"""
if not ua_str:
return False
client_user_agents = ('Mozilla', 'Chrome', 'Safari')
matching_agents = []
for client_ua in client_user_agents:
if client_ua in ua_str:
matching_agents.append(client_ua)
if len(matching_agents) > 1:
return True
return False
def check_bad_path(path: str): def check_bad_path(path: str):
"""for http GET or POST check that the path looks valid """for http GET or POST check that the path looks valid
""" """