indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for invalid characters

merge-requests/30/head
Bob Mottram 2020-10-15 09:59:08 +01:00
parent d0d3d85108
commit 511f5cf192
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemon.py
View File

@ -164,6 +164,7 @@ from shares import getSharesFeedForPerson
from shares import addShare from shares import addShare
from shares import removeShare from shares import removeShare
from shares import expireShares from shares import expireShares
from utils import containsInvalidChars
from utils import isSystemAccount from utils import isSystemAccount
from utils import setConfigParam from utils import setConfigParam
from utils import getConfigParam from utils import getConfigParam
@ -11759,6 +11760,11 @@ class PubServer(BaseHTTPRequestHandler):
self.server.POSTbusy = False self.server.POSTbusy = False
return return
if containsInvalidChars(messageBytes.decode("utf-8")):
self._400()
self.server.POSTbusy = False
return
# convert the raw bytes to json # convert the raw bytes to json
messageJson = json.loads(messageBytes) messageJson = json.loads(messageBytes)

13
utils.py
View File

@ -273,6 +273,19 @@ def isEvil(domain: str) -> bool:
return False return False
def containsInvalidChars(jsonStr: str) -> bool:
"""Does the given json string contain invalid characters?
e.g. dubious clacks/admin dogwhistles
"""
invalidStrings = {
'', '', '', '', '', ''
}
for isInvalid in invalidStrings:
if isInvalid in jsonStr:
return True
return False
def createPersonDir(nickname: str, domain: str, baseDir: str, def createPersonDir(nickname: str, domain: str, baseDir: str,
dirname: str) -> str: dirname: str) -> str:
"""Create a directory for a person """Create a directory for a person