diff --git a/content.py b/content.py
index 0782d0ed0..44113ac59 100644
--- a/content.py
+++ b/content.py
@@ -151,7 +151,7 @@ def htmlReplaceQuoteMarks(content: str) -> str:
return newContent
-def dangerousMarkup(content: str) -> bool:
+def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool:
"""Returns true if the given content contains dangerous html markup
"""
if '<' not in content:
@@ -159,7 +159,9 @@ def dangerousMarkup(content: str) -> bool:
if '>' not in content:
return False
contentSections = content.split('<')
- invalidPartials = ('127.0.', '192.168', '10.0.')
+ invalidPartials = ()
+ if not allowLocalNetworkAccess:
+ invalidPartials = ('127.0.', '192.168', '10.0.')
invalidStrings = ('script', 'canvas', 'style', 'abbr',
'frame', 'iframe', 'html', 'body',
'hr')
@@ -181,7 +183,7 @@ def dangerousMarkup(content: str) -> bool:
return False
-def dangerousCSS(filename: str) -> bool:
+def dangerousCSS(filename: str, allowLocalNetworkAccess: bool) -> bool:
"""Returns true is the css file contains code which
can create security problems
"""
@@ -199,7 +201,7 @@ def dangerousCSS(filename: str) -> bool:
# an attacker can include html inside of the css
# file as a comment and this may then be run from the html
- if dangerousMarkup(content):
+ if dangerousMarkup(content, allowLocalNetworkAccess):
return True
return False
diff --git a/daemon.py b/daemon.py
index 4fd08b73c..4c1b79141 100644
--- a/daemon.py
+++ b/daemon.py
@@ -2917,7 +2917,10 @@ class PubServer(BaseHTTPRequestHandler):
if nickname == adminNickname:
if fields.get('editedAbout'):
aboutStr = fields['editedAbout']
- if not dangerousMarkup(aboutStr):
+ allowLocalNetworkAccess = \
+ self.server.allowLocalNetworkAccess
+ if not dangerousMarkup(aboutStr,
+ allowLocalNetworkAccess):
aboutFile = open(aboutFilename, "w+")
if aboutFile:
aboutFile.write(aboutStr)
@@ -2928,7 +2931,10 @@ class PubServer(BaseHTTPRequestHandler):
if fields.get('editedTOS'):
TOSStr = fields['editedTOS']
- if not dangerousMarkup(TOSStr):
+ allowLocalNetworkAccess = \
+ self.server.allowLocalNetworkAccess
+ if not dangerousMarkup(TOSStr,
+ allowLocalNetworkAccess):
TOSFile = open(TOSFilename, "w+")
if TOSFile:
TOSFile.write(TOSStr)
@@ -3655,7 +3661,8 @@ class PubServer(BaseHTTPRequestHandler):
if fields.get('themeDropdown'):
setTheme(baseDir,
fields['themeDropdown'],
- domain)
+ domain.
+ self.server.allowLocalNetworkAccess)
self.server.showPublishAsIcon = \
getConfigParam(self.server.baseDir,
'showPublishAsIcon')
@@ -4014,7 +4021,8 @@ class PubServer(BaseHTTPRequestHandler):
'.etag')
currTheme = getTheme(baseDir)
if currTheme:
- setTheme(baseDir, currTheme, domain)
+ setTheme(baseDir, currTheme, domain,
+ self.server.allowLocalNetworkAccess)
self.server.showPublishAsIcon = \
getConfigParam(self.server.baseDir,
'showPublishAsIcon')
@@ -12374,7 +12382,8 @@ def loadTokens(baseDir: str, tokensDict: {}, tokensLookup: {}) -> None:
tokensLookup[token] = nickname
-def runDaemon(maxFeedItemSizeKb: int,
+def runDaemon(allowLocalNetworkAccess: bool,
+ maxFeedItemSizeKb: int,
publishButtonAtTop: bool,
rssIconAtTop: bool,
iconsAsButtons: bool,
@@ -12439,6 +12448,10 @@ def runDaemon(maxFeedItemSizeKb: int,
return False
httpd.unitTest = unitTest
+ httpd.allowLocalNetworkAccess = allowLocalNetworkAccess
+ if unitTest:
+ # unit tests are run on the local network with LAN addresses
+ httpd.allowLocalNetworkAccess = True
httpd.YTReplacementDomain = YTReplacementDomain
# newswire storing rss feeds
@@ -12702,7 +12715,8 @@ def runDaemon(maxFeedItemSizeKb: int,
httpd.YTReplacementDomain,
httpd.showPublishedDateOnly,
httpd.allowNewsFollowers,
- httpd.maxFollowers), daemon=True)
+ httpd.maxFollowers,
+ httpd.allowLocalNetworkAccess), daemon=True)
print('Creating scheduled post thread')
httpd.thrPostSchedule = \
diff --git a/epicyon.py b/epicyon.py
index 9bc1144e4..edc7fe204 100644
--- a/epicyon.py
+++ b/epicyon.py
@@ -249,6 +249,13 @@ parser.add_argument("--publishButtonAtTop",
const=True, default=False,
help="Whether to show the publish button at the top of " +
"the newswire column")
+parser.add_argument("--allowLocalNetworkAccess",
+ dest='allowLocalNetworkAccess',
+ type=str2bool, nargs='?',
+ const=True, default=False,
+ help="Whether to allow access to local network " +
+ "addresses. This might be useful when deploying in " +
+ "a mesh network")
parser.add_argument("--noapproval", type=str2bool, nargs='?',
const=True, default=False,
help="Allow followers without approval")
@@ -2059,11 +2066,12 @@ if YTDomain:
if '.' in YTDomain:
args.YTReplacementDomain = YTDomain
-if setTheme(baseDir, themeName, domain):
+if setTheme(baseDir, themeName, domain, args.allowLocalNetworkAccess):
print('Theme set to ' + themeName)
if __name__ == "__main__":
- runDaemon(args.maxFeedItemSizeKb,
+ runDaemon(args.allowLocalNetworkAccess,
+ args.maxFeedItemSizeKb,
args.publishButtonAtTop,
args.rssIconAtTop,
args.iconsAsButtons,
diff --git a/inbox.py b/inbox.py
index 42616d809..258e16e19 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1565,7 +1565,8 @@ def estimateNumberOfEmoji(content: str) -> int:
def validPostContent(baseDir: str, nickname: str, domain: str,
- messageJson: {}, maxMentions: int, maxEmoji: int) -> bool:
+ messageJson: {}, maxMentions: int, maxEmoji: int,
+ allowLocalNetworkAccess: bool) -> bool:
"""Is the content of a received post valid?
Check for bad html
Check for hellthreads
@@ -1600,7 +1601,8 @@ def validPostContent(baseDir: str, nickname: str, domain: str,
messageJson['object']['content']):
return True
- if dangerousMarkup(messageJson['object']['content']):
+ if dangerousMarkup(messageJson['object']['content'],
+ allowLocalNetworkAccess):
if messageJson['object'].get('id'):
print('REJECT ARBITRARY HTML: ' + messageJson['object']['id'])
print('REJECT ARBITRARY HTML: bad string in post - ' +
@@ -2030,7 +2032,8 @@ def inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
maxReplies: int, allowDeletion: bool,
maxMentions: int, maxEmoji: int, translate: {},
unitTest: bool, YTReplacementDomain: str,
- showPublishedDateOnly: bool) -> bool:
+ showPublishedDateOnly: bool,
+ allowLocalNetworkAccess: bool) -> bool:
""" Anything which needs to be done after initial checks have passed
"""
actor = keyId
@@ -2155,7 +2158,8 @@ def inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
nickname = handle.split('@')[0]
if validPostContent(baseDir, nickname, domain,
- postJsonObject, maxMentions, maxEmoji):
+ postJsonObject, maxMentions, maxEmoji,
+ allowLocalNetworkAccess):
if postJsonObject.get('object'):
jsonObj = postJsonObject['object']
@@ -2438,7 +2442,7 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
YTReplacementDomain: str,
showPublishedDateOnly: bool,
allowNewsFollowers: bool,
- maxFollowers: int) -> None:
+ maxFollowers: int, allowLocalNetworkAccess: bool) -> None:
"""Processes received items and moves them to the appropriate
directories
"""
@@ -2853,7 +2857,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
maxMentions, maxEmoji,
translate, unitTest,
YTReplacementDomain,
- showPublishedDateOnly)
+ showPublishedDateOnly,
+ allowLocalNetworkAccess)
if debug:
pprint(queueJson['post'])
diff --git a/newsdaemon.py b/newsdaemon.py
index 7b9b43430..899866179 100644
--- a/newsdaemon.py
+++ b/newsdaemon.py
@@ -469,7 +469,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,
personCache: {},
federationList: [],
sendThreads: [], postLog: [],
- maxMirroredArticles: int) -> None:
+ maxMirroredArticles: int,
+ allowLocalNetworkAccess: bool) -> None:
"""Converts rss items in a newswire into posts
"""
if not newswire:
@@ -512,7 +513,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,
rssTitle = removeControlCharacters(item[0])
url = item[1]
- if dangerousMarkup(url) or dangerousMarkup(rssTitle):
+ if dangerousMarkup(url, allowLocalNetworkAccess) or \
+ dangerousMarkup(rssTitle, allowLocalNetworkAccess):
continue
rssDescription = ''
@@ -537,7 +539,8 @@ def convertRSStoActivityPub(baseDir: str, httpPrefix: str,
postUrl += '/index.html'
# add the off-site link to the description
- if rssDescription and not dangerousMarkup(rssDescription):
+ if rssDescription and \
+ not dangerousMarkup(rssDescription, allowLocalNetworkAccess):
rssDescription += \
'
' + \
translate['Read more...'] + ''
@@ -743,7 +746,8 @@ def runNewswireDaemon(baseDir: str, httpd,
httpd.federationList,
httpd.sendThreads,
httpd.postLog,
- httpd.maxMirroredArticles)
+ httpd.maxMirroredArticles,
+ httpd.allowLocalNetworkAccess)
print('Newswire feed converted to ActivityPub')
if httpd.maxNewsPosts > 0:
diff --git a/tests.py b/tests.py
index 893fc036d..c2de44e8c 100644
--- a/tests.py
+++ b/tests.py
@@ -291,8 +291,10 @@ def createServerAlice(path: str, domain: str, port: int,
maxEmoji = 10
onionDomain = None
i2pDomain = None
+ allowLocalNetworkAccess = True
print('Server running: Alice')
- runDaemon(2048, False, True, False, False, True, 10, False,
+ runDaemon(allowLocalNetworkAccess,
+ 2048, False, True, False, False, True, 10, False,
0, 100, 1024, 5, False,
0, False, 1, False, False, False,
5, True, True, 'en', __version__,
@@ -356,8 +358,10 @@ def createServerBob(path: str, domain: str, port: int,
maxEmoji = 10
onionDomain = None
i2pDomain = None
+ allowLocalNetworkAccess = True
print('Server running: Bob')
- runDaemon(2048, False, True, False, False, True, 10, False,
+ runDaemon(allowLocalNetworkAccess,
+ 2048, False, True, False, False, True, 10, False,
0, 100, 1024, 5, False, 0,
False, 1, False, False, False,
5, True, True, 'en', __version__,
@@ -395,8 +399,10 @@ def createServerEve(path: str, domain: str, port: int, federationList: [],
maxEmoji = 10
onionDomain = None
i2pDomain = None
+ allowLocalNetworkAccess = True
print('Server running: Eve')
- runDaemon(2048, False, True, False, False, True, 10, False,
+ runDaemon(allowLocalNetworkAccess,
+ 2048, False, True, False, False, True, 10, False,
0, 100, 1024, 5, False, 0,
False, 1, False, False, False,
5, True, True, 'en', __version__,
@@ -1941,58 +1947,59 @@ def testRemoveHtml():
def testDangerousMarkup():
print('testDangerousMarkup')
+ allowLocalNetworkAccess = False
content = '
This is a valid message
' - assert(not dangerousMarkup(content)) + assert(not dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This is a valid message without markup' - assert(not dangerousMarkup(content)) + assert(not dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This is a valid-looking message. But wait... ' + \ '
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This html contains more than you expected... ' + \ '
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This is a valid-looking message. But wait... ' + \ '
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message embeds an evil frame.' + \ '
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message tries to obfuscate an evil frame.' + \ '< iframe src = "somesite"> iframe >
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message is not necessarily evil, but annoying.' + \ '
This message contans a ' + \ 'valid link.
' - assert(not dangerousMarkup(content)) + assert(not dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message contans a ' + \ '' + \ 'valid link having invalid but harmless name.
' - assert(not dangerousMarkup(content)) + assert(not dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message which ' + \ 'tries to access the local network
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = 'This message which ' + \ 'tries to access the local network
' - assert(dangerousMarkup(content)) + assert(dangerousMarkup(content, allowLocalNetworkAccess)) content = '127.0.0.1 This message which does not access ' + \ 'the local network
' - assert(not dangerousMarkup(content)) + assert(not dangerousMarkup(content, allowLocalNetworkAccess)) def runHtmlReplaceQuoteMarks(): diff --git a/theme.py b/theme.py index b8dc37e8a..eec781465 100644 --- a/theme.py +++ b/theme.py @@ -183,7 +183,8 @@ def setCSSparam(css: str, param: str, value: str) -> str: def setThemeFromDict(baseDir: str, name: str, - themeParams: {}, bgParams: {}) -> None: + themeParams: {}, bgParams: {}, + allowLocalNetworkAccess: bool) -> None: """Uses a dictionary to set a theme """ if name: @@ -198,7 +199,7 @@ def setThemeFromDict(baseDir: str, name: str, # Ensure that any custom CSS is mostly harmless. # If not then just use the defaults - if dangerousCSS(templateFilename) or \ + if dangerousCSS(templateFilename, allowLocalNetworkAccess) or \ not os.path.isfile(templateFilename): # use default css templateFilename = baseDir + '/epicyon-' + filename @@ -355,7 +356,8 @@ def setCustomFont(baseDir: str): def readVariablesFile(baseDir: str, themeName: str, - variablesFile: str) -> None: + variablesFile: str, + allowLocalNetworkAccess: bool) -> None: """Reads variables from a file in the theme directory """ themeParams = loadJson(variablesFile, 0) @@ -367,10 +369,11 @@ def readVariablesFile(baseDir: str, themeName: str, "options": "jpg", "search": "jpg" } - setThemeFromDict(baseDir, themeName, themeParams, bgParams) + setThemeFromDict(baseDir, themeName, themeParams, bgParams, + allowLocalNetworkAccess) -def setThemeDefault(baseDir: str): +def setThemeDefault(baseDir: str, allowLocalNetworkAccess: bool): name = 'default' removeTheme(baseDir) setThemeInConfig(baseDir, name) @@ -390,10 +393,11 @@ def setThemeDefault(baseDir: str): "banner-height-mobile": "10vh", "search-banner-height-mobile": "15vh" } - setThemeFromDict(baseDir, name, themeParams, bgParams) + setThemeFromDict(baseDir, name, themeParams, bgParams, + allowLocalNetworkAccess) -def setThemeHighVis(baseDir: str): +def setThemeHighVis(baseDir: str, allowLocalNetworkAccess: bool): name = 'highvis' themeParams = { "newswire-publish-icon": True, @@ -422,7 +426,8 @@ def setThemeHighVis(baseDir: str): "options": "jpg", "search": "jpg" } - setThemeFromDict(baseDir, name, themeParams, bgParams) + setThemeFromDict(baseDir, name, themeParams, bgParams, + allowLocalNetworkAccess) def setThemeFonts(baseDir: str, themeName: str) -> None: @@ -578,7 +583,8 @@ def setNewsAvatar(baseDir: str, name: str, nickname + '@' + domain + '/avatar.png') -def setTheme(baseDir: str, name: str, domain: str) -> bool: +def setTheme(baseDir: str, name: str, domain: str, + allowLocalNetworkAccess: bool) -> bool: result = False prevThemeName = getTheme(baseDir) @@ -589,7 +595,8 @@ def setTheme(baseDir: str, name: str, domain: str) -> bool: themeNameLower = themeName.lower() if name == themeNameLower: try: - globals()['setTheme' + themeName](baseDir) + globals()['setTheme' + themeName](baseDir, + allowLocalNetworkAccess) except BaseException: pass @@ -608,7 +615,8 @@ def setTheme(baseDir: str, name: str, domain: str) -> bool: variablesFile = baseDir + '/theme/' + name + '/theme.json' if os.path.isfile(variablesFile): - readVariablesFile(baseDir, name, variablesFile) + readVariablesFile(baseDir, name, variablesFile, + allowLocalNetworkAccess) setCustomFont(baseDir)