indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for people posting their private keys, presumably by accident

merge-requests/30/head
Bob Mottram 2024-02-17 13:48:40 +00:00
parent 7334370acd
commit 58fe90f823
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inbox.py
View File

@ -40,6 +40,7 @@ from utils import domain_permitted
from utils import is_group_account from utils import is_group_account
from utils import is_system_account from utils import is_system_account
from utils import invalid_ciphertext from utils import invalid_ciphertext
from utils import contains_private_key
from utils import remove_html from utils import remove_html
from utils import file_last_modified from utils import file_last_modified
from utils import has_object_string from utils import has_object_string
@ -1555,6 +1556,11 @@ def _valid_post_content(base_dir: str, nickname: str, domain: str,
print('REJECT: reply to post which does not ' + print('REJECT: reply to post which does not ' +
'allow comments: ' + original_post_id) 'allow comments: ' + original_post_id)
return False return False
if contains_private_key(message_json['object']['content']):
print('REJECT: someone posted their private key ' +
message_json['object']['id'] + ' ' +
message_json['object']['content'])
return False
if invalid_ciphertext(message_json['object']['content']): if invalid_ciphertext(message_json['object']['content']):
print('REJECT: malformed ciphertext in content ' + print('REJECT: malformed ciphertext in content ' +
message_json['object']['id'] + ' ' + message_json['object']['id'] + ' ' +

8
posts.py
View File

@ -34,6 +34,7 @@ from webfinger import webfinger_handle
from httpsig import create_signed_header from httpsig import create_signed_header
from siteactive import site_is_active from siteactive import site_is_active
from languages import understood_post_language from languages import understood_post_language
from utils import contains_private_key
from utils import get_url_from_post from utils import get_url_from_post
from utils import date_from_string_format from utils import date_from_string_format
from utils import date_epoch from utils import date_epoch
@ -6049,6 +6050,13 @@ def download_announce(session, base_dir: str, http_prefix: str,
base_dir, nickname, domain, post_id, base_dir, nickname, domain, post_id,
recent_posts_cache) recent_posts_cache)
return None return None
if contains_private_key(content_str):
print("WARN: announced post contains someone's private key " +
str(announced_json))
_reject_announce(announce_filename,
base_dir, nickname, domain, post_id,
recent_posts_cache)
return None
if invalid_ciphertext(content_str): if invalid_ciphertext(content_str):
print('WARN: announced post contains invalid ciphertext ' + print('WARN: announced post contains invalid ciphertext ' +
str(announced_json)) str(announced_json))

12
utils.py
View File

@ -3664,6 +3664,18 @@ def contains_pgp_public_key(content: str) -> bool:
return False return False
def contains_private_key(content: str) -> bool:
"""Returns true if the given content contains a PGP private key
"""
if '--BEGIN PGP PRIVATE KEY BLOCK--' in content:
if '--END PGP PRIVATE KEY BLOCK--' in content:
return True
if '--BEGIN RSA PRIVATE KEY--' in content:
if '--END RSA PRIVATE KEY--' in content:
return True
return False
def is_pgp_encrypted(content: str) -> bool: def is_pgp_encrypted(content: str) -> bool:
"""Returns true if the given content is PGP encrypted """Returns true if the given content is PGP encrypted
""" """