Snake case

2021-12-27 21:42:08 +00:00 · 2021-12-27 21:42:08 +00:00 · 88922a9b4f
parent 0efd2c1b78
commit 88922a9b4f
9 changed files with 65 additions and 65 deletions
--- a/content.py
+++ b/content.py
@ -19,7 +19,7 @@ from utils import load_json
 from utils import save_json
 from utils import fileLastModified
 from utils import get_link_prefixes
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import is_pgp_encrypted
 from utils import contains_pgp_public_key
 from utils import acct_dir
@ -209,7 +209,7 @@ def dangerousCSS(filename: str, allow_local_network_access: bool) -> bool:
        # an attacker can include html inside of the css
        # file as a comment and this may then be run from the html
-        if dangerousMarkup(content, allow_local_network_access):
+        if dangerous_markup(content, allow_local_network_access):
            return True
    return False
--- a/daemon.py
+++ b/daemon.py
@ -300,7 +300,7 @@ from utils import url_permitted
 from utils import load_json
 from utils import save_json
 from utils import is_suspended
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import refresh_newswire
 from utils import is_image_file
 from utils import has_group_type
@ -4158,7 +4158,7 @@ class PubServer(BaseHTTPRequestHandler):
            if nickname == adminNickname:
                if fields.get('editedAbout'):
                    aboutStr = fields['editedAbout']
-                    if not dangerousMarkup(aboutStr,
+                    if not dangerous_markup(aboutStr,
                                            allow_local_network_access):
                        try:
                            with open(aboutFilename, 'w+') as aboutFile:
@ -4175,7 +4175,7 @@ class PubServer(BaseHTTPRequestHandler):
                if fields.get('editedTOS'):
                    TOSStr = fields['editedTOS']
-                    if not dangerousMarkup(TOSStr,
+                    if not dangerous_markup(TOSStr,
                                            allow_local_network_access):
                        try:
                            with open(TOSFilename, 'w+') as TOSFile:
--- a/inbox.py
+++ b/inbox.py
@ -88,7 +88,7 @@ from blocking import broch_modeLapses
 from filters import isFiltered
 from utils import update_announce_collection
 from utils import undo_announce_collection_entry
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import is_dm
 from utils import is_reply
 from utils import has_actor
@ -2241,7 +2241,7 @@ def _validPostContent(base_dir: str, nickname: str, domain: str,
        return True
    contentStr = get_base_content_from_post(message_json, system_language)
-    if dangerousMarkup(contentStr, allow_local_network_access):
+    if dangerous_markup(contentStr, allow_local_network_access):
        if message_json['object'].get('id'):
            print('REJECT ARBITRARY HTML: ' + message_json['object']['id'])
        print('REJECT ARBITRARY HTML: bad string in post - ' +
--- a/newsdaemon.py
+++ b/newsdaemon.py
@ -32,7 +32,7 @@ from utils import load_json
 from utils import save_json
 from utils import get_status_number
 from utils import clearFromPostCaches
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import local_actor_url
 from inbox import storeHashTags
 from session import createSession
@ -599,8 +599,8 @@ def _convertRSStoActivityPub(base_dir: str, http_prefix: str,
        rssTitle = _removeControlCharacters(item[0])
        url = item[1]
-        if dangerousMarkup(url, allow_local_network_access) or \
+        if dangerous_markup(url, allow_local_network_access) or \
-           dangerousMarkup(rssTitle, allow_local_network_access):
+           dangerous_markup(rssTitle, allow_local_network_access):
            continue
        rssDescription = ''
--- a/outbox.py
+++ b/outbox.py
@ -23,7 +23,7 @@ from utils import get_local_network_addresses
 from utils import get_full_domain
 from utils import remove_id_ending
 from utils import get_domain_from_actor
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import is_featured_writer
 from utils import load_json
 from utils import save_json
@ -225,7 +225,7 @@ def postMessageToOutbox(session, translate: {},
    if has_object_dict(message_json):
        contentStr = get_base_content_from_post(message_json, system_language)
        if contentStr:
-            if dangerousMarkup(contentStr, allow_local_network_access):
+            if dangerous_markup(contentStr, allow_local_network_access):
                print('POST to outbox contains dangerous markup: ' +
                      str(message_json))
                return False
--- a/posts.py
+++ b/posts.py
@ -66,7 +66,7 @@ from utils import locateNewsVotes
 from utils import locateNewsArrival
 from utils import votesOnNewswireItem
 from utils import remove_html
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import acct_dir
 from utils import local_actor_url
 from media import attachMedia
@ -414,7 +414,7 @@ def getPersonBox(signing_priv_key_pem: str, originDomain: str,
    displayName = None
    if personJson.get('name'):
        displayName = personJson['name']
-        if dangerousMarkup(personJson['name'], False):
+        if dangerous_markup(personJson['name'], False):
            displayName = '*ADVERSARY*'
        elif isFiltered(base_dir,
                        nickname, domain,
@ -4674,7 +4674,7 @@ def downloadAnnounce(session, base_dir: str, http_prefix: str,
            return None
        # Check the content of the announce
        contentStr = announcedJson['content']
-        if dangerousMarkup(contentStr, allow_local_network_access):
+        if dangerous_markup(contentStr, allow_local_network_access):
            _rejectAnnounce(announceFilename,
                            base_dir, nickname, domain, post_id,
                            recent_posts_cache)
--- a/tests.py
+++ b/tests.py
@ -83,7 +83,7 @@ from utils import save_json
 from utils import get_status_number
 from utils import get_followers_of_person
 from utils import remove_html
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import acct_dir
 from pgp import extractPGPPublicKey
 from pgp import pgpPublicKeyUpload
@ -3714,62 +3714,62 @@ def _testDangerousMarkup():
    print('testDangerousMarkup')
    allow_local_network_access = False
    content = '<p>This is a valid message</p>'
-    assert(not dangerousMarkup(content, allow_local_network_access))
+    assert(not dangerous_markup(content, allow_local_network_access))
    content = 'This is a valid message without markup'
-    assert(not dangerousMarkup(content, allow_local_network_access))
+    assert(not dangerous_markup(content, allow_local_network_access))
    content = '<p>This is a valid-looking message. But wait... ' + \
        '<script>document.getElementById("concentrated")' + \
        '.innerHTML = "evil";</script></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This is a valid-looking message. But wait... ' + \
        '&lt;script&gt;document.getElementById("concentrated")' + \
        '.innerHTML = "evil";&lt;/script&gt;</p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This html contains more than you expected... ' + \
        '<script language="javascript">document.getElementById("abc")' + \
        '.innerHTML = "def";</script></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This is a valid-looking message. But wait... ' + \
        '<script src="https://evilsite/payload.js" /></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This message embeds an evil frame.' + \
        '<iframe src="somesite"></iframe></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This message tries to obfuscate an evil frame.' + \
        '<  iframe     src = "somesite"></    iframe  ></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This message is not necessarily evil, but annoying.' + \
        '<hr><br><br><br><br><br><br><br><hr><hr></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This message contans a ' + \
        '<a href="https://validsite/index.html">valid link.</a></p>'
-    assert(not dangerousMarkup(content, allow_local_network_access))
+    assert(not dangerous_markup(content, allow_local_network_access))
    content = '<p>This message contans a ' + \
        '<a href="https://validsite/iframe.html">' + \
        'valid link having invalid but harmless name.</a></p>'
-    assert(not dangerousMarkup(content, allow_local_network_access))
+    assert(not dangerous_markup(content, allow_local_network_access))
    content = '<p>This message which <a href="127.0.0.1:8736">' + \
        'tries to access the local network</a></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>This message which <a href="http://192.168.5.10:7235">' + \
        'tries to access the local network</a></p>'
-    assert(dangerousMarkup(content, allow_local_network_access))
+    assert(dangerous_markup(content, allow_local_network_access))
    content = '<p>127.0.0.1 This message which does not access ' + \
        'the local network</a></p>'
-    assert(not dangerousMarkup(content, allow_local_network_access))
+    assert(not dangerous_markup(content, allow_local_network_access))
 def _runHtmlReplaceQuoteMarks():
--- a/utils.py
+++ b/utils.py
@ -840,61 +840,61 @@ def get_local_network_addresses() -> []:
    return ('localhost', '127.0.', '192.168', '10.0.')
-def is_local_network_address(ipAddress: str) -> bool:
+def is_local_network_address(ip_address: str) -> bool:
    """Is the given ip address local?
    """
-    """
+    local_ips = get_local_network_addresses()
-    localIPs = get_local_network_addresses()
+    for ip_addr in local_ips:
-    for ipAddr in localIPs:
+        if ip_address.startswith(ip_addr):
        if ipAddress.startswith(ipAddr):
            return True
    return False
-def _isDangerousString(content: str, allow_local_network_access: bool,
+def _is_dangerous_string(content: str, allow_local_network_access: bool,
-                       separators: [], invalidStrings: []) -> bool:
+                         separators: [], invalid_strings: []) -> bool:
    """Returns true if the given string is dangerous
    """
-    for separatorStyle in separators:
+    for separator_style in separators:
-        startChar = separatorStyle[0]
+        start_char = separator_style[0]
-        endChar = separatorStyle[1]
+        end_char = separator_style[1]
-        if startChar not in content:
+        if start_char not in content:
            continue
-        if endChar not in content:
+        if end_char not in content:
            continue
-        contentSections = content.split(startChar)
+        content_sections = content.split(start_char)
-        invalidPartials = ()
+        invalid_partials = ()
        if not allow_local_network_access:
-            invalidPartials = get_local_network_addresses()
+            invalid_partials = get_local_network_addresses()
-        for markup in contentSections:
+        for markup in content_sections:
-            if endChar not in markup:
+            if end_char not in markup:
                continue
-            markup = markup.split(endChar)[0].strip()
+            markup = markup.split(end_char)[0].strip()
-            for partialMatch in invalidPartials:
+            for partial_match in invalid_partials:
-                if partialMatch in markup:
+                if partial_match in markup:
                    return True
            if ' ' not in markup:
-                for badStr in invalidStrings:
+                for bad_str in invalid_strings:
-                    if badStr in markup:
+                    if bad_str in markup:
                        return True
            else:
-                for badStr in invalidStrings:
+                for bad_str in invalid_strings:
-                    if badStr + ' ' in markup:
+                    if bad_str + ' ' in markup:
                        return True
    return False
-def dangerousMarkup(content: str, allow_local_network_access: bool) -> bool:
+def dangerous_markup(content: str, allow_local_network_access: bool) -> bool:
    """Returns true if the given content contains dangerous html markup
    """
    separators = [['<', '>'], ['&lt;', '&gt;']]
-    invalidStrings = [
+    invalid_strings = [
        'script', 'noscript', 'code', 'pre',
        'canvas', 'style', 'abbr',
        'frame', 'iframe', 'html', 'body',
        'hr', 'allow-popups', 'allow-scripts'
    ]
-    return _isDangerousString(content, allow_local_network_access,
+    return _is_dangerous_string(content, allow_local_network_access,
-                              separators, invalidStrings)
+                                separators, invalid_strings)
 def dangerousSVG(content: str, allow_local_network_access: bool) -> bool:
@ -904,7 +904,7 @@ def dangerousSVG(content: str, allow_local_network_access: bool) -> bool:
    invalidStrings = [
        'script'
    ]
-    return _isDangerousString(content, allow_local_network_access,
+    return _is_dangerous_string(content, allow_local_network_access,
                                separators, invalidStrings)
@ -929,7 +929,7 @@ def getDisplayName(base_dir: str, actor: str, person_cache: {}) -> str:
                if actor_json.get('name'):
                    nameFound = actor_json['name']
    if nameFound:
-        if dangerousMarkup(nameFound, False):
+        if dangerous_markup(nameFound, False):
            nameFound = "*ADVERSARY*"
    return nameFound
--- a/webapp_timeline.py
+++ b/webapp_timeline.py
@ -11,7 +11,7 @@ import os
 import time
 from shutil import copyfile
 from utils import is_artist
-from utils import dangerousMarkup
+from utils import dangerous_markup
 from utils import get_config_param
 from utils import get_full_domain
 from utils import is_editor
@ -88,7 +88,7 @@ def _getHelpForTimeline(base_dir: str, boxName: str) -> str:
            instanceTitle = 'Epicyon'
        with open(helpFilename, 'r') as helpFile:
            helpText = helpFile.read()
-            if dangerousMarkup(helpText, False):
+            if dangerous_markup(helpText, False):
                return ''
            helpText = helpText.replace('INSTANCE', instanceTitle)
            return '<div class="container">\n' + \