From 39c798c1577063054fc192b613d3c031da189b54 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 19 May 2021 11:35:50 +0100 Subject: [PATCH 1/3] City sizes --- locations.txt | 160 +++++++++++++++++++++++--------------------------- 1 file changed, 72 insertions(+), 88 deletions(-) diff --git a/locations.txt b/locations.txt index 9711a2430..d53db9e53 100644 --- a/locations.txt +++ b/locations.txt @@ -3923,92 +3923,76 @@ PAYA LEBAR, SINGAPORE:1.36028:103.909 TENGAH, SINGAPORE:1.38722:103.709 SINGAPORE, SINGAPORE:1.41694:103.867 SINGAPORE, SINGAPORE:1.35556:103.987 -BRISBANE, AUSTRALIA:-27.5703:153.008 -AMBERLEY, AUSTRALIA:-10.9508:142.459 -ALICE SPRINGS, AUSTRALIA:-23.8069:133.902 -BRISBANE, AUSTRALIA:-27.3842:153.118 -COOLANGATTA, AUSTRALIA:-28.1644:153.505 -CAIRNS, AUSTRALIA:-16.8858:145.755 -CHARLIEVILLE, AUSTRALIA:-26.4133:146.262 -MOUNT ISA, AUSTRALIA:-20.6639:139.489 -MAROOCHYDORE, AUSTRALIA:-26.6033:153.091 -MACKAY, AUSTRALIA:-21.1717:149.18 -OAKEY, AUSTRALIA:-27.4114:151.735 -PROSSERPINE, AUSTRALIA:-20.495:148.552 -ROCKHAMPTON, AUSTRALIA:-23.3819:150.475 -TOWNSVILLE, AUSTRALIA:-19.2525:146.765 -WEIPA, AUSTRALIA:-12.6786:141.925 -AVALON, AUSTRALIA:-38.0394:144.469 -ALBURY, AUSTRALIA:-36.0678:146.958 -MELBOURNE, AUSTRALIA:-37.7281:144.902 -EAST SALE, AUSTRALIA:-38.0989:147.149 -HOBART, AUSTRALIA:-42.8361:147.51 -LAUNCESTON, AUSTRALIA:-41.5453:147.214 -MELBOURNE, AUSTRALIA:-37.9758:145.102 -MELBOURNE, AUSTRALIA:-37.6733:144.843 -POINT COOK, AUSTRALIA:-37.9322:144.753 -ADELAIDE, AUSTRALIA:-34.945:138.531 -ARGYLE, AUSTRALIA:-32.5069:137.717 -EDINBURGH, AUSTRALIA:-34.7025:138.621 -PERTH, AUSTRALIA:-32.0972:115.881 -KARRATHA, AUSTRALIA:-20.7122:116.773 -KALGOORLIE, AUSTRALIA:-30.7894:121.462 -KUNUNURRA, AUSTRALIA:-15.7781:128.707 -LEARMONTH, AUSTRALIA:-22.2356:114.089 -PORT HEDLAND, AUSTRALIA:-20.3778:118.626 -ADELAIDE, AUSTRALIA:-34.7933:138.633 -PERTH, AUSTRALIA:-31.9403:115.967 -WOOMERA, AUSTRALIA:-31.1442:136.817 -CHRISTMAS ISLAND, CHRISTMAS ISLAND:-10.4506:105.69 -SYDNEY, AUSTRALIA:-33.9244:150.988 -CANBERRA, AUSTRALIA:-35.3083:149.194 -COFF'S HARBOUR, AUSTRALIA:-30.3206:153.116 -CAMDEN, AUSTRALIA:-34.0403:150.687 -DUBBO, AUSTRALIA:-32.2167:148.575 -NORFOLK ISLAND, AUSTRALIA:-29.0414:167.939 -RICHMOND, AUSTRALIA:-33.6006:150.781 -SYDNEY, AUSTRALIA:-33.9461:151.177 -TAMWORTH, AUSTRALIA:-31.0839:150.847 -WAGGA WAGGA, AUSTRALIA:-35.1653:147.466 -BEIJING, CHINA:40.08:116.584 -HUHHOT, CHINA:40.8533:111.822 -HAILAR, CHINA:49.205:119.825 -SHIJIAZHUANG, CHINA:38.2806:114.696 -TIANJIN, CHINA:39.1239:117.346 -TAIYUAN, CHINA:37.7467:112.629 -GUANGZHOU, CHINA:23.1842:113.266 -CHANGCHA, CHINA:28.1889:113.219 -GUILIN, CHINA:25.2178:110.039 -NANNING, CHINA:22.6081:108.172 -SHANTOU, CHINA:23.4:116.683 -SHENZHEN, CHINA:22.6394:113.812 -ZHENGZHOU, CHINA:34.5194:113.841 -WUHAN, CHINA:30.7836:114.208 -TICHANG, CHINA:30.5522:111.469 -PYONGYANG, KOREA:39.0333:125.783 -LANZHOU, CHINA:36.5167:103.622 -XI'AN, CHINA:34.4458:108.752 +BRISBANE, AUSTRALIA:-27.467778:153.028056:1000 +AMBERLEY, AUSTRALIA:-10.9508:142.459:26 +ALICE SPRINGS, AUSTRALIA:-23.8069:133.902:148 +COOLANGATTA, AUSTRALIA:-28.1644:153.505:2 +CAIRNS, AUSTRALIA:-16.8858:145.755:1687 +CHARLIEVILLE, AUSTRALIA:-26.4133:146.262:687 +MOUNT ISA, AUSTRALIA:-20.6639:139.489:62 +MAROOCHYDORE, AUSTRALIA:-26.6033:153.091:55 +MACKAY, AUSTRALIA:-21.1717:149.18:208 +OAKEY, AUSTRALIA:-27.4114:151.735:127 +PROSSERPINE, AUSTRALIA:-20.495:148.552:25 +ROCKHAMPTON, AUSTRALIA:-23.3819:150.475:580 +TOWNSVILLE, AUSTRALIA:-19.2525:146.765:693 +WEIPA, AUSTRALIA:-12.6786:141.925:10 +ALBURY, AUSTRALIA:-36.0678:146.958:64 +MELBOURNE, AUSTRALIA:-37.7682:145.0622:15 +HOBART, AUSTRALIA:-42.8361:147.51:1696 +LAUNCESTON, AUSTRALIA:-41.5453:147.214:435 +POINT COOK, AUSTRALIA:-37.9322:144.753:9 +ADELAIDE, AUSTRALIA:-34.9213:138.6186:500 +EDINBURGH, AUSTRALIA:-34.7025:138.621:18 +PERTH, AUSTRALIA:-32.0972:115.881:1000 +KARRATHA, AUSTRALIA:-20.7122:116.773:10 +KALGOORLIE, AUSTRALIA:-30.7894:121.462:75 +KUNUNURRA, AUSTRALIA:-15.7781:128.707:1 +SYDNEY, AUSTRALIA:-33.9244:150.988:1000 +CANBERRA, AUSTRALIA:-35.3083:149.194:814 +COFF'S HARBOUR, AUSTRALIA:-30.3206:153.116:505 +CAMDEN, AUSTRALIA:-34.0403:150.687:201 +DUBBO, AUSTRALIA:-32.2167:148.575:182 +RICHMOND, AUSTRALIA:-33.6006:150.781:3 +TAMWORTH, AUSTRALIA:-31.0839:150.847:240 +WAGGA WAGGA, AUSTRALIA:-35.1653:147.466:2 +BEIJING, CHINA:40.08:116.584:16808 +HUHHOT, CHINA:40.8533:111.822:17186 +HAILAR, CHINA:49.205:119.825:1320 +SHIJIAZHUANG, CHINA:38.2806:114.696:15849 +TIANJIN, CHINA:39.1239:117.346:11760 +TAIYUAN, CHINA:37.7467:112.629:6956 +GUANGZHOU, CHINA:23.1842:113.266:7434 +CHANGCHA, CHINA:28.1889:113.219:11819 +GUILIN, CHINA:25.2178:110.039:27809 +NANNING, CHINA:22.6081:108.172:22189 +SHANTOU, CHINA:23.4:116.683:2248 +SHENZHEN, CHINA:22.6394:113.812:2050 +ZHENGZHOU, CHINA:34.5194:113.841:7507 +WUHAN, CHINA:30.7836:114.208:8494 +TICHANG, CHINA:30.5522:111.469:21338 +PYONGYANG, KOREA:39.0333:125.783:2000 +LANZHOU, CHINA:36.5167:103.622:13087 +XI'AN, CHINA:34.4458:108.752:10000 ULAN BATOR, MONGOLIA:47.8431:106.766 -JINGHONGGASA, CHINA:21.975:100.76 -KUNMING, CHINA:24.9922:102.743 -XIAMEN, CHINA:24.5439:118.127 -NANCHANG, CHINA:28.6:115.917 -FUZHOU, CHINA:25.9333:119.662 -HANGZHOU, CHINA:30.2283:120.432 -NINBO, CHINA:29.8247:121.465 -NANJING, CHINA:31.74:118.86 -HEFEI, CHINA:31.78:117.298 -QINGDAO, CHINA:36.2625:120.375 -SHANGHAI, CHINA:31.1978:121.336 -YANTAI, CHINA:37.4017:121.372 -CHONGQING, CHINA:29.7189:106.641 -CHENGDU, CHINA:30.5783:103.947 -XICHANG, CHINA:27.9886:102.184 -KASHI, CHINA:39.5433:76.0217 -HOTAN, CHINA:37.0378:79.8658 -URUMQI, CHINA:43.9069:87.4742 -HARBIN, CHINA:45.6233:126.25 -JIAMUSI, CHINA:46.8433:130.465 -MUDANJIANG, CHINA:44.5239:129.569 -DALIAN, CHINA:38.9656:121.538 -YANJI, CHINA:42.8817:129.448 +KUNMING, CHINA:24.9922:102.743:21507 +XIAMEN, CHINA:24.5439:118.127:1701 +NANCHANG, CHINA:28.6:115.917:7194 +FUZHOU, CHINA:25.9333:119.662:12232 +HANGZHOU, CHINA:30.2283:120.432:8000 +NINBO, CHINA:29.8247:121.465:9816 +NANJING, CHINA:31.74:118.86:6596 +HEFEI, CHINA:31.78:117.298:11434 +QINGDAO, CHINA:36.2625:120.375:1632 +SHANGHAI, CHINA:31.1978:121.336:6340 +YANTAI, CHINA:37.4017:121.372:13740 +CHENGDU, CHINA:30.5783:103.947:14378 +XICHANG, CHINA:27.9886:102.184:2655 +KASHI, CHINA:39.5433:76.0217:1057 +HOTAN, CHINA:37.0378:79.8658:465 +URUMQI, CHINA:43.9069:87.4742:14577 +HARBIN, CHINA:45.6233:126.25:53068 +JIAMUSI, CHINA:46.8433:130.465:882 +MUDANJIANG, CHINA:44.5239:129.569:2495 +DALIAN, CHINA:38.9656:121.538:13237 +YANJI, CHINA:42.8817:129.448:1748 From fd300836968409f32862e616ed6c7940f95645d6 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 19 May 2021 12:29:37 +0100 Subject: [PATCH 2/3] Detect encoded script markup --- tests.py | 7 +++++-- utils.py | 52 ++++++++++++++++++++++++++++------------------------ 2 files changed, 33 insertions(+), 26 deletions(-) diff --git a/tests.py b/tests.py index 5a267029c..22d29ebb7 100644 --- a/tests.py +++ b/tests.py @@ -2268,6 +2268,11 @@ def testDangerousMarkup(): '.innerHTML = "evil";

' assert(dangerousMarkup(content, allowLocalNetworkAccess)) + content = '

This is a valid-looking message. But wait... ' + \ + '<script>document.getElementById("concentrated")' + \ + '.innerHTML = "evil";</script>

' + assert(dangerousMarkup(content, allowLocalNetworkAccess)) + content = '

This html contains more than you expected... ' + \ '

' @@ -3646,8 +3651,6 @@ def testSpoofGeolocation() -> None: "%Y-%m-%d %H:%M") coords = spoofGeolocation('', 'new york, usa', currTime, decoySeed, citiesList) - #coords = spoofGeolocation('', 'berlin, germany', currTime, - # decoySeed, citiesList) longitude = coords[1] if coords[3] == 'W': longitude = -coords[1] diff --git a/utils.py b/utils.py index 0a54a3148..e7e1382d3 100644 --- a/utils.py +++ b/utils.py @@ -663,32 +663,36 @@ def getLocalNetworkAddresses() -> []: def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool: """Returns true if the given content contains dangerous html markup """ - if '<' not in content: - return False - if '>' not in content: - return False - contentSections = content.split('<') - invalidPartials = () - if not allowLocalNetworkAccess: - invalidPartials = getLocalNetworkAddresses() - invalidStrings = ('script', 'canvas', 'style', 'abbr', - 'frame', 'iframe', 'html', 'body', - 'hr', 'allow-popups', 'allow-scripts') - for markup in contentSections: - if '>' not in markup: + separators = (['<', '>'], ['<', '>']) + for separatorStyle in separators: + startChar = separatorStyle[0] + endChar = separatorStyle[1] + if startChar not in content: continue - markup = markup.split('>')[0].strip() - for partialMatch in invalidPartials: - if partialMatch in markup: - return True - if ' ' not in markup: - for badStr in invalidStrings: - if badStr in markup: - return True - else: - for badStr in invalidStrings: - if badStr + ' ' in markup: + if endChar not in content: + continue + contentSections = content.split(startChar) + invalidPartials = () + if not allowLocalNetworkAccess: + invalidPartials = getLocalNetworkAddresses() + invalidStrings = ('script', 'canvas', 'style', 'abbr', + 'frame', 'iframe', 'html', 'body', + 'hr', 'allow-popups', 'allow-scripts') + for markup in contentSections: + if endChar not in markup: + continue + markup = markup.split(endChar)[0].strip() + for partialMatch in invalidPartials: + if partialMatch in markup: return True + if ' ' not in markup: + for badStr in invalidStrings: + if badStr in markup: + return True + else: + for badStr in invalidStrings: + if badStr + ' ' in markup: + return True return False From 6765f7b02f7364ade322476175a3d42469722992 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 19 May 2021 12:32:31 +0100 Subject: [PATCH 3/3] Also remove noscript markup --- utils.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils.py b/utils.py index e7e1382d3..ecba52039 100644 --- a/utils.py +++ b/utils.py @@ -675,7 +675,8 @@ def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool: invalidPartials = () if not allowLocalNetworkAccess: invalidPartials = getLocalNetworkAddresses() - invalidStrings = ('script', 'canvas', 'style', 'abbr', + invalidStrings = ('script', 'noscript', + 'canvas', 'style', 'abbr', 'frame', 'iframe', 'html', 'body', 'hr', 'allow-popups', 'allow-scripts') for markup in contentSections: