diff --git a/daemon.py b/daemon.py index 522703d8..048bdf49 100644 --- a/daemon.py +++ b/daemon.py @@ -164,6 +164,7 @@ from shares import getSharesFeedForPerson from shares import addShare from shares import removeShare from shares import expireShares +from utils import containsInvalidChars from utils import isSystemAccount from utils import setConfigParam from utils import getConfigParam @@ -11759,6 +11760,11 @@ class PubServer(BaseHTTPRequestHandler): self.server.POSTbusy = False return + if containsInvalidChars(messageBytes.decode("utf-8")): + self._400() + self.server.POSTbusy = False + return + # convert the raw bytes to json messageJson = json.loads(messageBytes) diff --git a/utils.py b/utils.py index bc8f9f06..6ed6c1c6 100644 --- a/utils.py +++ b/utils.py @@ -273,6 +273,19 @@ def isEvil(domain: str) -> bool: return False +def containsInvalidChars(jsonStr: str) -> bool: + """Does the given json string contain invalid characters? + e.g. dubious clacks/admin dogwhistles + """ + invalidStrings = { + '卐', '卍', '࿕', '࿖', '࿗', '࿘' + } + for isInvalid in invalidStrings: + if isInvalid in jsonStr: + return True + return False + + def createPersonDir(nickname: str, domain: str, baseDir: str, dirname: str) -> str: """Create a directory for a person