commit ad7b5f9ab3354aef3d69db33933ab1fcebf16bd1
Author: Robert Ransom <rransom.8...@gmail.com>
Date: Thu Apr 30 08:41:08 2015 -0700
Forbid non-ASCII and control chars, double quotes and backslashes in PT args
---
lib/bridgedb/bridges.py | 19 +++++++++++++++++++
lib/bridgedb/util.py | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/lib/bridgedb/bridges.py b/lib/bridgedb/bridges.py
index e2b2ff5..b799ca3 100644
--- a/lib/bridgedb/bridges.py
+++ b/lib/bridgedb/bridges.py
@@ -38,6 +38,7 @@ from bridgedb.parse.fingerprint import isValidFingerprint
from bridgedb.parse.fingerprint import toHex
from bridgedb.parse.fingerprint import fromHex
from bridgedb.parse.nickname import isValidRouterNickname
+from bridgedb.util import isascii_noncontrol
class PluggableTransportUnavailable(Exception):
@@ -351,6 +352,10 @@ class PluggableTransport(BridgeAddressBase):
2. The :data:`arguments` is a dictionary.
+ 3. The :data:`arguments` do not contain non-ASCII or control
+ characters or double quotes or backslashes, in keys or
+ in values.
+
:raises MalformedPluggableTransport: if any of the above checks fails.
"""
if not self.fingerprint:
@@ -372,6 +377,20 @@ class PluggableTransport(BridgeAddressBase):
("Cannot create PluggableTransport with arguments type: %s")
% type(self.arguments))
+ for k, v in self.arguments.items():
+ kv = ''.join((k, v))
+ if not isascii_noncontrol(kv):
+ raise MalformedPluggableTransport(
+ ("Cannot create PluggableTransport with non-ASCII or "
+ "control characters in arguments: %r=%r")
+ % (k, v))
+ if '"' in kv or '\\' in kv:
+ raise MalformedPluggableTransport(
+ ("Cannot create PluggableTransport with double quotes or "
+ "backslashes in arguments: %r=%r")
+ % (k, v))
+ pass
+
if not self._checkArguments():
raise MalformedPluggableTransport(
("Can't use %s transport with missing arguments. Arguments: "
diff --git a/lib/bridgedb/util.py b/lib/bridgedb/util.py
index 8034120..580f31f 100644
--- a/lib/bridgedb/util.py
+++ b/lib/bridgedb/util.py
@@ -200,6 +200,41 @@ def htmlify_string(s):
"""
return ''.join(map((lambda ch: htmlify_string_map.get(ch, ch)), s))
+def isascii(s):
+ """Return True if there are no non-ASCII characters in s, False otherwise.
+
+ Note that this function differs from the str.is* methods in that
+ it returns True for the empty string, rather than False.
+
+ >>> isascii('\x80')
+ False
+ >>> isascii('foo\tbar\rbaz\n')
+ True
+ >>> isascii('foo bar')
+ True
+
+ :param str s: The string to check for non-ASCII characters.
+ """
+ return all(map((lambda ch: ord(ch) < 128), s))
+
+def isascii_noncontrol(s):
+ """Return True if there are no non-ASCII or control characters in
+ s, False otherwise.
+
+ Note that this function differs from the str.is* methods in that
+ it returns True for the empty string, rather than False.
+
+ >>> isascii_noncontrol('\x80')
+ False
+ >>> isascii_noncontrol('foo\tbar\rbaz\n')
+ False
+ >>> isascii_noncontrol('foo bar')
+ True
+
+ :param str s: The string to check for non-ASCII or control characters.
+ """
+ return all(map((lambda ch: 32 <= ord(ch) < 127), s))
+
class JustifiedLogFormatter(logging.Formatter):
"""A logging formatter which pretty prints thread and calling function
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
