[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [bridgedb/develop] Commit for #31528 (Get rid of BridgeDB's "chatspeak")



commit 320ddd1747cd584dd6cf9d7a2ff3f571827d1089
Author: agix <columbeff@xxxxxxxxx>
Date:   Thu Apr 30 10:18:46 2020 +0200

    Commit for #31528 (Get rid of BridgeDB's "chatspeak")
    
    Known chatspeak references have been removed or replaced
    Malicious requests are now redirected with the status code 400
---
 README.rst                                         | 12 ++++-----
 bridgedb/distributors/https/server.py              | 11 ++++----
 .../https/templates/assets/css/main.css            |  4 +--
 bridgedb/distributors/https/templates/bridges.html | 13 ++--------
 .../distributors/https/templates/error-400.html    | 30 ++++++++++++++++++++++
 .../distributors/https/templates/error-500.html    |  4 +--
 bridgedb/test/test_https_server.py                 | 18 ++++++-------
 7 files changed, 56 insertions(+), 36 deletions(-)

diff --git a/README.rst b/README.rst
index 858562e..1b0a840 100644
--- a/README.rst
+++ b/README.rst
@@ -78,8 +78,8 @@ Dependencies and installation
 
 BridgeDB requires the following OS-level dependencies:
 
--  python>=2.7
--  python-dev
+-  python>=3
+-  python3-dev
 -  `python3-dkim <https://pypi.org/project/dkimpy/>`__ (it contains the ``dkimverify`` binary)
 -  build-essential
 -  OpenSSL>=1.0.1g
@@ -106,11 +106,11 @@ Deploying BridgeDB
 
 BridgeDB should work with or without a Python virtualenv.
 
--  Install Python 2.7, and other OS-level dependencies. On Debian, you
+-  Install Python 3, and other OS-level dependencies. On Debian, you
    can do::
 
-         sudo apt-get install build-essential openssl python python-dev \
-           python-setuptools sqlite3 libgeoip-dev geoip-database
+         sudo apt-get install build-essential openssl python3 python3-dev \
+           python3-setuptools sqlite3 gnupg2 libgeoip-dev geoip-database
 
 
 -  Install Pip 1.3.1 or later. Debian has this version, but if for some
@@ -146,7 +146,7 @@ BridgeDB should work with or without a Python virtualenv.
 -  **(virtualenv installs only)** To install, set PYTHONPATH to include the
    root directory of the virtualenv::
 
-         export PYTHONPATH=$PYTHONPATH:${VIRTUAL_ENV}/lib/python2.7/site-packages
+         export PYTHONPATH=$PYTHONPATH:${VIRTUAL_ENV}/lib/python3.7/site-packages
 
 
 -  Then, proceed as usual::
diff --git a/bridgedb/distributors/https/server.py b/bridgedb/distributors/https/server.py
index b2de4b1..91757e7 100644
--- a/bridgedb/distributors/https/server.py
+++ b/bridgedb/distributors/https/server.py
@@ -166,11 +166,9 @@ def replaceErrorPage(request, error, template_name=None, html=True):
 
 
 def redirectMaliciousRequest(request):
-    '''Redirect the client to a "daring work of art" which "in true
-    post-modern form, [â?¦] tends to raise more questions than answers."
-    '''
-    logging.debug("Redirecting %s to a daring work of art..." % getClientIP(request))
-    request.write(redirectTo(base64.b64decode("aHR0cDovLzJnaXJsczFjdXAuY2Ev"), request))
+    '''Setting the reponse code to 400 (Bad Request)'''
+    logging.debug("Setting response code to 400 for %s" % getClientIP(request))
+    request.setResponseCode(400)
     request.finish()
     return request
 
@@ -367,7 +365,7 @@ class ErrorResource(CSPResource):
 
     render_POST = render_GET
 
-
+resource400 = ErrorResource('error-400.html', code=400)
 resource404 = ErrorResource('error-404.html', code=404)
 resource500 = ErrorResource('error-500.html', code=500)
 maintenance = ErrorResource('error-503.html', code=503)
@@ -1157,6 +1155,7 @@ def addWebServer(config, distributor):
     root.putChild(b'info', info)
     root.putChild(b'maintenance', maintenance)
     root.putChild(b'error', resource500)
+    root.putChild(b'malicious', resource400)
     root.putChild(CSPResource.reportURI, csp)
 
     if config.RECAPTCHA_ENABLED:
diff --git a/bridgedb/distributors/https/templates/assets/css/main.css b/bridgedb/distributors/https/templates/assets/css/main.css
index 72a3205..8ff1f07 100644
--- a/bridgedb/distributors/https/templates/assets/css/main.css
+++ b/bridgedb/distributors/https/templates/assets/css/main.css
@@ -373,11 +373,11 @@ div.bridge-lines.-webkit-scrollbar-thumb.horizontal{
   align-content: left;
 }
 
-#uh-oh-spaghettios {
+#error {
   width: 80%;
   margin: auto;
 }
-.uh-oh-spaghettios~p {
+.error~p {
   text-align: center;
   font-size: 115%;
 }
diff --git a/bridgedb/distributors/https/templates/bridges.html b/bridgedb/distributors/https/templates/bridges.html
index 55a9e79..1d672eb 100644
--- a/bridgedb/distributors/https/templates/bridges.html
+++ b/bridgedb/distributors/https/templates/bridges.html
@@ -60,11 +60,6 @@ ${bridgeline | h,trim}<br />
               </p>
 % else:
               <p class="text-danger">
-## TRANSLATORS: Please translate this into some silly way to say
-##              "There was a problem!" in your language. For example,
-##              for Italian, you might translate this into "Mama mia!",
-##              or for French: "Sacrebleu!". :)
-${_("""Uh oh, spaghettios!""")}
 ${_("""It seems there was an error getting your QRCode.""")}
                 <i class="icon icon-frown"></i>
               </p>
@@ -106,17 +101,13 @@ ${_("""This QRCode contains your bridge lines. Scan it with a QRCode """ \
 </div>
 
 % else:
-<div class="bs-component" id="uh-oh-spaghettios">
+<div class="bs-component" id="error">
   <div class="alert alert-dismissable alert-danger">
     <p>
       <br />
       <strong>
         <em class="primary">
-## TRANSLATORS: Please translate this into some silly way to say
-##              "There was a problem!" in your language. For example,
-##              for Italian, you might translate this into "Mama mia!",
-##              or for French: "Sacrebleu!". :)
-${_("""Uh oh, spaghettios!""")}
+${_("""BridgeDB encountered an error.""")}
         </em>
       </strong>
       <br />
diff --git a/bridgedb/distributors/https/templates/error-400.html b/bridgedb/distributors/https/templates/error-400.html
new file mode 100644
index 0000000..5f12dda
--- /dev/null
+++ b/bridgedb/distributors/https/templates/error-400.html
@@ -0,0 +1,30 @@
+## -*- coding: utf-8 -*-
+
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title>BridgeDB - 400</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Bridge IP database">
+    <meta name="author" content="The Tor Project">
+
+    <!-- Le styles -->
+    <link rel="stylesheet" href="/assets/css/main.css">
+    <!--[if IE 7]>
+        <link rel="stylesheet" href="/assets/css/font-awesome-ie7.min.css">
+        <![endif]-->
+    <link rel="stylesheet" href="/assets/css/error.css">
+  </head>
+  <body>
+    <div class="application error error400">
+      <main class="main main--error" role="main">
+        <div class="road full-size"></div>
+        <div class="error-text">
+          <h1>Bad Request</h1>
+          <p>Your request was not understood by the server.<a href="/">BridgeDB</a></p>
+        </div>
+      </main>
+    </div>
+  </body>
+</html>
diff --git a/bridgedb/distributors/https/templates/error-500.html b/bridgedb/distributors/https/templates/error-500.html
index 5c56c39..e17b2f4 100644
--- a/bridgedb/distributors/https/templates/error-500.html
+++ b/bridgedb/distributors/https/templates/error-500.html
@@ -27,8 +27,8 @@
         </div>
         <div class="road full-size"></div>
         <div class="error-text">
-          <h1>Bad News Bears</h1>
-          <p>Something wicked totally just borked <a href="/">BridgeDB</a>â?¦ :'(</p>
+          <h1>Internal Error</h1>
+          <p>BridgeDB encountered an internal error<a href="/">BridgeDB</a></p>
         </div>
       </main>
     </div>
diff --git a/bridgedb/test/test_https_server.py b/bridgedb/test/test_https_server.py
index 54bda2e..3b159ce 100644
--- a/bridgedb/test/test_https_server.py
+++ b/bridgedb/test/test_https_server.py
@@ -68,15 +68,15 @@ class ReplaceErrorPageTests(unittest.TestCase):
     def test_replaceErrorPage(self):
         """``replaceErrorPage`` should return the error-500.html page."""
         request = DummyRequest([''])
-        exc = Exception("vegan gümmibären")
+        exc = Exception("Under Maintenance")
         errorPage = server.replaceErrorPage(request, exc)
-        self.assertSubstring(b"Bad News Bears", errorPage)
-        self.assertNotSubstring("vegan gümmibären".encode("utf-8"), errorPage)
+        self.assertSubstring(b"Internal Error", errorPage)
+        self.assertNotSubstring("Under Maintenance".encode("utf-8"), errorPage)
 
     def test_replaceErrorPage_matches_resource500(self):
         """``replaceErrorPage`` should return the error-500.html page."""
         request = DummyRequest([''])
-        exc = Exception("vegan gümmibären")
+        exc = Exception("Under Maintenance")
         errorPage = server.replaceErrorPage(request, exc)
         error500Page = server.resource500.render(request)
         self.assertEqual(errorPage, error500Page)
@@ -89,8 +89,8 @@ class ReplaceErrorPageTests(unittest.TestCase):
         exc = Exception("vegan gümmibären")
         server.resource500 = None
         errorPage = server.replaceErrorPage(request, exc)
-        self.assertNotSubstring(b"Bad News Bears", errorPage)
-        self.assertNotSubstring("vegan gümmibären".encode("utf-8"), errorPage)
+        self.assertNotSubstring(b"Bad Request", errorPage)
+        self.assertNotSubstring("Under Maintenance".encode("utf-8"), errorPage)
         self.assertSubstring(b"Sorry! Something went wrong with your request.",
                              errorPage)
 
@@ -108,7 +108,7 @@ class ErrorResourceTests(unittest.TestCase):
     def test_resource500(self):
         """``server.resource500`` should display the error-500.html page."""
         page = server.resource500.render(self.request)
-        self.assertSubstring(b'Bad News Bears', page)
+        self.assertSubstring(b'Internal Error', page)
 
     def test_maintenance(self):
         """``server.maintenance`` should display the error-503.html page."""
@@ -549,7 +549,7 @@ class ReCaptchaProtectedResourceTests(unittest.TestCase):
             """Check the ``Request`` returned from ``_renderDeferred``."""
             self.assertIsInstance(request, DummyRequest)
             html = b''.join(request.written)
-            self.assertSubstring(b'Uh oh, spaghettios!', html)
+            self.assertSubstring(b'BridgeDB encountered an error.', html)
 
         d = task.deferLater(reactor, 0, lambda x: x, (True, self.request))
         d.addCallback(self.captchaResource._renderDeferred)
@@ -913,7 +913,7 @@ class BridgesResourceTests(unittest.TestCase):
         page = self.bridgesResource.renderAnswer(request, bridgeLines=None)
 
         # We don't want the fancy version:
-        self.assertNotSubstring(b"Bad News Bears", page)
+        self.assertNotSubstring(b"Bad Request", page)
         self.assertSubstring(b"Sorry! Something went wrong with your request.",
                              page)
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits