[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [bridgedb/master] Don't interpret quoted text as commands.
commit 4a0586767f08a3b4ee83b7805fd3cfcf531c245d
Author: Philipp Winter <phw@xxxxxxxxx>
Date: Mon Aug 19 17:05:52 2019 -0700
Don't interpret quoted text as commands.
BridgeDB gets confused when users reply to a "get help" email. The
issue is that BridgeDB interprets commands anywhere in the email body,
even if it's in quoted text.
To fix this issue, we are ignoring commands whose email body line starts
with a '>' character, which is typically used for email quotes.
This fixes <https://bugs.torproject.org/17626>.
---
CHANGELOG | 9 +++++++++
bridgedb/distributors/email/request.py | 21 +++++++++++++++------
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index aba6d19..c3073ef 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,12 @@
+Changes in version 0.8.1 -
+
+ * FIXES https://bugs.torproject.org/17626
+ BridgeDB gets confused when users reply to a "get help" email. The
+ issue is that BridgeDB interprets commands anywhere in the email body,
+ even if it's in quoted text. To fix this issue, we are ignoring
+ commands whose email body line starts with a '>' character, which is
+ typically used for email quotes.
+
Changes in version 0.8.0 - 2019-08-20
* FIXES https://bugs.torproject.org/9316
diff --git a/bridgedb/distributors/email/request.py b/bridgedb/distributors/email/request.py
index a490e56..83c203d 100644
--- a/bridgedb/distributors/email/request.py
+++ b/bridgedb/distributors/email/request.py
@@ -58,6 +58,15 @@ TRANSPORT_PATTERN = re.compile(TRANSPORT_REGEXP)
UNBLOCKED_REGEXP = ".*unblocked ([a-z]{2,4})"
UNBLOCKED_PATTERN = re.compile(UNBLOCKED_REGEXP)
+#: Regular expressions that we use to match for email commands. Any command is
+#: valid as long as it wasn't quoted, i.e., the line didn't start with a '>'
+#: character.
+HELP_LINE = re.compile("([^>].*)?h[ae]lp")
+GET_LINE = re.compile("([^>].*)?get")
+KEY_LINE = re.compile("([^>].*)?key")
+IPV6_LINE = re.compile("([^>].*)?ipv6")
+TRANSPORT_LINE = re.compile("([^>].*)?transport")
+UNBLOCKED_LINE = re.compile("([^>].*)?unblocked")
def determineBridgeRequestOptions(lines):
"""Figure out which :mod:`~bridgedb.filters` to apply, or offer help.
@@ -83,20 +92,20 @@ def determineBridgeRequestOptions(lines):
if not line: skippedHeaders = True
if not skippedHeaders: continue
- if ("help" in line) or ("halp" in line):
+ if HELP_LINE.match(line) is not None:
raise EmailRequestedHelp("Client requested help.")
- if "get" in line:
+ if GET_LINE.match(line) is not None:
request.isValid(True)
logging.debug("Email request was valid.")
- if "key" in line:
+ if KEY_LINE.match(line) is not None:
request.wantsKey(True)
raise EmailRequestedKey("Email requested a copy of our GnuPG key.")
- if "ipv6" in line:
+ if IPV6_LINE.match(line) is not None:
request.withIPv6()
- if "transport" in line:
+ if TRANSPORT_LINE.match(line) is not None:
request.withPluggableTransportType(line)
- if "unblocked" in line:
+ if UNBLOCKED_LINE.match(line) is not None:
request.withoutBlockInCountry(line)
logging.debug("Generating hashring filters for request.")
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits