Messagetype attack mitigation
- temporarily restrict messagetypes - use a new "Contact support" address
This commit is contained in:
parent
4cd36ececc
commit
c050ef0814
|
@ -21,7 +21,8 @@ import state
|
||||||
from version import softwareVersion
|
from version import softwareVersion
|
||||||
|
|
||||||
# this is BM support address going to Peter Surda
|
# this is BM support address going to Peter Surda
|
||||||
SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK'
|
OLD_SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK'
|
||||||
|
SUPPORT_ADDRESS = 'BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832'
|
||||||
SUPPORT_LABEL = 'PyBitmessage support'
|
SUPPORT_LABEL = 'PyBitmessage support'
|
||||||
SUPPORT_MY_LABEL = 'My new address'
|
SUPPORT_MY_LABEL = 'My new address'
|
||||||
SUPPORT_SUBJECT = 'Support request'
|
SUPPORT_SUBJECT = 'Support request'
|
||||||
|
@ -53,6 +54,7 @@ Connected hosts: {}
|
||||||
'''
|
'''
|
||||||
|
|
||||||
def checkAddressBook(myapp):
|
def checkAddressBook(myapp):
|
||||||
|
sqlExecute('''DELETE from addressbook WHERE address=?''', OLD_SUPPORT_ADDRESS)
|
||||||
queryreturn = sqlQuery('''SELECT * FROM addressbook WHERE address=?''', SUPPORT_ADDRESS)
|
queryreturn = sqlQuery('''SELECT * FROM addressbook WHERE address=?''', SUPPORT_ADDRESS)
|
||||||
if queryreturn == []:
|
if queryreturn == []:
|
||||||
sqlExecute('''INSERT INTO addressbook VALUES (?,?)''', str(QtGui.QApplication.translate("Support", SUPPORT_LABEL)), SUPPORT_ADDRESS)
|
sqlExecute('''INSERT INTO addressbook VALUES (?,?)''', str(QtGui.QApplication.translate("Support", SUPPORT_LABEL)), SUPPORT_ADDRESS)
|
||||||
|
|
|
@ -11,6 +11,9 @@ class MsgBase(object):
|
||||||
|
|
||||||
|
|
||||||
def constructObject(data):
|
def constructObject(data):
|
||||||
|
whitelist = ["message"]
|
||||||
|
if data[""] not in whitelist:
|
||||||
|
return None
|
||||||
try:
|
try:
|
||||||
m = import_module("messagetypes." + data[""])
|
m = import_module("messagetypes." + data[""])
|
||||||
classBase = getattr(m, data[""].title())
|
classBase = getattr(m, data[""].title())
|
||||||
|
|
Loading…
Reference in New Issue
Block a user