Messagetype attack mitigation

- temporarily restrict messagetypes
- use a new "Contact support" address
This commit is contained in:
Peter Šurda 2018-02-13 23:33:12 +01:00
parent 4cd36ececc
commit c050ef0814
Signed by untrusted user: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87
2 changed files with 6 additions and 1 deletions

View File

@ -21,7 +21,8 @@ import state
from version import softwareVersion from version import softwareVersion
# this is BM support address going to Peter Surda # this is BM support address going to Peter Surda
SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK' OLD_SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK'
SUPPORT_ADDRESS = 'BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832'
SUPPORT_LABEL = 'PyBitmessage support' SUPPORT_LABEL = 'PyBitmessage support'
SUPPORT_MY_LABEL = 'My new address' SUPPORT_MY_LABEL = 'My new address'
SUPPORT_SUBJECT = 'Support request' SUPPORT_SUBJECT = 'Support request'
@ -53,6 +54,7 @@ Connected hosts: {}
''' '''
def checkAddressBook(myapp): def checkAddressBook(myapp):
sqlExecute('''DELETE from addressbook WHERE address=?''', OLD_SUPPORT_ADDRESS)
queryreturn = sqlQuery('''SELECT * FROM addressbook WHERE address=?''', SUPPORT_ADDRESS) queryreturn = sqlQuery('''SELECT * FROM addressbook WHERE address=?''', SUPPORT_ADDRESS)
if queryreturn == []: if queryreturn == []:
sqlExecute('''INSERT INTO addressbook VALUES (?,?)''', str(QtGui.QApplication.translate("Support", SUPPORT_LABEL)), SUPPORT_ADDRESS) sqlExecute('''INSERT INTO addressbook VALUES (?,?)''', str(QtGui.QApplication.translate("Support", SUPPORT_LABEL)), SUPPORT_ADDRESS)

View File

@ -11,6 +11,9 @@ class MsgBase(object):
def constructObject(data): def constructObject(data):
whitelist = ["message"]
if data[""] not in whitelist:
return None
try: try:
m = import_module("messagetypes." + data[""]) m = import_module("messagetypes." + data[""])
classBase = getattr(m, data[""].title()) classBase = getattr(m, data[""].title())