Mercurial > p > roundup > code
comparison roundup/configuration.py @ 5726:e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
as an oracle to identify when the right data has been
guessed. Identified by Joseph Myers who also suggested remediation
methods. Implemented John Rouillard.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 23 May 2019 18:56:57 -0400 |
| parents | cad18de2b988 |
| children | 0e6ed3d72f92 |
comparison
equal
deleted
inserted
replaced
| 5725:6923225fd781 | 5726:e199d0ae4a25 |
|---|---|
| 21 import time | 21 import time |
| 22 import smtplib | 22 import smtplib |
| 23 | 23 |
| 24 import roundup.date | 24 import roundup.date |
| 25 | 25 |
| 26 from roundup.anypy.strings import b2s | |
| 27 import roundup.anypy.random_ as random_ | |
| 28 import binascii | |
| 29 | |
| 26 # XXX i don't think this module needs string translation, does it? | 30 # XXX i don't think this module needs string translation, does it? |
| 27 | 31 |
| 28 ### Exceptions | 32 ### Exceptions |
| 29 | 33 |
| 30 class ConfigurationError(BaseException): | 34 class ConfigurationError(BaseException): |
| 92 | 96 |
| 93 def __str__(self): | 97 def __str__(self): |
| 94 return "NO DEFAULT" | 98 return "NO DEFAULT" |
| 95 | 99 |
| 96 NODEFAULT = UnsetDefaultValue() | 100 NODEFAULT = UnsetDefaultValue() |
| 101 | |
| 102 def create_token(): | |
| 103 return b2s(binascii.b2a_base64(random_.token_bytes(32)).strip()) | |
| 97 | 104 |
| 98 ### Option classes | 105 ### Option classes |
| 99 | 106 |
| 100 class Option: | 107 class Option: |
| 101 | 108 |
| 464 except ValueError: | 471 except ValueError: |
| 465 raise OptionValueError(self, value, "Octal Integer number required") | 472 raise OptionValueError(self, value, "Octal Integer number required") |
| 466 | 473 |
| 467 def _value2str(self, value): | 474 def _value2str(self, value): |
| 468 return oct(value) | 475 return oct(value) |
| 476 | |
| 477 class MandatoryOption(Option): | |
| 478 """Option must not be empty""" | |
| 479 def str2value(self, value): | |
| 480 if not value: | |
| 481 raise OptionValueError(self,value,"Value must not be empty.") | |
| 482 else: | |
| 483 return value | |
| 469 | 484 |
| 470 class NullableOption(Option): | 485 class NullableOption(Option): |
| 471 | 486 |
| 472 """Option that is set to None if its string value is one of NULL strings | 487 """Option that is set to None if its string value is one of NULL strings |
| 473 | 488 |
| 849 "tracker admin."), | 864 "tracker admin."), |
| 850 (BooleanOption, "migrate_passwords", "yes", | 865 (BooleanOption, "migrate_passwords", "yes", |
| 851 "Setting this option makes Roundup migrate passwords with\n" | 866 "Setting this option makes Roundup migrate passwords with\n" |
| 852 "an insecure password-scheme to a more secure scheme\n" | 867 "an insecure password-scheme to a more secure scheme\n" |
| 853 "when the user logs in via the web-interface."), | 868 "when the user logs in via the web-interface."), |
| 869 (MandatoryOption, "secret_key", create_token(), | |
| 870 "A per tracker secret used in etag calculations for\n" | |
| 871 "an object. It must not be empty.\n" | |
| 872 "It prevents reverse engineering hidden data in an object\n" | |
| 873 "by calculating the etag for a sample object. Then modifying\n" | |
| 874 "hidden properties until the sample object's etag matches\n" | |
| 875 "the one returned by roundup.\n" | |
| 876 "Changing this changes the etag and invalidates updates by\n" | |
| 877 "clients. It must be persistent across application restarts.\n" | |
| 878 "(Note the default value changes every time\n" | |
| 879 " roundup-admin updateconfig\n" | |
| 880 "is run, so it must be explicitly set to a non-empty string.\n"), | |
| 854 )), | 881 )), |
| 855 ("rdbms", ( | 882 ("rdbms", ( |
| 856 (Option, 'name', 'roundup', | 883 (Option, 'name', 'roundup', |
| 857 "Name of the database to use.", | 884 "Name of the database to use.", |
| 858 ['MYSQL_DBNAME']), | 885 ['MYSQL_DBNAME']), |