From 6b511a0a31cdf6297086a84b384a9eccbf834c1d Mon Sep 17 00:00:00 2001 From: eibex <40539455+eibex@users.noreply.github.com> Date: Sun, 29 Mar 2020 21:34:14 +0200 Subject: [PATCH] Add domain blacklisting --- config.yml | 8 ++++++++ liteshort.py | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/config.yml b/config.yml index 12c8efd..7a981eb 100644 --- a/config.yml +++ b/config.yml @@ -66,3 +66,11 @@ show_github_link: true # Boolean: Allow short URLs linking to your site_domain URL # Default: false selflinks: false + +# List: Prevent creation of URLs linking to domains in the blacklist +# Example of list formatting in yaml: +# blacklist: +# - blacklisted.com +# - subdomain.blacklisted.net +# Default: [] +blacklist: [] diff --git a/liteshort.py b/liteshort.py index 37b5948..e41246b 100644 --- a/liteshort.py +++ b/liteshort.py @@ -38,6 +38,7 @@ def load_config(): "subdomain": "", "latest": "l", "selflinks": False, + "blacklist": [], } config_types = { @@ -54,6 +55,7 @@ def load_config(): "subdomain": (str, type(None)), "latest": (str, type(None)), "selflinks": bool, + "blacklist": list, } for option in req_options.keys(): @@ -121,6 +123,14 @@ def check_self_link(long): return False +def linking_to_blacklist(long): + # Removes protocol and other parts of the URL to extract the domain name + long = long.split("//")[-1].split("/")[0] + if long in current_app.config["blacklist"]: + return True + return False + + def check_password(password, pass_config): if pass_config["password_hashed"]: return bcrypt.checkpw( @@ -333,6 +343,8 @@ def main_post(): and not current_app.config["selflinks"] ): return response(request, None, "You cannot link to this site") + if linking_to_blacklist(request.form["long"]): + return response(request, None, "You cannot link to this blacklisted site") if long_exists and not request.form.get("short"): set_latest(request.form["long"]) get_db().commit()