1
0
mirror of https://git.ikl.sh/132ikl/liteshort.git synced 2023-08-10 21:13:04 +03:00

Add Google Safe Browsing check

This commit is contained in:
132ikl 2021-11-06 23:03:31 -04:00
parent 91db3d46ba
commit c39d5777c5
No known key found for this signature in database
GPG Key ID: 6779CF20ECF01C19
3 changed files with 64 additions and 7 deletions

View File

@ -1,6 +1,6 @@
# String: Username to make admin API requests
# Default: 'admin'
admin_username: 'admin'
admin_username: "admin"
# String: Plaintext password to make admin API requests
# Safe to remove if admin_hashed_password is set
@ -24,7 +24,7 @@ secret_key: CHANGE_ME
# String: Filename of the URL database without extension
# Default: 'urls'
database_name: 'urls'
database_name: "urls"
# Integer: Length of random short URLs by default
# Default: 4
@ -32,7 +32,7 @@ random_length: 4
# String: Allowed URL characters
# Default: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_
allowed_chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_'
allowed_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
# Amount of time in seconds to spend generating random short URLs until timeout
# Default: 5
@ -40,7 +40,7 @@ random_gen_timeout: 5
# String: Name shown on tab while on site and on page header
# Default: 'liteshort'
site_name: 'liteshort'
site_name: "liteshort"
# String: Domain where the shortlinks will be served from. Useful if using the web interface on a subdomain.
# If not set, it is automatically taken from the URL the shorten request is sent to.
@ -58,7 +58,7 @@ subdomain:
# Short URLs cannot be created with this string if set
# Unset to disable
# Default: l
latest: 'l'
latest: "l"
# Boolean: Show link to project repository on GitHub at bottom right corner of page
# Default: true
@ -75,3 +75,11 @@ selflinks: false
# - subdomain.blocklisted.net
# Default: []
blocklist: []
# String: API key to use Google Safe Browsing to verify links. Leave Unset to not use Safe Browsing.
# Default: unset
#safe_browse_key:
# String: URL to replace malicious links (as determined by Safe Browsing) with
# Default: unset
#malicious_replace:

View File

@ -12,6 +12,7 @@ from bcrypt import checkpw
from flask import current_app, g, redirect, render_template, request, url_for
from .config import load_config
from .util import check_url
logging.basicConfig(level=logging.INFO)
LOGGER = logging.getLogger(__name__)
@ -222,6 +223,17 @@ def query_db(query, args=(), one=False, row_factory=sqlite3.Row):
return (rv[0] if rv else None) if one else rv
def safe_check(config, long):
if key := config.get("safe_browse_key"):
if check_url(key, long):
if replace := config.get("malicious_replace"):
return replace
return None
else:
return long
return long
@app.teardown_appcontext
def close_db(error):
if hasattr(g, "sqlite_db"):
@ -327,10 +339,19 @@ def main_post():
get_baseUrl() + long_exists,
"Error: Failed to return pre-existing random shortlink",
)
get_db().cursor().execute(
"INSERT INTO urls (long,short) VALUES (?,?)", (request.form["long"], short)
long = safe_check(current_app.config, request.form["long"])
if not long:
return response(
request,
None,
"Error: Refusing to create short link for malicious site",
)
set_latest(request.form["long"])
get_db().cursor().execute(
"INSERT INTO urls (long,short) VALUES (?,?)", (long, short)
)
set_latest(long)
get_db().commit()
return response(request, get_baseUrl() + short, "Error: Failed to generate")
else:

View File

@ -1,6 +1,34 @@
from getpass import getpass
from json import dumps
from sys import argv
import bcrypt
import requests
def check_url(key, url):
out = requests.post(
f"https://safebrowsing.googleapis.com/v4/threatMatches:find?key={key}",
data=dumps(
{
"client": {"clientId": "liteshort"},
"threatInfo": {
"threatTypes": [
"MALWARE",
"SOCIAL_ENGINEERING",
"UNWANTED_SOFTWARE",
"POTENTIALLY_HARMFUL_APPLICATION",
],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{"url": url},
],
},
}
),
)
return bool(out.json())
def hash_passwd():