[bridgedb] branch main updated (ba694e1 -> d266794)

List overview All Threads
Download

newer

older

[pluggable-transports/snowflake]...

gitolite role

16 Jan 2023 16 Jan '23

12:16 p.m.

This is an automated email from the git hooks/post-receive script.

meskio pushed a change to branch main in repository bridgedb.

from ba694e1 Merge remote-tracking branch 'gitlab/mr/50' new f0b0f71 Don't look for X-DKIM-Authentication-Results headers new de9c15d Update dependencies new 4a11c2b Support multiple shim tokens new d266794 Update import that has being moved in python 3.10

The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.

Summary of changes: bridgedb/configure.py | 7 +++-- bridgedb/distributors/email/dkim.py | 1 - bridgedb/distributors/moat/server.py | 12 ++++---- bridgedb/proxy.py | 2 +- bridgedb/test/https_helpers.py | 4 +-- bridgedb/test/moat_helpers.py | 2 +- bridgedb/test/test_email_dkim.py | 8 ------ requirements.txt | 54 ++++++++++++++++++------------------ 8 files changed, 42 insertions(+), 48 deletions(-)

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

Show replies by date

gitolite role

16 Jan 16 Jan

12:16 p.m.

New subject: [bridgedb] 01/04: Don't look for X-DKIM-Authentication-Results headers

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main in repository bridgedb.

commit f0b0f71e5fa2b7d6048eb32ebd31f8d3a2fc4278 Author: meskio meskio@torproject.org AuthorDate: Tue Dec 13 14:58:07 2022 +0100

Don't look for X-DKIM-Authentication-Results headers

opendkim produces 'Authentication-Results' header to indicate if the dkim signature is valid, but nothing in our current infraestructure produces or reads X-DKIM-Authentication-Results. Check only for 'Authentication-Results' so an attacker will not be able to fake an email without really comming from an authorized provider. --- bridgedb/distributors/email/dkim.py | 1 - bridgedb/test/test_email_dkim.py | 8 -------- 2 files changed, 9 deletions(-)

diff --git a/bridgedb/distributors/email/dkim.py b/bridgedb/distributors/email/dkim.py index c8b3378..1ac6508 100644 --- a/bridgedb/distributors/email/dkim.py +++ b/bridgedb/distributors/email/dkim.py @@ -35,7 +35,6 @@ from __future__ import unicode_literals import logging

headers = { - "X-DKIM-Authentication-Results": lambda s: s.startswith('pass'), "Authentication-Results": lambda s: 'dkim=pass' in s }

diff --git a/bridgedb/test/test_email_dkim.py b/bridgedb/test/test_email_dkim.py index e36657f..7966bf4 100644 --- a/bridgedb/test/test_email_dkim.py +++ b/bridgedb/test/test_email_dkim.py @@ -28,14 +28,6 @@ class CheckDKIMTests(unittest.TestCase): self.goodMessage = ["""\ From: user@gmail.com To: bridges@localhost -X-DKIM-Authentication-Results: pass -Subject: testing - -get bridges -""", -"""\ -From: user@gmail.com -To: bridges@localhost Authentication-Results: gmail.com; dkim=pass (1024-bit key; secure) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=squak header.b=ZFZSqaMU; dkim-atps=neutral

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

gitolite role

12:16 p.m.

New subject: [bridgedb] 02/04: Update dependencies

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main in repository bridgedb.

commit de9c15da58d43a01207424e7dd9fd2de6bd7c8e6 Author: meskio meskio@torproject.org AuthorDate: Tue Dec 13 19:59:57 2022 +0100

Update dependencies --- bridgedb/test/https_helpers.py | 4 ++-- requirements.txt | 54 +++++++++++++++++++++--------------------- 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/bridgedb/test/https_helpers.py b/bridgedb/test/https_helpers.py index ca268c9..7cb4a43 100644 --- a/bridgedb/test/https_helpers.py +++ b/bridgedb/test/https_helpers.py @@ -16,7 +16,7 @@ import io from twisted.internet.defer import Deferred from twisted.internet.address import IPv4Address from twisted.web.http_headers import Headers -from twisted.web.server import NOT_DONE_YET, Session +from twisted.web.server import NOT_DONE_YET, Session, Site from twisted.web.test import requesthelper

from bridgedb.persistent import Conf @@ -170,7 +170,7 @@ class RequestHelperDummyRequest(object): self.postpath = postpath self.prepath = [] self.session = None - self.protoSession = session or Session(0, self) + self.protoSession = session or Session(Site(None), self) self.args = {} self.outgoingHeaders = {} self.requestHeaders = Headers() diff --git a/requirements.txt b/requirements.txt index f8015ba..c7d7714 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,40 +1,40 @@ -Babel==2.9.1 -beautifulsoup4==4.9.3 +Babel==2.11.0 +beautifulsoup4==4.11.1 html5lib==1.1 -Mako==1.1.4 -pycryptodome==3.10.1 -Twisted==21.2.0 +Mako==1.2.4 +pycryptodome==3.16.0 +Twisted==21.7.0 ipaddr==2.2.0 -Pillow==8.2.0 -pyOpenSSL==20.0.1 +Pillow==9.3.0 +pyOpenSSL==22.1.0 pygeoip==0.3.2 -qrcode==6.1 +qrcode==7.3.1 service_identity==21.1.0 -stem==1.8.0 -zope.interface==5.4.0 -numpy==1.20.3 +stem==1.8.1 +zope.interface==5.5.2 +numpy==1.23.5

# lektor/frontend-specific dependencies -certifi==2021.10.8 -charset-normalizer==2.0.12 -click==8.1.0 +certifi==2022.12.7 +charset-normalizer==2.1.1 +click==8.1.3 environs==9.5.0 -exifread==2.3.2 -filetype==1.0.10 -flask==2.1.0 -idna==3.3 -importlib-metadata==4.11.3 +exifread==3.0.0 +filetype==1.2.0 +flask==2.2.2 +idna==3.4 +importlib-metadata==5.1.0 inifile==0.4.1 itsdangerous==2.1.2 jinja2==3.0.3 -lektor==3.3.2 +lektor==3.3.7 markupsafe==2.1.1 mistune==0.8.4 -python-slugify==6.1.1 -pytz==2022.1 -requests[security]==2.27.1 +python-slugify==7.0.0 +pytz==2022.6 +requests[security]==2.28.1 text-unidecode==1.3 -urllib3==1.26.9 -watchdog==2.1.7 -werkzeug==2.0.3 -zipp==3.7.0 +urllib3==1.26.13 +watchdog==2.2.0 +werkzeug==2.2.2 +zipp==3.11.0

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

gitolite role

12:16 p.m.

New subject: [bridgedb] 03/04: Support multiple shim tokens

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main in repository bridgedb.

commit 4a11c2b453098f1499d2f196919fa365f6ab62bd Author: meskio meskio@torproject.org AuthorDate: Thu Dec 15 15:38:01 2022 +0100

Support multiple shim tokens --- bridgedb/configure.py | 7 +++++-- bridgedb/distributors/moat/server.py | 12 ++++++------ bridgedb/test/moat_helpers.py | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/bridgedb/configure.py b/bridgedb/configure.py index fd997e0..5447d85 100644 --- a/bridgedb/configure.py +++ b/bridgedb/configure.py @@ -165,11 +165,14 @@ def loadConfig(configFile=None, configCls=None):

if os.path.isfile(config.MOAT_SHIM_TOKEN_FILE): with open(config.MOAT_SHIM_TOKEN_FILE) as f: - setattr(config, "MOAT_SHIM_TOKEN", f.read()) + tokens = f.read().split("\n") + while "" in tokens: + tokens.remove("") + setattr(config, "MOAT_SHIM_TOKENS", tokens) if not os.path.isfile(config.MOAT_DUMMY_BRIDGES_FILE): logging.warning("The dummy bridges file '%s' doesn't exist" % (config.MOAT_DUMMY_BRIDGES_FILE,)) else: - config.MOAT_SHIM_TOKEN = None + config.MOAT_SHIM_TOKENS = [] logging.info("No shim-token provided, moat will answer each request with bridge authority bridges.")

return config diff --git a/bridgedb/distributors/moat/server.py b/bridgedb/distributors/moat/server.py index fe59b99..303936e 100644 --- a/bridgedb/distributors/moat/server.py +++ b/bridgedb/distributors/moat/server.py @@ -493,7 +493,7 @@ class CaptchaCheckResource(CaptchaResource): def __init__(self, distributor, schedule, N=1, hmacKey=None, publicKey=None, secretKey=None, useForwardedHeader=True, skipInvalid=False, - shim_token=None): + shim_tokens=None): """Create a new resource for checking CAPTCHA solutions and returning bridges to a client.

@@ -508,7 +508,7 @@ class CaptchaCheckResource(CaptchaResource): X-Forwarded-For header instead of the source IP address. :param bool skipInvalid: Skip invalid (e.g., loopback, private) addresses when parsing the X-Forwarded-For header. - :param bytes shim_token: the token that should be included on the header + :param bytes shim_tokens: a list of tokens that should be included on the header 'shim-token' on each request or dummy bridges will be provided. """ CaptchaResource.__init__(self, hmacKey, publicKey, secretKey, @@ -517,7 +517,7 @@ class CaptchaCheckResource(CaptchaResource): self.schedule = schedule self.nBridgesToGive = N self.useForwardedHeader = useForwardedHeader - self.shim_token = shim_token + self.shim_tokens = shim_tokens

def createBridgeRequest(self, ip, data): """Create an appropriate :class:`MoatBridgeRequest` from the ``data`` @@ -763,7 +763,7 @@ class CaptchaCheckResource(CaptchaResource): qrcode = None bridgeRequest = self.createBridgeRequest(clientIP, client_data) bridges = [] - dummyBridges = self.shim_token and request.getHeader('shim-token') == self.shim_token + dummyBridges = self.shim_tokens and request.getHeader('shim-token') in self.shim_tokens bridges = self.getBridges(bridgeRequest, dummyBridges) bridgeLines = self.getBridgeLines(bridgeRequest, bridges) moatMetrix.recordValidMoatRequest(request) @@ -837,7 +837,7 @@ def addMoatServer(config, distributor): fwdHeaders = config.MOAT_USE_IP_FROM_FORWARDED_HEADER numBridges = config.MOAT_BRIDGES_PER_ANSWER skipInvalid = config.MOAT_SKIP_LOOPBACK_ADDRESSES - shim_token = config.MOAT_SHIM_TOKEN + shim_tokens = config.MOAT_SHIM_TOKENS

logging.info("Starting moat servers...")

@@ -868,7 +868,7 @@ def addMoatServer(config, distributor): check = CaptchaCheckResource(distributor, sched, numBridges, hmacKey, publicKey, secretKey, fwdHeaders, skipInvalid, - shim_token) + shim_tokens)

moat.putChild(b"fetch", fetch) moat.putChild(b"check", check) diff --git a/bridgedb/test/moat_helpers.py b/bridgedb/test/moat_helpers.py index 452c207..bfbe863 100644 --- a/bridgedb/test/moat_helpers.py +++ b/bridgedb/test/moat_helpers.py @@ -69,7 +69,7 @@ MOAT_N_IP_CLUSTERS = %r MOAT_ROTATION_PERIOD = %r MOAT_GIMP_CAPTCHA_HMAC_KEYFILE = %r MOAT_GIMP_CAPTCHA_RSA_KEYFILE = %r -MOAT_SHIM_TOKEN = "" +MOAT_SHIM_TOKENS = "" """ % (GIMP_CAPTCHA_DIR, SERVER_PUBLIC_FQDN, SUPPORTED_TRANSPORTS,

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

gitolite role

12:16 p.m.

New subject: [bridgedb] 04/04: Update import that has being moved in python 3.10

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main in repository bridgedb.

commit d266794a0da0b11f21d0811a5d4f711010e15e51 Author: meskio meskio@torproject.org AuthorDate: Thu Dec 15 15:46:03 2022 +0100

Update import that has being moved in python 3.10 --- bridgedb/proxy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bridgedb/proxy.py b/bridgedb/proxy.py index 654b40c..5e13d24 100644 --- a/bridgedb/proxy.py +++ b/bridgedb/proxy.py @@ -12,7 +12,7 @@ """Classes for finding and managing lists of open proxies."""

from __future__ import print_function -from collections import MutableSet +from collections.abc import MutableSet from functools import update_wrapper from functools import wraps

-- To stop receiving notification emails like this one, please contact the administrator of this repository.

710

Age (days ago)

710

Last active (days ago)

tor-commits@lists.torproject.org

4 comments

1 participants

tags (0)

participants (1)

gitolite role