commit 67c00e3c89b0cebd00ce5f6f19ce194b200eb8f4 Author: Damian Johnson atagar@torproject.org Date: Sun Jan 13 16:19:17 2013 -0800

Truncating exit policies after a catch-all

It's pointless for an exit policy to contain rules after an 'accept *:*' or 'reject *:*'. Cropping policies if they go on after that. --- stem/exit_policy.py | 9 ++++++--- test/unit/exit_policy/policy.py | 5 +++++ 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/stem/exit_policy.py b/stem/exit_policy.py index 45e0a98..3bccc27 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -290,9 +290,12 @@ class ExitPolicy(object):

for rule in self._input_rules: if isinstance(rule, str): - rules.append(ExitPolicyRule(rule.strip())) - elif isinstance(rule, ExitPolicyRule): - rules.append(rule) + rule = ExitPolicyRule(rule.strip()) + + rules.append(rule) + + if rule.is_address_wildcard() and rule.is_port_wildcard(): + break # this is a catch-all, no reason to include more

self._rules = rules self._input_rules = None diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py index 4da21b0..b8ac286 100644 --- a/test/unit/exit_policy/policy.py +++ b/test/unit/exit_policy/policy.py @@ -37,6 +37,11 @@ class TestExitPolicy(unittest.TestCase): policy = ExitPolicy(*"accept *:80, accept *:443, reject *:*".split(",")) self.assertEquals(expected_policy, policy)

+ # checks that we truncate after getting a catch-all policy + + policy = ExitPolicy(*"accept *:80, accept *:443, reject *:*, accept *:20-50".split(",")) + self.assertEquals(expected_policy, policy) + def test_set_default_allowed(self): policy = ExitPolicy('reject *:80', 'accept *:443')