[Tails-dev] Resend: Locking down stream-events in onion-grater

Wed, 28 Oct 2020 09:45:14 -0700 

Re-sending this in a human readable form:


Hi, posting this mail for input.
A couple of months ago I was looking at locking down the amount of info leaked to Tor Browser in case it is compromised - if/when stream events access is enabled. my thought was to have the cake and eat it too. stream-events are needed to supported auth onions IIRC. I ran into issues with escaping characters from Tor's output namely $ and + which were included in an example output:
250+circuit-status=00 BUILT $relayid~$relayid,$relayid~$relayid,$relayid~$relayid BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2020-09-16T00:00:00.000000 

Questions:
* Can onion-grater currently deal with such characters without having to escape them?
* Is it even possible to sanitize responses as large and varied as stream-events output without having something leak thru or is it best to keep it blocked for peace of mind? 


***


The rule I used in the profile:


GETINFO:
      - pattern: 'circuit-status'
        response:
        - pattern: '250(.+)circuit-status=(\S+) (\S+) (.+) (\S+) (\S+)'
        - replacement: '250+circuit-status='



Here's the onion-grater debug log. Any idea what's wrong here?


 host onion-grater[8471]:   - pattern: circuit-status
 host onion-grater[8471]:     response:
 host onion-grater[8471]:     - {pattern: 250(.+)circuit-status=(\S+) (\S+) (.+) (\S+) (\S+)} 
 host onion-grater[8471]:     - {replacement: 250+circuit-status=}
 host onion-grater[8471]:   SIGNAL:
 host onion-grater[8471]:   - {pattern: NEWNYM}
 host onion-grater[8471]: events:
 host onion-grater[8471]:   CONF_CHANGED: {suppress: true}
 host onion-grater[8471]:   SIGNAL: {suppress: true}
 host onion-grater[8471]:   STATUS_SERVER: {suppress: true}
 host onion-grater[8471]:   STREAM: {}
 host onion-grater[8471]: restrict-stream-events: false
 host onion-grater[8471]: 10.152.152.11:56158 (filter: 30_autogenerated): -> getinfo circuit-status  host onion-grater[8471]: 10.152.152.11:56158 (filter: 30_autogenerated) disconnected: client quit 
 host onion-grater[8471]: ----------------------------------------
 host onion-grater[8471]: Exception happened during processing of request from ('10.152.152.11', 56158) 
 host onion-grater[8471]: Traceback (most recent call last):
 host onion-grater[8471]:   File "/usr/lib/python3.7/socketserver.py", line 650, in process_request_thread 
 host onion-grater[8471]:     self.finish_request(request, client_address)
 host onion-grater[8471]:   File "/usr/lib/python3.7/socketserver.py", line 360, in finish_request  host onion-grater[8471]:     self.RequestHandlerClass(request, client_address, self)  host onion-grater[8471]:   File "/usr/lib/python3.7/socketserver.py", line 720, in __init__ 
 host onion-grater[8471]:     self.handle()
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 661, in handle 
 host onion-grater[8471]:     session.handle()
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 481, in handle 
 host onion-grater[8471]:     response_rewriter=response_rewriter)
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 277, in proxy_line 
 host onion-grater[8471]:     new_response = response_rewriter(response)
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 462, in _response_rewriter 
 host onion-grater[8471]:     lines)
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 314, in rewrite_matched_lines 
 host onion-grater[8471]:     for line in split_lines]) + "\r\n"
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 314, in <listcomp> 
 host onion-grater[8471]:     for line in split_lines]) + "\r\n"
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 307, in rewrite_matched_line 
 host onion-grater[8471]:     return self.rewrite_line(replacers, line)
 host onion-grater[8471]:   File "/usr/lib/onion-grater", line 298, in rewrite_line 
 host onion-grater[8471]:     match = re.match(r['pattern'] + "$", line)
 host onion-grater[8471]: KeyError: 'pattern'
 host onion-grater[8471]: ----------------------------------------



_______________________________________________
Tails-dev mailing list
[email protected]
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
[email protected].

Reply via email to