almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Replace non-printable ascii in conversion log

Browse source 
Certain characters may be abused. Particularly ANSI escape codes.
Solution inspired by Qubes OS's hardening of ther RPC mechanism [1]:

> Terminal control characters are a security issue, which in worst case
> amount to arbitrary command execution. In the simplest case this
> requires two often found codes: terminal title setting (which puts
> arbitrary string in the window title) and title repo reporting (which
> puts that string on the shell's standard input. [sic]
>
>  -- qvm-run.rst [2]

[1]: e005836286
[2]: c70da44702/doc/manpages/qvm-run.rst (L126)
This commit is contained in:
deeplow 2023-06-23 07:32:29 +01:00
parent 95cef8cf0a
commit 9f1abe2836
No known key found for this signature in database
GPG key ID: 577982871529A52A
2 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
dangerzone/isolation_provider/container.py
View file

@ -12,7 +12,12 @@ import tempfile
from typing import Any, Callable, List, Optional, Tuple from typing import Any, Callable, List, Optional, Tuple
from ..document import Document from ..document import Document
from ..util import get_resource_path, get_subprocess_startupinfo, get_tmp_dir from ..util import (
get_resource_path,
get_subprocess_startupinfo,
get_tmp_dir,
replace_control_chars,
)
from .base import MAX_CONVERSION_LOG_CHARS, IsolationProvider from .base import MAX_CONVERSION_LOG_CHARS, IsolationProvider
# Define startupinfo for subprocesses # Define startupinfo for subprocesses
@ -288,8 +293,9 @@ class Container(IsolationProvider):
if getattr(sys, "dangerzone_dev", False): if getattr(sys, "dangerzone_dev", False):
log_path = pixel_dir / "captured_output.txt" log_path = pixel_dir / "captured_output.txt"
with open(log_path, "r", encoding="ascii", errors="replace") as f: with open(log_path, "r", encoding="ascii", errors="replace") as f:
untrusted_log = f.read(MAX_CONVERSION_LOG_CHARS)
log.info( log.info(
f"Conversion output (doc to pixels):\n{f.read(MAX_CONVERSION_LOG_CHARS)}" f"Conversion output (doc to pixels):\n{replace_control_chars(untrusted_log)}"
) )
if ret != 0: if ret != 0:

6
dangerzone/isolation_provider/qubes.py
View file

@ -143,8 +143,10 @@ class Qubes(IsolationProvider):
self.print_progress_trusted(document, False, text, percentage) self.print_progress_trusted(document, False, text, percentage)
if getattr(sys, "dangerzone_dev", False): if getattr(sys, "dangerzone_dev", False):
text = f"Conversion output (doc to pixels):\n{read_debug_text(p)}" untrusted_log = read_debug_text(p)
log.info(text) log.info(
f"Conversion output (doc to pixels):\n{replace_control_chars(untrusted_log)}"
)
# FIXME pass OCR stuff properly (see #455) # FIXME pass OCR stuff properly (see #455)
old_environ = dict(os.environ) old_environ = dict(os.environ)