Pathogen
/
neptune
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix hashing with 4chan

This commit is contained in:
Mark Veidemanis 2022-08-30 10:00:26 +01:00
parent b8a08f9615
commit 38b712ac9a
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/lib/opensearch.py
View File

@ -244,6 +244,7 @@ def run_main_query(client, user, query, custom_query=False, index=None, size=Non
def parse_results(results): def parse_results(results):
results_parsed = [] results_parsed = []
stringify = ["host", "channel"]
if "hits" in results.keys(): if "hits" in results.keys():
if "hits" in results["hits"]: if "hits" in results["hits"]:
for item in results["hits"]["hits"]: for item in results["hits"]["hits"]:
@ -254,6 +255,9 @@ def parse_results(results):
else: else:
return False return False
element = item[data_index] element = item[data_index]
for field in stringify:
if field in element:
element[field] = str(element[field])
# Why are fields in lists... # Why are fields in lists...
if data_index == "fields": if data_index == "fields":
element = {k: v[0] for k, v in element.items() if len(v)} element = {k: v[0] for k, v in element.items() if len(v)}
@ -319,7 +323,7 @@ def query_results(
denied_q = hash_lookup(request.user, query_params) denied_q = hash_lookup(request.user, query_params)
denied.extend(denied_q) denied.extend(denied_q)
if tags: if tags:
denied_t = hash_lookup(request.user, tags) denied_t = hash_lookup(request.user, tags, query_params)
denied.extend(denied_t) denied.extend(denied_t)
message = "Permission denied: " message = "Permission denied: "

10
core/views/helpers.py
View File

@ -211,11 +211,19 @@ def hash_list(user, data, hash_keys=False):
r.hmset(cache, hash_table) r.hmset(cache, hash_table)
def hash_lookup(user, data_dict): def hash_lookup(user, data_dict, supplementary_data=None):
cache = "cache.hash" cache = "cache.hash"
hash_list = SortedSet() hash_list = SortedSet()
denied = [] denied = []
for key, value in list(data_dict.items()): for key, value in list(data_dict.items()):
print("DATA DICT", data_dict)
if "source" in data_dict:
if data_dict["source"] in settings.SAFE_SOURCES:
continue
if supplementary_data:
if "source" in supplementary_data:
if supplementary_data["source"] in settings.SAFE_SOURCES:
continue
if key in settings.SEARCH_FIELDS_DENY: if key in settings.SEARCH_FIELDS_DENY:
if not user.has_perm("core.bypass_hashing"): if not user.has_perm("core.bypass_hashing"):
data_dict[key] = SearchDenied(key=key, value=data_dict[key]) data_dict[key] = SearchDenied(key=key, value=data_dict[key])

1
core/views/ui/drilldown.py
View File

@ -374,6 +374,7 @@ class DrilldownContextModal(APIView):
return render(request, self.template_name, results) return render(request, self.template_name, results)
if settings.HASHING: # we probably want to see the tokens if settings.HASHING: # we probably want to see the tokens
if query_params["src"] not in settings.SAFE_SOURCES:
if not request.user.has_perm("core.bypass_hashing"): if not request.user.has_perm("core.bypass_hashing"):
for index, item in enumerate(results["object_list"]): for index, item in enumerate(results["object_list"]):
if "tokens" in item: if "tokens" in item: