Bypass obfuscation for safe sources

2022-08-30 10:30:17 +01:00
parent 38b712ac9a
commit ba3124bd69
6 changed files with 70 additions and 46 deletions
--- a/core/views/helpers.py
+++ b/core/views/helpers.py
@@ -216,10 +216,12 @@ def hash_lookup(user, data_dict, supplementary_data=None):
    hash_list = SortedSet()
    denied = []
    for key, value in list(data_dict.items()):
-        print("DATA DICT", data_dict)
        if "source" in data_dict:
            if data_dict["source"] in settings.SAFE_SOURCES:
                continue
+        if "src" in data_dict:
+            if data_dict["src"] in settings.SAFE_SOURCES:
+                continue
        if supplementary_data:
            if "source" in supplementary_data:
                if supplementary_data["source"] in settings.SAFE_SOURCES:
--- a/core/views/ui/drilldown.py
+++ b/core/views/ui/drilldown.py
@@ -292,7 +292,16 @@ class DrilldownContextModal(APIView):
        nicks_sensitive = None
        query = False
        # Create the query params from the POST arguments
-        mandatory = ["net", "channel", "num", "src", "index", "nick", "type", "mtype"]
+        mandatory = [
+            "net",
+            "channel",
+            "num",
+            "source",
+            "index",
+            "nick",
+            "type",
+            "mtype",
+        ]
        invalid = [None, False, "—", "None"]

        query_params = {k: v for k, v in request.data.items() if v}
@@ -306,8 +315,11 @@ class DrilldownContextModal(APIView):

        # Lookup the hash values but don't disclose them to the user
        if settings.HASHING:
-            SAFE_PARAMS = deepcopy(query_params)
-            hash_lookup(request.user, SAFE_PARAMS)
+            if query_params["source"] not in settings.SAFE_SOURCES:
+                SAFE_PARAMS = deepcopy(query_params)
+                hash_lookup(request.user, SAFE_PARAMS)
+            else:
+                SAFE_PARAMS = deepcopy(query_params)
        else:
            SAFE_PARAMS = query_params

@@ -346,7 +358,7 @@ class DrilldownContextModal(APIView):
        SAFE_PARAMS["sorting"] = "desc"

        annotate = False
-        if query_params["src"] == "irc":
+        if query_params["source"] == "irc":
            if query_params["type"] not in ["znc", "auth"]:
                annotate = True
        # Create the query with the context helper
@@ -354,7 +366,7 @@ class DrilldownContextModal(APIView):
            query_params["index"],
            SAFE_PARAMS["net"],
            SAFE_PARAMS["channel"],
-            query_params["src"],
+            query_params["source"],
            SAFE_PARAMS["num"],
            size,
            type=type,
@@ -374,13 +386,13 @@ class DrilldownContextModal(APIView):
            return render(request, self.template_name, results)

        if settings.HASHING:  # we probably want to see the tokens
-            if query_params["src"] not in settings.SAFE_SOURCES:
+            if query_params["source"] not in settings.SAFE_SOURCES:
                if not request.user.has_perm("core.bypass_hashing"):
                    for index, item in enumerate(results["object_list"]):
                        if "tokens" in item:
-                            results["object_list"][index]["msg"] = results["object_list"][
-                                index
-                            ].pop("tokens")
+                            results["object_list"][index]["msg"] = results[
+                                "object_list"
+                            ][index].pop("tokens")
                            # item["msg"] = item.pop("tokens")

        # Make the time nicer
@@ -390,7 +402,7 @@ class DrilldownContextModal(APIView):
        context = {
            "net": query_params["net"],
            "channel": query_params["channel"],
-            "src": query_params["src"],
+            "source": query_params["source"],
            "ts": f"{query_params['date']} {query_params['time']}",
            "object_list": results["object_list"],
            "time": query_params["time"],