diff options
| author | kali <kali@leap.se> | 2013-05-01 04:11:26 +0900 |
|---|---|---|
| committer | kali <kali@leap.se> | 2013-05-01 04:11:26 +0900 |
| commit | 722afd140b3d8bc8915e9ff34dbc8039c87dba63 (patch) | |
| tree | 4ba6a579775ec5674d6f951976080b935bd2b321 /src/leap/services/eip/eipconfig.py | |
| parent | 2cb4987d2da49542c2e1d89632953298415bafe4 (diff) | |
whitelist openvpn cipher parameters
Diffstat (limited to 'src/leap/services/eip/eipconfig.py')
| -rw-r--r-- | src/leap/services/eip/eipconfig.py | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/leap/services/eip/eipconfig.py b/src/leap/services/eip/eipconfig.py index 4e74687a..baf26bca 100644 --- a/src/leap/services/eip/eipconfig.py +++ b/src/leap/services/eip/eipconfig.py @@ -18,8 +18,9 @@ """ Provider configuration """ -import os import logging +import os +import re from leap.common.check import leap_assert, leap_assert_type from leap.common.config.baseconfig import BaseConfig @@ -33,6 +34,8 @@ class EIPConfig(BaseConfig): """ Provider configuration abstraction class """ + OPENVPN_ALLOWED_KEYS = ("auth", "cipher", "tls-cipher") + OPENVPN_CIPHERS_REGEX = re.compile("[A-Z0-9\-]+") def __init__(self): BaseConfig.__init__(self) @@ -52,7 +55,24 @@ class EIPConfig(BaseConfig): return self._safe_get_value("gateways") def get_openvpn_configuration(self): - return self._safe_get_value("openvpn_configuration") + """ + Returns a dictionary containing the openvpn configuration + parameters. + + These are sanitized with alphanumeric whitelist. + + @returns: openvpn configuration dict + @rtype: C{dict} + """ + ovpncfg = self._safe_get_value("openvpn_configuration") + config = {} + for key, value in ovpncfg.items(): + if key in self.OPENVPN_ALLOWED_KEYS and value is not None: + sanitized_val = self.OPENVPN_CIPHERS_REGEX.findall(value) + if len(sanitized_val) != 0: + _val = sanitized_val[0] + config[str(key)] = str(_val) + return config def get_serial(self): return self._safe_get_value("serial") @@ -61,6 +81,9 @@ class EIPConfig(BaseConfig): return self._safe_get_value("version") def get_gateway_ip(self, index=0): + """ + Returns the ip of the gateway + """ gateways = self.get_gateways() leap_assert(len(gateways) > 0, "We don't have any gateway!") if index > len(gateways): |