From 3642e1320c0f2844d4d07de2da6b765ca07f8172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Mon, 10 Jun 2019 16:58:57 +0200 Subject: e2ee api: filter out non-whitelisted tags if not doing stanza encryption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maxime “pep” Buquet --- poezio/plugin_e2ee.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/poezio/plugin_e2ee.py b/poezio/plugin_e2ee.py index 86b871fd..eec2af63 100644 --- a/poezio/plugin_e2ee.py +++ b/poezio/plugin_e2ee.py @@ -29,10 +29,27 @@ ChatTabs = Union[ EME_NS = 'urn:xmpp:eme:0' EME_TAG = 'encryption' +JCLIENT_NS = 'jabber:client' +HINTS_NS = 'urn:xmpp:hints' + class E2EEPlugin(BasePlugin): """Interface for E2EE plugins""" + # Specifies that the encryption mechanism does more than encrypting + # . + stanza_encryption = False + + # Whitelist applied to messages when `stanza_encryption` is False. + tag_whitelist = list(map(lambda x: '{%s}%s' % (x[0], x[1]), [ + (JCLIENT_NS, 'body'), + (EME_NS, EME_TAG), + (HINTS_NS, 'store'), + (HINTS_NS, 'no-copy'), + (HINTS_NS, 'no-store'), + (HINTS_NS, 'no-permanent-store'), + ])) + # At least one of encryption_name and encryption_short_name must be set encryption_name = None # type: Optional[str] encryption_short_name = None # type: Optional[str] @@ -157,6 +174,12 @@ class E2EEPlugin(BasePlugin): # Call the enabled encrypt method self._enabled_tabs[jid](message, tab) + # Filter stanza with the whitelist if we don't do stanza encryption + if not self.stanza_encryption: + for elem in message.xml[:]: + if elem.tag not in self.tag_whitelist: + message.xml.remove(elem) + log.debug('Decrypted %s message: %r', self.encryption_name, message['body']) return None -- cgit v1.2.3