Mastodon
/
forget-cancellare-vecchi-toot
mirror of https://github.com/codl/forget
2
0
Fork 0
Code Issues Releases Wiki Activity

pad to avoid oracle attacks on /api/known_instances

This commit is contained in:
codl 2019-03-15 18:29:55 +01:00
parent 8cca6c2fe3
commit ec10d15217
No known key found for this signature in database
GPG Key ID: 6CD7C8891ED1233A
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
routes/api.py
View File

@ -4,6 +4,7 @@ from flask import jsonify, redirect, make_response, request, Response
from model import Account from model import Account
import libforget.settings import libforget.settings
import libforget.json import libforget.json
import random
@app.route('/api/health_check') @app.route('/api/health_check')
def health_check(): def health_check():
@ -68,6 +69,10 @@ def known_instances():
if not known: if not known:
return Response('[]', 404, mimetype='application/json') return Response('[]', 404, mimetype='application/json')
# pad to avoid oracle attacks
for _ in range(random.randint(0, 1000)):
known += random.choice((' ', '\t', '\n'))
return Response(known, mimetype='application/json') return Response(known, mimetype='application/json')
elif request.method == 'DELETE': elif request.method == 'DELETE':