enhance auto-block

with string protectors
2026-03-28 17:32:36 +01:00 · 2025-10-31 16:19:13 -07:00
parent 47dd75bfb3
commit 17221cf37f
3 changed files with 12 additions and 7 deletions
--- a/mesh_bot.py
+++ b/mesh_bot.py
@@ -1894,7 +1894,7 @@ def onReceive(packet, interface):
                logger.debug(f"System: Packet HopDebugger: hop_away:{hop_away} hop_limit:{hop_limit} hop_start:{hop_start} calculated_hop_count:{hop_count} final_hop_value:{hop} via_mqtt:{via_mqtt} transport_mechanism:{transport_mechanism} Hostname:{rxNodeHostName}")

            # check with stringSafeChecker if the message is safe
-            if stringSafeCheck(message_string) is False:
+            if stringSafeCheck(message_string, message_from_id) is False:
                logger.warning(f"System: Possibly Unsafe Message from {get_name_from_number(message_from_id, 'long', rxNode)}")

            if help_message in message_string or welcome_message in message_string or "CMD?:" in message_string:
--- a/modules/system.py
+++ b/modules/system.py
@@ -951,20 +951,22 @@ def messageTrap(msg):
                return True
    return False

-def stringSafeCheck(s):
+def stringSafeCheck(s, fromID=0):
    # Check if a string is safe to use, no control characters or non-printable characters
    if not all(c.isprintable() or c.isspace() for c in s):
-        return False
+        ban_hammer(fromID, reason="Non-printable character in message")
+        return False # non-printable characters found
    if any(ord(c) < 32 and c not in '\n\r\t' for c in s):
-        return False
+        ban_hammer(fromID, reason="Control character in message")
+        return False # control characters found
    if any(c in s for c in ['\x0b', '\x0c', '\x1b']):
-        return False
+        return False # vertical tab, form feed, escape characters found
    if len(s) > 1000:
        return False
    # Check for single-character injections
    single_injection_chars = [';', '|', '}', '>', ')']
    if any(c in s for c in single_injection_chars):
-        return False
+        return False # injection character found
    # Check for multi-character patterns
    multi_injection_patterns = ['../', '||']
    if any(pattern in s for pattern in multi_injection_patterns):
@@ -981,6 +983,9 @@ def ban_hammer(node_id, rxInterface=None, channel=None, reason=""):
    current_time = time.time()
    node_id_str = str(node_id)

+    if isNodeAdmin(node_id_str):
+        return False  # Do not ban admin nodes
+
    # Check if the node is already banned
    if node_id_str in bbs_ban_list or node_id_str in autoBanlist:
        return True  # Node is already banned
--- a/pong_bot.py
+++ b/pong_bot.py
@@ -394,7 +394,7 @@ def onReceive(packet, interface):
                logger.debug(f"System: Packet HopDebugger: hop_away:{hop_away} hop_limit:{hop_limit} hop_start:{hop_start} calculated_hop_count:{hop_count} final_hop_value:{hop} via_mqtt:{via_mqtt} transport_mechanism:{transport_mechanism} Hostname:{rxNodeHostName}")

            # check with stringSafeChecker if the message is safe
-            if stringSafeCheck(message_string) is False:
+            if stringSafeCheck(message_string, message_from_id) is False:
                logger.warning(f"System: Possibly Unsafe Message from {get_name_from_number(message_from_id, 'long', rxNode)}")

            if help_message in message_string or welcome_message in message_string or "CMD?:" in message_string: