Messagetype attack mitigation

PeterSurda · PeterSurda · commit c050ef0814b9 · 2018-02-13T23:33:12.000+01:00
- temporarily restrict messagetypes
- use a new "Contact support" address
diff --git a/src/bitmessageqt/support.py b/src/bitmessageqt/support.py
@@ -21,7 +21,8 @@
 from version import softwareVersion
 
 # this is BM support address going to Peter Surda
-SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK'
+OLD_SUPPORT_ADDRESS = 'BM-2cTkCtMYkrSPwFTpgcBrMrf5d8oZwvMZWK'
+SUPPORT_ADDRESS = 'BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832'
 SUPPORT_LABEL = 'PyBitmessage support'
 SUPPORT_MY_LABEL = 'My new address'
 SUPPORT_SUBJECT = 'Support request'
@@ -53,6 +54,7 @@
 '''
 
 def checkAddressBook(myapp):
+    sqlExecute('''DELETE from addressbook WHERE address=?''', OLD_SUPPORT_ADDRESS)
     queryreturn = sqlQuery('''SELECT * FROM addressbook WHERE address=?''', SUPPORT_ADDRESS)
     if queryreturn == []:
         sqlExecute('''INSERT INTO addressbook VALUES (?,?)''', str(QtGui.QApplication.translate("Support", SUPPORT_LABEL)), SUPPORT_ADDRESS)
diff --git a/src/messagetypes/__init__.py b/src/messagetypes/__init__.py
@@ -11,6 +11,9 @@ def encode(self):
 
 
 def constructObject(data):
+    whitelist = ["message"]
+    if data[""] not in whitelist:
+        return None
     try:
         m = import_module("messagetypes." + data[""])
         classBase = getattr(m, data[""].title())
