Fix code according to @jparise comments

- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
This commit is contained in:
Joseph Boiteau 2017-01-11 13:50:42 +11:00
parent 1651ac4bd5
commit 58f4658154
No known key found for this signature in database
GPG key ID: 03569E835707F0B0
2 changed files with 5 additions and 4 deletions

View file

@ -1,7 +1,7 @@
import os import os
import re
import sys import sys
import uuid import uuid
import re
import redis import redis
from redis.exceptions import ConnectionError from redis.exceptions import ConnectionError
@ -9,6 +9,8 @@ from redis.exceptions import ConnectionError
from flask import abort, Flask, render_template, request from flask import abort, Flask, render_template, request
SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot', 'Facebot', 'WhatsApp')
SNEAKY_USER_AGENTS_RE = re.compile('|'.join(SNEAKY_USER_AGENTS))
NO_SSL = os.environ.get('NO_SSL', False) NO_SSL = os.environ.get('NO_SSL', False)
app = Flask(__name__) app = Flask(__name__)
app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key') app.secret_key = os.environ.get('SECRET_KEY', 'Secret Key')
@ -84,9 +86,7 @@ def request_is_valid(request):
Ensure the request validates the following: Ensure the request validates the following:
- not made by some specific User-Agents (to avoid chat's preview feature issue) - not made by some specific User-Agents (to avoid chat's preview feature issue)
""" """
known_sneaky_user_agents = ['Slackbot', 'facebookexternalhit', 'Twitterbot', 'Facebot', 'WhatsApp'] return not SNEAKY_USER_AGENTS_RE.search(request.headers.get('User-Agent', ''))
user_agents_regexp = "|".join(known_sneaky_user_agents)
return not re.search(user_agents_regexp, request.headers.get('User-Agent', ''))
@app.route('/', methods=['GET']) @app.route('/', methods=['GET'])

View file

@ -82,6 +82,7 @@ class SnapPassRoutesTestCase(TestCase):
a_few_sneaky_bots = [ a_few_sneaky_bots = [
"Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)", "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)",
"facebookexternalhit/1.1", "facebookexternalhit/1.1",
"Facebot/1.0",
"Twitterbot/1.0", "Twitterbot/1.0",
"_WhatsApp/2.12.81 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00", "_WhatsApp/2.12.81 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
"WhatsApp/2.16.6/i" "WhatsApp/2.16.6/i"