hash tile etag to prevent information disclosure

2017-10-24 20:05:47 +02:00 · 2017-10-24 20:05:47 +02:00 · 0fbe1eb9bf
commit 0fbe1eb9bf
parent 71e3a5f6e5
2 changed files with 19 additions and 1 deletions
--- a/src/c3nav/mapdata/views.py
+++ b/src/c3nav/mapdata/views.py
@ -1,8 +1,10 @@
+import hashlib
 import os

 from django.conf import settings
 from django.core.cache import cache
 from django.core.exceptions import PermissionDenied
+from django.core.signing import b64_encode
 from django.http import Http404, HttpResponse, HttpResponseNotModified
 from django.shortcuts import get_object_or_404
 from shapely.geometry import box
@ -43,7 +45,9 @@ def tile(request, level, zoom, x, y, format):
    update_cache_key = renderer.update_cache_key

    # check browser cache
-    etag = tile_cache_key
+    etag = b64_encode(hashlib.sha256(
+        ('%d-%d-%d-%d:%s:%s' % (level, zoom, x, y, tile_cache_key, settings.SECRET_TILE_KEY)).encode()
+    ).digest())
    if_none_match = request.META.get('HTTP_IF_NONE_MATCH')
    if if_none_match == etag:
        return HttpResponseNotModified()
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -55,6 +55,20 @@ else:
            os.chown(SECRET_FILE, os.getuid(), os.getgid())
            f.write(SECRET_KEY)

+if config.has_option('c3nav', 'tile_secret'):
+    SECRET_TILE_KEY = config.get('c3nav', 'tile_secret')
+else:
+    SECRET_TILE_FILE = os.path.join(DATA_DIR, '.tile_secret')
+    if os.path.exists(SECRET_TILE_FILE):
+        with open(SECRET_TILE_FILE, 'r') as f:
+            SECRET_TILE_KEY = f.read().strip()
+    else:
+        SECRET_TILE_KEY = get_random_string(50, string.printable)
+        with open(SECRET_TILE_FILE, 'w') as f:
+            os.chmod(SECRET_TILE_FILE, 0o600)
+            os.chown(SECRET_TILE_FILE, os.getuid(), os.getgid())
+            f.write(SECRET_TILE_KEY)
+
 # Adjustable settings

 debug_fallback = "runserver" in sys.argv