xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Changes between Version 2 and Version 3 of Ticket #274


Ignore:
Timestamp:
02/28/13 16:31:09 (9 years ago)
Author:
Antoine Martin
Comment:

Here is a hardcoded regular expression filter which will block any string containing the word "virii":

--- src/xpra/platform/clipboard_base.py	(revision 2850)
+++ src/xpra/platform/clipboard_base.py	(working copy)
@@ -123,6 +123,10 @@
             ints = struct.unpack(binfmt, data)
             return "integers", ints
         elif dformat == 8:
+            import re
+            if re.match("virii", data):
+                log.info("virii string blocked: %s", data)
+                return None, None
             return "bytes", data
         else:
             log.error("unhandled format %s for clipboard data type %s" % (dformat, dtype))

This is just an example, but it shows how trivial it would be to pattern match the keyboard data and discard data. It only filters on the way out, but I don't think we really care about the way in: if you connect to a malicious server, surely you have bigger problems? We'll need to check every possible (..) clipboard transfer to make sure that data isn't transferred using some other encoding which would defeat the filter. Does it work with "utf8" and "latin1", what about other encodings?

Now, I'm not sure how we can make this customizable by the user, maybe:

--clipboard-filter=FILENAME

With a list of regular expressions stored in this file? And maybe we could ship a default file too, maybe in /etc/xpra/clipboard-filter.re

Or maybe we want to have different actions (one per file, or specified for each regex): drop (just harmless stuff that we want to ignore), alert (dangerous stuff that we want to warn about), ..

The python regular expression module is documented here and supports all standard regex constructs.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #274 – Description

    v2 v3  
    1212
    1313
     14
    1415It would be nice if we could inject more filters, say:
    1516* a regex filter for strings (client-side interpretation of encodings can make this very tricky)
    1617* an external filter (virus scanner, etc)
     18* clipboard direction: #276