diff --git a/exclude_badExits.py b/exclude_badExits.py index 86d24f7..86761a8 100644 --- a/exclude_badExits.py +++ b/exclude_badExits.py @@ -207,7 +207,7 @@ def lYamlGoodNodes(sFile='/etc/tor/torrc-goodnodes.yaml'): with open(sFile, 'rt') as oFd: o = yaml.safe_load(oFd) oGOOD_NODES = o - if 'GuardNodes' in o[root].keys(): + if 'GuardNodes' in o[oGOOD_ROOT].keys(): l += o[oGOOD_ROOT]['GuardNodes'] # yq '.Nodes.IntroductionPoints|.[]' < /etc/tor/torrc-goodnodes.yaml return l @@ -453,22 +453,22 @@ def oMainArgparser(_=None): help='proxy download connect timeout') parser.add_argument('--good_nodes', type=str, - default=os.path.join(ETC_DIR, '/torrc-goodnodes.yaml'), + default=os.path.join(ETC_DIR, 'torrc-goodnodes.yaml'), help="Yaml file of good nodes that should not be excluded") parser.add_argument('--bad_nodes', type=str, - default=os.path.join(ETC_DIR, '/torrc-badnodes.yaml'), + default=os.path.join(ETC_DIR, 'torrc-badnodes.yaml'), help="Yaml file of bad nodes that should also be excluded") parser.add_argument('--contact', type=str, default='Empty,NoEmail', help="comma sep list of conditions - Empty,NoEmail") parser.add_argument('--bad_contacts', type=str, - default='/tmp/badcontacts.yaml', + default=os.path.join(ETC_DIR, 'badcontacts.yaml'), help="Yaml file of bad contacts that bad FPs are using") parser.add_argument('--wait_boot', type=int, default=120, help="Seconds to wait for Tor to booststrap") parser.add_argument('--log_level', type=int, default=20, help="10=debug 20=info 30=warn 40=error") parser.add_argument('--bad_sections', type=str, - default='Hetzner,BadExit', + default='MyBadExit', help="sections of the badnodes.yaml to use, comma separated, '' BROKEN") parser.add_argument('--white_onions', type=str, default='', @@ -479,8 +479,7 @@ def oMainArgparser(_=None): help="Write the proof data of the included nodes to a YAML file") return parser -def vwrite_badnodes(oArgs): - global oBAD_NODES +def vwrite_badnodes(oArgs, oBAD_NODES): if oArgs.bad_nodes: tmp = oArgs.bad_nodes +'.tmp' bak = oArgs.bad_nodes +'.bak' @@ -492,8 +491,7 @@ def vwrite_badnodes(oArgs): os.rename(oArgs.bad_nodes, bak) os.rename(tmp, oArgs.bad_nodes) -def vwrite_goodnodes(oArgs): - global oGOOD_NODES +def vwrite_goodnodes(oArgs, oGOOD_NODES): if oArgs.good_nodes: tmp = oArgs.good_nodes +'.tmp' bak = oArgs.good_nodes +'.bak' @@ -580,7 +578,7 @@ def iMain(lArgs): relays = controller.get_server_descriptors() - lProofGoodFps = [] + tProofGoodFps = set() iDnsContact = 0 lBadContactUrls = [] iFakeContact = 0 @@ -595,7 +593,7 @@ def iMain(lArgs): continue relay.fingerprint = relay.fingerprint.upper() - sofar = f"G:{len(list(aProofUri.keys()))} U:{iDnsContact} F:{iFakeContact} BF:{len(exit_excludelist)} GF:{len(lProofGoodFps)} #{iR}" + sofar = f"G:{len(list(aProofUri.keys()))} U:{iDnsContact} F:{iFakeContact} BF:{len(exit_excludelist)} GF:{len(tProofGoodFps)} #{iR}" if not relay.exit_policy.is_exiting_allowed(): if sEXCLUDE_EXIT_KEY == 'ExcludeNodes': LOG.debug(f"{relay.fingerprint} not an exit {sofar}") @@ -603,14 +601,14 @@ def iMain(lArgs): LOG.warn(f"{relay.fingerprint} not an exit {sofar}") # continue - if relay.fingerprint in lProofGoodFps: + if relay.fingerprint in tProofGoodFps: # we already have it. continue if relay.fingerprint in aTRUST_DB: if aTRUST_DB[relay.fingerprint]['fps'] and \ relay.fingerprint in aTRUST_DB[relay.fingerprint]['fps']: - lProofGoodFps += relay.fingerprint + tProofGoodFps.add(relay.fingerprint) continue if relay.contact and b'dns-rsa' in relay.contact.lower(): @@ -676,7 +674,7 @@ def iMain(lArgs): continue # great contact had good fps and we are in them - lProofGoodFps += b['fps'] + tProofGoodFps.union(b['fps']) if relay.fingerprint in aProofUri.keys(): # a cached entry continue @@ -710,7 +708,7 @@ def iMain(lArgs): if oArgs.torrc_output and exit_excludelist: with open(oArgs.torrc_output, 'wt') as oFTorrc: oFTorrc.write(f"{sEXCLUDE_EXIT_KEY} {','.join(exit_excludelist)}\n") - oFTorrc.write(f"{sINCLUDE_EXIT_KEY} {','.join(lProofGoodFps)}\n") + oFTorrc.write(f"{sINCLUDE_EXIT_KEY} {','.join(tProofGoodFps)}\n") oFTorrc.write(f"{sINCLUDE_GUARD_KEY} {','.join(o[oGOOD_ROOT]['GuardNodes'])}\n") LOG.info(f"Wrote tor configuration to {oArgs.torrc_output}") oFTorrc.close() @@ -722,14 +720,14 @@ def iMain(lArgs): oFYaml.close() global oBAD_NODES - oBAD_NODES['BadNodes']['ExcludeNodes']['BadExit'] = exit_excludelist + oBAD_NODES[oBAD_ROOT]['ExcludeNodes']['BadExit'] = exit_excludelist global lKNOWN_NODNS - o[oBAD_ROOT]['ExcludeDomains'] = lKNOWN_NODNS - vwrite_badnodes(oArgs) + oBAD_NODES[oBAD_ROOT]['ExcludeDomains'] = lKNOWN_NODNS + vwrite_badnodes(oArgs, oBAD_NODES) global oGOOD_NODES - oGOOD_NODES['GoodNodes']['Relays']['ExitNodes'] = lProofGoodFps - vwrite_goodnodes(oArgs) + oGOOD_NODES['GoodNodes']['Relays']['ExitNodes'] = tProofGoodFps + vwrite_goodnodes(oArgs, oGOOD_NODES) retval = 0 try: @@ -744,9 +742,9 @@ def iMain(lArgs): retval += 1 try: - if lProofGoodFps: - LOG.info(f"{sINCLUDE_EXIT_KEY} {len(lProofGoodFps)} good nodes") - controller.set_conf(sINCLUDE_EXIT_KEY, lProofGoodFps) + if tProofGoodFps: + LOG.info(f"{sINCLUDE_EXIT_KEY} {len(tProofGoodFps)} good nodes") + controller.set_conf(sINCLUDE_EXIT_KEY, tProofGoodFps) except stem.SocketClosed as e: LOG.error(f"Failed setting {sINCLUDE_EXIT_KEY} good exit nodes in Tor") retval += 1 @@ -765,8 +763,6 @@ def iMain(lArgs): except InvalidRequest as e: # Unacceptable option value: Invalid router list. LOG.error(str(e)) - LOG.warn(f"lProofGoodFps: {lProofGoodFps}") - LOG.warn(f"{sEXCLUDE_EXIT_KEY}: {exit_excludelist}") retval = 1 return retval except KeyboardInterrupt: diff --git a/trustor_poc.py b/trustor_poc.py index 76e5ef7..9232c8c 100644 --- a/trustor_poc.py +++ b/trustor_poc.py @@ -1,5 +1,8 @@ # -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 - +# from https://github.com/nusenu/trustor-poc +# with minor refactoring to make the code more Pythonic. + import os import sys import datetime