Merge branch 'master' into ephemeral

Conflicts:
	onionshare/helpers.py
	onionshare/onionshare.py

SECURITY.md

@@ -17,7 +17,7 @@ As soon as the shared files get downloaded, or when the sender closes OnionShare
 * **Third parties don't have access to files being shared.** The files are hosted directly on the sender's computer and don't get uploaded to any server. Instead, the sender's computer becomes the server. Traditional ways of sending files, like in an email or using a cloud hosting service, require trusting the service with access to the files being shared.
 * **Network eavesdroppers can't spy on files in transit.** Because connections between Tor hidden services and Tor Browser are end-to-end encrypted, no network attackers can eavesdrop on the shared files while the recipient is downloading them. If the eavesdropper is positioned on the sender's end, the recipient's end, or is a malicious Tor node, they will only see Tor traffic. If the eavesdropper is a malicious rendezvous node used to connect the recipient's Tor client with the sender's hidden service, the traffic will be encrypted using the hidden service key.
 * **Anonymity of sender and recipient are protected by Tor.** OnionShare and Tor Browser protect the anonymity of the users. As long as the sender anonymously communicates the OnionShare URL with the recipient, the recipient and eavesdroppers can't learn the identity of the sender.
-* **If an attacker enumerates the hidden service, the shared files remain safe.** There have been attacks against the Tor network that can enumerate hidden services. If someone discovers the .onion address of an OnionShare hidden service, they still cannot download the shared files without knowing the slug. The slug is generated using 16 bits of entropy, and the OnionShare server checks request URIs using a constant time string comparison function, so timing attacks can't be used to guess the slug.
+* **If an attacker enumerates the hidden service, the shared files remain safe.** There have been attacks against the Tor network that can enumerate hidden services. If someone discovers the .onion address of an OnionShare hidden service, they still cannot download the shared files without knowing the slug. The slug is generated using 16 bytes of entropy, and the OnionShare server checks request URIs using a constant time string comparison function, so timing attacks can't be used to guess the slug.
 
 ## What it doesn't protect against
 

locale/nl.json

@@ -35,9 +35,12 @@
     "gui_stop_server": "Stop server",
     "gui_copy_url": "Kopier URL",
     "gui_downloads": "Downloads:",
+    "gui_canceled": "Afgebroken",
     "gui_copied_url": "URL gekopieerd naar klembord",
     "gui_starting_server1": "Tor verborgen service wordt gestart...",
     "gui_starting_server2": "Bestanden verwerken...",
     "gui_starting_server3": "Wachten op Tor verborgen service...",
-    "gui_please_wait": "Moment geduld..."
+    "gui_please_wait": "Moment geduld...",
+    "error_hs_dir_cannot_create": "Kan verborgen service map {0:s} niet aanmaken",
+    "error_hs_dir_not_writable": "Verborgen service map {0:s} is niet schrijfbaar"
 }

onionshare/helpers.py

@@ -27,6 +27,9 @@ sys.setdefaultencoding("utf-8")
 
 
 def get_platform():
+    """
+    Returns the platform OnionShare is running on.
+    """
     return platform.system()
 
 if get_platform() == 'Darwin':
@@ -37,14 +40,22 @@ if get_platform() == 'Darwin':
 else:
     osx_resources_dir = None
 
+
 def get_onionshare_dir():
+    """
+    Returns the OnionShare directory.
+    """
     if get_platform() == 'Darwin':
         onionshare_dir = os.path.dirname(__file__)
     else:
         onionshare_dir = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
     return onionshare_dir
 
+
 def get_html_path(filename):
+    """
+    Returns the path of the html files.
+    """
     p = platform.system()
     if p == 'Darwin':
         prefix = os.path.join(osx_resources_dir, 'html')
@@ -54,6 +65,9 @@ def get_html_path(filename):
 
 
 def constant_time_compare(val1, val2):
+    """
+    Compares two values in constant time.
+    """
     _builtin_constant_time_compare = getattr(hmac, 'compare_digest', None)
     if _builtin_constant_time_compare is not None:
         return _builtin_constant_time_compare(val1, val2)
@@ -71,6 +85,9 @@ def constant_time_compare(val1, val2):
 
 
 def random_string(num_bytes, output_len=None):
+    """
+    Returns a random string with a specified number of bytes.
+    """
     b = os.urandom(num_bytes)
     h = hashlib.sha256(b).digest()[:16]
     s = base64.b32encode(h).lower().replace('=', '')
@@ -80,6 +97,9 @@ def random_string(num_bytes, output_len=None):
 
 
 def human_readable_filesize(b):
+    """
+    Returns filesize in a human readable format.
+    """
     thresh = 1024.0
     if b < thresh:
         return '{0:.1f} B'.format(b)
@@ -93,6 +113,9 @@ def human_readable_filesize(b):
 
 
 def is_root():
+    """
+    Returns if user is root.
+    """
     return os.geteuid() == 0
 
 

onionshare/onionshare.py

@@ -26,6 +26,7 @@ class OnionShare(object):
         self.port = None
         self.hs = None
         self.hidserv_dir = None
+        self.onion_host = None
 
         # files and dirs to delete on shutdown
         self.cleanup_filenames = []

onionshare/socks.py

@@ -14,7 +14,7 @@ are permitted provided that the following conditions are met:
 3. Neither the name of Dan Haim nor the names of his contributors may be used
    to endorse or promote products derived from this software without specific
    prior written permission.
-   
+
 THIS SOFTWARE IS PROVIDED BY DAN HAIM "AS IS" AND ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
@@ -40,7 +40,7 @@ mainly to merge bug fixes found in Sourceforge
 Modifications made by Anorov (https://github.com/Anorov)
 -Forked and renamed to PySocks
 -Fixed issue with HTTP proxy failure checking (same bug that was in the old ___recvall() method)
--Included SocksiPyHandler (sockshandler.py), to be used as a urllib2 handler, 
+-Included SocksiPyHandler (sockshandler.py), to be used as a urllib2 handler,
  courtesy of e000 (https://github.com/e000): https://gist.github.com/869791#file_socksipyhandler.py
 -Re-styled code to make it readable
     -Aliased PROXY_TYPE_SOCKS5 -> SOCKS5 etc.
@@ -136,7 +136,7 @@ def set_default_proxy(proxy_type=None, addr=None, port=None, rdns=True, username
     Sets a default proxy which all further socksocket objects will use,
     unless explicitly changed.
     """
-    socksocket.default_proxy = (proxy_type, addr.encode(), port, rdns, 
+    socksocket.default_proxy = (proxy_type, addr.encode(), port, rdns,
                                 username.encode() if username else None,
                                 password.encode() if password else None)
 
@@ -200,7 +200,7 @@ class socksocket(socket.socket):
 
     def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, _sock=None):
         _orig_socket.__init__(self, family, type, proto, _sock)
-        
+
         if self.default_proxy:
             self.proxy = self.default_proxy
         else:
@@ -245,7 +245,7 @@ class socksocket(socket.socket):
         password -    Password to authenticate with to the server.
                        Only relevant when username is also provided.
         """
-        self.proxy = (proxy_type, addr.encode(), port, rdns, 
+        self.proxy = (proxy_type, addr.encode(), port, rdns,
                       username.encode() if username else None,
                       password.encode() if password else None)
 
@@ -292,18 +292,18 @@ class socksocket(socket.socket):
             # No username/password were entered, therefore we
             # only support connections with no authentication.
             self.sendall(b"\x05\x01\x00")
-        
+
         # We'll receive the server's response to determine which
         # method was selected
         chosen_auth = self._recvall(2)
 
         if chosen_auth[0:1] != b"\x05":
-            # Note: string[i:i+1] is used because indexing of a bytestring 
+            # Note: string[i:i+1] is used because indexing of a bytestring
             # via bytestring[i] yields an integer in Python 3
             raise GeneralProxyError("SOCKS5 proxy server sent invalid data")
-        
+
         # Check the chosen authentication method
-        
+
         if chosen_auth[1:2] == b"\x02":
             # Okay, we need to perform a basic username/password
             # authentication.
@@ -318,17 +318,17 @@ class socksocket(socket.socket):
             if auth_status[1:2] != b"\x00":
                 # Authentication failed
                 raise SOCKS5AuthError("SOCKS5 authentication failed")
-            
+
             # Otherwise, authentication succeeded
 
-        # No authentication is required if 0x00 
+        # No authentication is required if 0x00
         elif chosen_auth[1:2] != b"\x00":
             # Reaching here is always bad
             if chosen_auth[1:2] == b"\xFF":
                 raise SOCKS5AuthError("All offered SOCKS5 authentication methods were rejected")
             else:
                 raise GeneralProxyError("SOCKS5 proxy server sent invalid data")
-        
+
         # Now we can request the actual connection
         req = b"\x05\x01\x00"
         # If the given destination address is an IP address, we'll
@@ -349,7 +349,7 @@ class socksocket(socket.socket):
 
         req += struct.pack(">H", dest_port)
         self.sendall(req)
-        
+
         # Get the response
         resp = self._recvall(4)
         if resp[0:1] != b"\x05":
@@ -360,7 +360,7 @@ class socksocket(socket.socket):
             # Connection failed: server returned an error
             error = SOCKS5_ERRORS.get(status, "Unknown error")
             raise SOCKS5Error("{:#04x}: {}".format(status, error))
-        
+
         # Get the bound address/port
         if resp[3:4] == b"\x01":
             bound_addr = self._recvall(4)
@@ -369,7 +369,7 @@ class socksocket(socket.socket):
             bound_addr = self._recvall(ord(resp[4:5]))
         else:
             raise GeneralProxyError("SOCKS5 proxy server sent invalid data")
-        
+
         bound_port = struct.unpack(">H", self._recvall(2))[0]
         self.proxy_sockname = bound_addr, bound_port
         if addr_bytes:
@@ -394,15 +394,15 @@ class socksocket(socket.socket):
                 remote_resolve = True
             else:
                 addr_bytes = socket.inet_aton(socket.gethostbyname(dest_addr))
-        
+
         # Construct the request packet
         req = struct.pack(">BBH", 0x04, 0x01, dest_port) + addr_bytes
-        
+
         # The username parameter is considered userid for SOCKS4
         if username:
             req += username
         req += b"\x00"
-        
+
         # DNS name if remote resolving is required
         # NOTE: This is actually an extension to the SOCKS4 protocol
         # called SOCKS4A and may not be supported in all cases.
@@ -439,25 +439,25 @@ class socksocket(socket.socket):
         # If we need to resolve locally, we do this now
         addr = dest_addr if rdns else socket.gethostbyname(dest_addr)
 
-        self.sendall(b"CONNECT " + addr.encode() + b":" + str(dest_port).encode() + 
+        self.sendall(b"CONNECT " + addr.encode() + b":" + str(dest_port).encode() +
                      b" HTTP/1.1\r\n" + b"Host: " + dest_addr.encode() + b"\r\n\r\n")
-        
+
         # We just need the first line to check if the connection was successful
         fobj = self.makefile()
         status_line = fobj.readline()
         fobj.close()
-        
+
         if not status_line:
             raise GeneralProxyError("Connection closed unexpectedly")
-        
+
         try:
             proto, status_code, status_msg = status_line.split(" ", 2)
         except ValueError:
             raise GeneralProxyError("HTTP proxy server sent invalid response")
-            
+
         if not proto.startswith("HTTP/"):
             raise GeneralProxyError("Proxy server does not appear to be an HTTP proxy")
-        
+
         try:
             status_code = int(status_code)
         except ValueError:
@@ -475,7 +475,7 @@ class socksocket(socket.socket):
         self.proxy_peername = addr, dest_port
 
     def connect(self, dest_pair):
-        """        
+        """
         Connects to the specified destination through a proxy.
         Uses the same API as socket's connect().
         To select the proxy server, use set_proxy().
@@ -500,7 +500,7 @@ class socksocket(socket.socket):
         proxy_port = proxy_port or DEFAULT_PORTS.get(proxy_type)
         if not proxy_port:
             raise GeneralProxyError("Invalid proxy type")
-        
+
         try:
             # Initial connection to proxy server
             _orig_socket.connect(self, (proxy_addr, proxy_port))

onionshare/strings.py

@@ -17,13 +17,17 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
-import json, locale, sys, os, inspect
+import json, locale, sys, os
 import helpers
 
 strings = {}
 
 
 def load_strings(default="en"):
+    """
+    Loads translated strings and fallback to English
+    if the translation does not exist.
+    """
     global strings
     p = helpers.get_platform()
 
@@ -36,25 +40,28 @@ def load_strings(default="en"):
         locale_dir = os.path.join(os.path.dirname(helpers.get_onionshare_dir()), 'locale')
 
     # load all translations
-    translated = {}
+    translations = {}
     for filename in os.listdir(locale_dir):
         abs_filename = os.path.join(locale_dir, filename)
         lang, ext = os.path.splitext(filename)
         if abs_filename.endswith('.json'):
-            translated[lang] = json.loads(open(abs_filename).read())
+            translations[lang] = json.loads(open(abs_filename).read())
 
-    strings = translated[default]
+    strings = translations[default]
     lc, enc = locale.getdefaultlocale()
     if lc:
         lang = lc[:2]
-        if lang in translated:
+        if lang in translations:
             # if a string doesn't exist, fallback to English
-            for key in translated[default]:
+            for key in translations[default]:
-                if key in translated[lang]:
+                if key in translations[lang]:
-                    strings[key] = translated[lang][key]
+                    strings[key] = translations[lang][key]
 
 
 def translated(k, gui=False):
+    """
+    Returns a translated string.
+    """
     if gui:
         return strings[k].encode("utf-8").decode('utf-8', 'replace')
     else:

onionshare/web.py

@@ -17,7 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
-import Queue, mimetypes, platform, os, sys, zipfile, urllib2
+import Queue, mimetypes, platform, os, sys, urllib2
 from flask import Flask, Response, request, render_template_string, abort
 
 import strings, helpers
@@ -70,10 +70,10 @@ REQUEST_CANCELED = 4
 q = Queue.Queue()
 
 
-def add_request(type, path, data=None):
+def add_request(request_type, path, data=None):
     global q
     q.put({
-        'type': type,
+        'type': request_type,
         'path': path,
         'data': data
     })
@@ -148,7 +148,7 @@ def download(slug_candidate):
     basename = os.path.basename(zip_filename)
 
     def generate():
-        chunk_size = 102400 # 100kb
+        chunk_size = 102400  # 100kb
 
         fp = open(zip_filename, 'rb')
         done = False

onionshare_gui/common.py

@@ -20,7 +20,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os, sys, inspect, platform
 from onionshare import helpers
 
+
 def get_onionshare_gui_dir():
+    """
+    Returns the OnionShare gui directory.
+    """
     p = helpers.get_platform()
     if p == 'Darwin':
         onionshare_gui_dir = os.path.dirname(__file__)
@@ -32,6 +36,9 @@ onionshare_gui_dir = get_onionshare_gui_dir()
 
 
 def get_image_path(filename):
+    """
+    Returns the OnionShare image path.
+    """
     p = helpers.get_platform()
     if p == 'Linux' or p == 'Tails':
         prefix = os.path.join(sys.prefix, 'share/onionshare/images')

onionshare_gui/onionshare_gui.py

@@ -26,7 +26,7 @@ import common
 try:
     import onionshare
 except ImportError:
-    sys.path.append(os.path.abspath(common.onionshare_gui_dir+"/.."))
+    sys.path.append(os.path.abspath(common.onionshare_gui_dir + "/.."))
     import onionshare
 from onionshare import strings, helpers, web
 
@@ -42,6 +42,14 @@ class Application(QtGui.QApplication):
         if platform == 'Linux':
             self.setAttribute(QtCore.Qt.AA_X11InitThreads, True)
         QtGui.QApplication.__init__(self, sys.argv)
+        self.installEventFilter(self)
+
+    def eventFilter(self, obj, event):
+        if (event.type() == QtCore.QEvent.KeyPress and
+            event.key() == QtCore.Qt.Key_Q and
+            event.modifiers() == QtCore.Qt.ControlModifier):
+                self.quit()
+        return False
 
 
 class OnionShareGui(QtGui.QWidget):

onionshare_gui/server_status.py

@@ -144,7 +144,7 @@ class ServerStatus(QtGui.QVBoxLayout):
             GMEM_DDESHARE = 0x2000
             ctypes.windll.user32.OpenClipboard(None)
             ctypes.windll.user32.EmptyClipboard()
-            hcd = ctypes.windll.kernel32.GlobalAlloc(GMEM_DDESHARE, len(bytes(url))+1)
+            hcd = ctypes.windll.kernel32.GlobalAlloc(GMEM_DDESHARE, len(bytes(url)) + 1)
             pch_data = ctypes.windll.kernel32.GlobalLock(hcd)
             ctypes.cdll.msvcrt.strcpy(ctypes.c_char_p(pch_data), bytes(url))
             ctypes.windll.kernel32.GlobalUnlock(hcd)

setup.py

@@ -123,5 +123,5 @@ elif system == 'Darwin':
                     'PyQt4.QtSvg', 'PyQt4.QtXmlPatterns']
             }
         },
-        setup_requires=['py2app'],
+        setup_requires=['py2app', 'flask', 'stem'],
     )