Skip to content

Commit

Permalink
Further improve spam protection
Browse files Browse the repository at this point in the history
  • Loading branch information
AMDmi3 committed Sep 26, 2024
1 parent 346dc7c commit cf48736
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
5 changes: 5 additions & 0 deletions repology.conf.default
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,11 @@ DISABLED_REPORTS = []
#
SPAM_KEYWORDS = []

#
# Do not allow reports from these networks
#
SPAM_NETWORKS = []

#
# Default timezone to use in the web interface
# The webapp tries to replace this to user's local timezone with javascript
Expand Down
10 changes: 10 additions & 0 deletions repologyapp/views/project.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
from dataclasses import dataclass
from datetime import timedelta
from functools import cmp_to_key
from ipaddress import ip_address, ip_network
from typing import Any, Callable, Collection, Iterable, Self, TypeAlias, TypeVar

import flask
Expand Down Expand Up @@ -505,6 +506,15 @@ def project_report(name: str) -> Response:
if need_vuln and (comment is None or 'nvd.nist.gov/vuln/detail/CVE-' not in comment):
errors.append('link to missing NVD CVE entry (e.g. https://nvd.nist.gov/vuln/detail/CVE-*) is required')

try:
address = ip_address(flask.request.remote_addr)
for network in config['SPAM_NETWORKS']:
if address in ip_network(network):
errors.append('spammers not welcome')
break
except ValueError:
pass

if not errors:
get_db().add_report(
name,
Expand Down

0 comments on commit cf48736

Please sign in to comment.