From 2eb51bcbe65e4ba338a3b2dd932e179f5bf6c12c Mon Sep 17 00:00:00 2001 From: SomberNight Date: Mon, 17 Jun 2024 16:30:32 +0000 Subject: [PATCH] trustedcoin: sanitize error messages coming from 2fa server related https://github.com/spesmilo/electrum/issues/9096 --- electrum/gui/qml/components/OtpDialog.qml | 2 ++ electrum/plugins/trustedcoin/qml.py | 2 +- electrum/plugins/trustedcoin/trustedcoin.py | 18 ++++++++++++------ 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/electrum/gui/qml/components/OtpDialog.qml b/electrum/gui/qml/components/OtpDialog.qml index cfd80bda0..a32d2e38f 100644 --- a/electrum/gui/qml/components/OtpDialog.qml +++ b/electrum/gui/qml/components/OtpDialog.qml @@ -52,6 +52,8 @@ ElDialog { Layout.topMargin: constants.paddingMedium Layout.bottomMargin: constants.paddingMedium Layout.alignment: Qt.AlignHCenter + Layout.fillWidth: true + wrapMode: Text.Wrap text: _otpError color: constants.colorError diff --git a/electrum/plugins/trustedcoin/qml.py b/electrum/plugins/trustedcoin/qml.py index f8a57693d..a9b30e75d 100644 --- a/electrum/plugins/trustedcoin/qml.py +++ b/electrum/plugins/trustedcoin/qml.py @@ -109,7 +109,7 @@ class Plugin(TrustedCoinPlugin): else: self.on_failure(_('Service Error') + ':\n' + str(e)) except Exception as e: - self.on_failure(_('Error') + ':\n' + str(e)) + self.on_failure(_('Error') + ':\n' + str(e)) else: self.on_success(self.tx) diff --git a/electrum/plugins/trustedcoin/trustedcoin.py b/electrum/plugins/trustedcoin/trustedcoin.py index 35f600c12..10e5ed291 100644 --- a/electrum/plugins/trustedcoin/trustedcoin.py +++ b/electrum/plugins/trustedcoin/trustedcoin.py @@ -27,9 +27,9 @@ import json import time import hashlib from typing import Dict, Union, Sequence, List, TYPE_CHECKING - from urllib.parse import urljoin from urllib.parse import quote + from aiohttp import ClientResponse from electrum import ecc, constants, keystore, version, bip32, bitcoin @@ -40,7 +40,7 @@ from electrum.mnemonic import Mnemonic, calc_seed_type, is_any_2fa_seed_type from electrum.wallet import Multisig_Wallet, Deterministic_Wallet from electrum.i18n import _ from electrum.plugin import BasePlugin, hook -from electrum.util import NotEnoughFunds, UserFacingException +from electrum.util import NotEnoughFunds, UserFacingException, error_text_str_to_safe_str from electrum.network import Network from electrum.logging import Logger @@ -103,8 +103,14 @@ RESTORE_MSG = _("Enter the seed for your 2-factor wallet:") class TrustedCoinException(Exception): - def __init__(self, message, status_code=0): - Exception.__init__(self, message) + def __init__(self, message, *, status_code=0): + # note: 'message' is arbitrary text coming from the server + safer_message = ( + f"Received error from 2FA server\n" + f"[DO NOT TRUST THIS MESSAGE]:\n\n" + f"status_code={status_code}\n\n" + f"{error_text_str_to_safe_str(message)}") + Exception.__init__(self, safer_message) self.status_code = status_code @@ -134,7 +140,7 @@ class TrustedCoinCosignerClient(Logger): message = r['message'] except Exception: message = await resp.text() - raise TrustedCoinException(message, resp.status) + raise TrustedCoinException(message, status_code=resp.status) try: return await resp.json() except Exception: @@ -304,7 +310,7 @@ class Wallet_2fa(Multisig_Wallet): fee=None, change_addr: str = None, is_sweep=False, - rbf=False) -> PartialTransaction: + rbf=False) -> PartialTransaction: # FIXME method signature mk_tx = lambda o: Multisig_Wallet.make_unsigned_transaction( self, coins=coins, outputs=o, fee=fee, change_addr=change_addr, rbf=rbf)