def verifySecret(addr, secret):
safetyCheck = re.compile(r'^([a-z0-9]{56})$')
try:
safeSecret = safetyCheck.fullmatch(str(secret)).group(1)
except AttributeError:
return False
if not ccm.personExists(addr):
return False
if not safeSecret:
return False
if secret == ccm.getSecretKey(addr):
return True
else:
return False
def revokeHostpital():
data = request.get_json(force=True)
if 'ID' not in data or 'AdminPass' not in data:
strike(
request.environ.get('REMOTE_ADDR'), None, None, 1
) # 1 strike for suspicious behavior, ip banned if 3 strikes in 15 minutes
return 'Improper Request', 400
ID = data['ID']
if data['AdminPass'] != creds.rmHospitalPass:
strike(
request.environ.get('REMOTE_ADDR'), None, None, 1
) # 1 strike for suspicious behavior, ip banned if 3 strikes in 15 minutes
return 'Invalid admin password. ', 403
ccm.revokeHospital(ID)
return 'Hospital removed', 202
def verifyHospital(ID, password):
safetyCheck = re.compile(r'^([a-z0-9]{56})$')
try:
safePass = safetyCheck.fullmatch(str(password)).group(1)
except AttributeError:
return False
if not ccm.hospitalExists(ID):
return False
if not safePass:
return False
if hashlib.sha224(safePass.encode(
'utf-8')).hexdigest() == ccm.getHospitalPassword(ID):
return True
else:
return False
def passRateLimit(macAddr): currentTime = datetime.datetime.now() lastAccess = ccm.getTimeOfLastAccess(macAddr) allowedTime = lastAccess + datetime.timedelta(hours=8) if allowedTime < currentTime: return True else: return False
def markPositive(addrList, self):
if ccm.getState(self[0]) == 6:
selfState = 6
metState = 7
else:
selfState = 2
metState = 3
for positive in addrList:
if ccm.personExists(positive): # Change state if person exists
# retry the write to the database up to 10 times if it fails
attempt = 1
while attempt <= 10:
if ccm.getState(positive) < metState:
success = ccm.changeState(positive,metState)
else:
success = True
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
else:
# if person not exist, create an unintiated Person with state
attempt = 1
while attempt <= 10:
success = ccm.addPerson(positive,metState,"",datetime.datetime.fromisoformat('2011-11-04 00:05:23.283'))
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
for positive in self:
if ccm.personExists(positive): # Change state if person exists
# retry the write to the database up to 10 times if it fails
attempt = 1
while attempt <= 10:
success = ccm.changeState(positive,selfState)
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
else:
# if person not exist, create an unintiated Person with state
attempt = 1
while attempt <= 10:
success = ccm.addPerson(positive,selfState,"",datetime.datetime.fromisoformat('2011-11-04 00:05:23.283'))
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
def confirmPositive(positives):
for positive in positives:
if ccm.personExists(positive): # Change state if person exists
# retry the write to the database up to 10 times if it fails
attempt = 1
while attempt <= 10:
success = ccm.changeState(positive,6)
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
else:
# if person not exist, create an unintiated Person with state
attempt = 1
while attempt <= 10:
success = ccm.addPerson(positive,6,"",datetime.datetime.fromisoformat('2011-11-04 00:05:23.283'))
time.sleep(0.1) # Delay to prevent reaching free tier IBM Cloudant limits
if success:
break
else:
attempt = attempt + 1
def databaseReset():
if creds.adminAgent not in request.user_agent.string:
strike(request.environ.get('REMOTE_ADDR'),None,None,1) # 1 strike for suspicious behavior, ip banned if 3 strikes in 15 minutes
return "Permission Denied",403
data = request.get_json(force=True)
if 'key' not in data:
strike(request.environ.get('REMOTE_ADDR'),None,None,1) # 1 strike for suspicious behavior, ip banned if 3 strikes in 15 minutes
return "Permission Denied",403
key = data['key']
if ccm.resetDatabase(key):
return "Action Completed", 202
else:
strike(request.environ.get('REMOTE_ADDR'),None,None,3)
return "Permission Denied", 403
def initNewUser(selfList):
addr = selfList[0]
secret = ""
time = datetime.datetime.fromisoformat('2011-11-04 00:05:23.283')
if not ccm.personExists(addr):
secret = hashlib.sha224((addr+str(os.urandom(128))+creds.salt).encode('utf-8')).hexdigest()
success = ccm.addPerson(addr,4,secret,time) # States: 1. Recovered, 2. Positive, 3. Contacted, 4. Neutral, 5. Confirmed Recovery, 6. Confirmed Positive, 7. Confirmed Contact
if not success:
raise cloudant.error.CloudantDatabaseException
else: #person, exists, but may not be initiated. This only occurs if person contacted a person marked positive
if (ccm.getState(addr) == 3 or ccm.getState(addr) == 2 or ccm.getState(addr) == 1) and ccm.getSecretKey(addr) == "":
secret = hashlib.sha224((addr+str(os.urandom(128))).encode('utf-8')).hexdigest()
success1 = ccm.changeSecretKey(addr,secret)
success2 = ccm.changeTimeOfLastAccess(addr,time)
if not success1 or not success2:
raise cloudant.error.CloudantDatabaseException
return secret
def shutdown(): ccm.cloudantCleanup()
def updateRateLimit(macAddr): currentTime = datetime.datetime.now() ccm.changeTimeOfLastAccess(macAddr,currentTime)
def deleteUser(user, secret): if not verifySecret(user,secret): # Do nothing if secret key does not match return None ccm.removePerson(user)
def markNegative(negative,secret): if not verifySecret(negative,secret): # Do nothing if secret key does not match return None ccm.changeState(negative,1) # Mark person as recovered
See the License for the specific language governing permissions and
limitations under the License.
"""
# Regular expressions to filter user input
isMacAddr = re.compile(r"([\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2}:[\da-fA-F]{2})")
isFloodAddr = re.compile("FF:FF:FF:FF:FF:FF",re.I)
OPERATORS = re.compile('SELECT|UPDATE|INSERT|DELETE|\*|OR|=', re.IGNORECASE)
# Initiate lists of banned entities
ip_ban_list = ExpiringDict(max_len=50*50000, max_age_seconds=15*60)
mac_ban_list = ExpiringDict(max_len=25*50000, max_age_seconds=15*60)
key_ban_list = ExpiringDict(max_len=25*1230, max_age_seconds=15*60)
# Set maintenance mode to false
maintenance = False
# Initiation of custom cloudant manipulation library, IAM signin and database integrity checks
ccm.init()
app = flask.Flask(__name__)
@app.errorhandler(404)
def page_not_found(e):
ip = request.environ.get('REMOTE_ADDR')
if ip == '127.0.0.1' or ip == '0.0.0.0' or ip == '0.0.0.0.0.0':
ip = request.environ.get('HTTP_X_REAL_IP')
strike(ip,None,None,2)
return 404
# Test if user is banned (had 3 strikes) or is committing a bannable offense (SQL injection, admin inpersonation)
# This is designed to slow down and discourage attackers without affecting users.
@app.before_request
def before_request():
def queryAddr(addrList):
for addr in addrList:
if ccm.getState(addr) == 3 or ccm.getState(addr) == 2:
return 1
return 0