Improve `getcoins.py` #24119

There were few improvements discussed in #23162 (comment)

Sanitize any strings coming from the faucet. Require the captcha to be in a specific image format (this is currently left open), by making the input -:svg. This is a compromise as it would limit flexibility to change image formats in the future. Limit the size/complexity of the SVG, limit dimensions—don't know if ImageMagick has introspection into this before actually rendering the thing, you might need a sifferent SVG parser.

I could also find one recommendation in https://lgtm.com/projects/g/bitcoin/bitcoin/rev/a6d9675d604827892e31a47994af3b64440f66db:

Except block directly handles BaseException. Handling 'BaseException' means that system exits and keyboard interrupts may be mis-handled.

I am not sure what is the best way to handle exceptions in python however improving other things related to captcha and security are important.

Useful skills:

• Python
• Secure Coding

Want to work on this issue?

For guidance on contributing, please read CONTRIBUTING.md before opening your pull request.

Hey, I would like to work on this issue, do you want this https://github.com/bitcoin/bitcoin/blob/master/contrib/signet/getcoins.py#L123 (except block) to handle exception only if the args.captcha couldn't fetched by session.get [requests.exceptions.ConnectionError]? and also I think we can use https://wiki.python.org/moin/EscapingHtml to santize inputs.

do you want this https://github.com/bitcoin/bitcoin/blob/master/contrib/signet/getcoins.py#L123 (except block) to handle exception only if the args.captcha couldn't fetched by session.get [requests.exceptions.ConnectionError]?

1. Yes we need to improve that except block
2. Based on my understanding we need multiple except blocks to handle different types of exceptions. I am not sure hence created an issue.

and also I think we can use https://wiki.python.org/moin/EscapingHtml to sanitize inputs.

1. Sanitize image
2. Require captcha to be in a specific format
3. Limit size of image

Can also add one warning or note below captcha that this is based on faucet website URL.

Hi, I would like to contribute here. I think I can do something about the latter issue. I just want more clarity regarding the former one: I have one question: do all the except block print the same error output? Re:

Except block directly handles BaseException. Handling 'BaseException' means that system exits and keyboard interrupts may be mis-handled.

Does this mean that we want to take care of the case when there is an error generated by keyboard interrupts? And is this the only error we want to take special care of?

@akshatdalton This should help and if it doesn't please create a PR to address other issues and leave exception handling part:

https://www.reddit.com/r/learnpython/comments/sci0ue/exception_handling_in_python/

hey @prayank23, I have sorted the exception issue(https://github.com/sh15h4nk/bitcoin/blob/master/contrib/signet/getcoins.py#L125), I'm not sure how to exactly handle the svg sanitization because I couldn't find any specific util to sanitize svg data in python

@prayank23 #24180 please review the PR