Dear operators,
please don't generate your torrc MyFamily configurations based on untrusted input.
I think it is a *bad* idea to modify tor configurations based on other people's descriptor data *especially* if anyone is going to run this automatically.
Please use ground-truth to generate MyFamily sets otherwise we can no longer even trust MyFamily sets.
That said if you trust onionoo, you might be able to build onionoo search queries that are NOT vulnerable to random people injecting themselves in your MyFamily set.
Examples: - you run your own AS and all servers in that AS are under your control (parameter: as) https://metrics.torproject.org/onionoo.html#parameters_as - all your relays are under your own DNS domain and only you can generate DNS A records for that domain and [1] is implemented (note: these onionoo fields appear currently somewhat broken)
Ideally the generator only allows more safe parameter and rejects unsafe parameters like contact
Does this have a disadvantage? Well, yes. If someone creates a relay with the same pattern in ContactInfo and MyFamily as what you put into FamilyGenerator, their relay(s) may get picked up and put in your generated MyFamily line as well.