Bin country stats before sorting, not after (!609) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake

formatAndClearCountryStats is supposed to sort entries first by count (descending), then by country code (ascending). But when binning is in effect, it sorts entries based on the count before binning, not after. This could allow someone to infer relations between the pre-binned counts, in some cases.

For example, see the new test. We have the inputs AT=105,MY=112,ZA=108. After binning, all the counts become the same: AT=112,MY=112,ZA=112. Before this change, the output of the function was MY=112,ZA=112,AT=112; from this, we can infer relations between the pre-binned counts: AT ≤ ZA ≤ MY, which is indeed the case. After this change, countries with the same binned counts are sorted alphabetically: AT=112,MY=112,ZA=112.

This MR is meant to be applied on top of !608 (merged) and contains the commits of !608 (merged). The commits just related to this MR start at Move formatAndClearCountryStats test into a new metrics_test.go.

Bin country stats before sorting, not after

Merge request reports