Validate client and proxy supplied strings (!71) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake

Cecylia Bocovich requested to merge cohosh/snowflake:issue/40089 into main Jan 12, 2022

Malicious clients and proxies can provide potentially malicious strings in the polls. This validates the NAT type and proxy type strings to ensure that malformed strings are not displayed on a web page or passed to any of our monitoring infrastructure.

For now this only parses NAT and proxy type strings. The client and offer and proxy answer are at the moment no validated. I'm not opposed to validating these, but depending on how thoroughly we want to do it, it could require importing a lot of dependencies.

I also made a decision to return an error if the NAT type is not one of the three known values, but not if the proxy type is unknown. This is because we encourage people who are embedding proxies or writing their own proxy code to set their own proxy type: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext#reuse-as-a-library

There's no logging yet, maybe that's useful? Especially for unknown proxy types? It would be easy to add, but I was worried about it being too noisy.

Closes #40089 (closed)

Edited Jan 12, 2022 by Cecylia Bocovich

Validate client and proxy supplied strings

Merge request reports