Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • S Snowflake
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 93
    • Issues 93
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 7
    • Merge requests 7
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Anti-censorship
  • Pluggable Transports
  • Snowflake
  • Merge requests
  • !71

Validate client and proxy supplied strings

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Cecylia Bocovich requested to merge cohosh/snowflake:issue/40089 into main Jan 12, 2022
  • Overview 1
  • Commits 1
  • Pipelines 2
  • Changes 3

Malicious clients and proxies can provide potentially malicious strings in the polls. This validates the NAT type and proxy type strings to ensure that malformed strings are not displayed on a web page or passed to any of our monitoring infrastructure.

For now this only parses NAT and proxy type strings. The client and offer and proxy answer are at the moment no validated. I'm not opposed to validating these, but depending on how thoroughly we want to do it, it could require importing a lot of dependencies.

I also made a decision to return an error if the NAT type is not one of the three known values, but not if the proxy type is unknown. This is because we encourage people who are embedding proxies or writing their own proxy code to set their own proxy type: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext#reuse-as-a-library

There's no logging yet, maybe that's useful? Especially for unknown proxy types? It would be easy to add, but I was worried about it being too noisy.

Closes #40089 (closed)

Edited Jan 12, 2022 by Cecylia Bocovich
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: issue/40089