Skip to content

Validate client and proxy supplied strings

Cecylia Bocovich requested to merge cohosh/snowflake:issue/40089 into main

Malicious clients and proxies can provide potentially malicious strings in the polls. This validates the NAT type and proxy type strings to ensure that malformed strings are not displayed on a web page or passed to any of our monitoring infrastructure.

For now this only parses NAT and proxy type strings. The client and offer and proxy answer are at the moment no validated. I'm not opposed to validating these, but depending on how thoroughly we want to do it, it could require importing a lot of dependencies.

I also made a decision to return an error if the NAT type is not one of the three known values, but not if the proxy type is unknown. This is because we encourage people who are embedding proxies or writing their own proxy code to set their own proxy type: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext#reuse-as-a-library

There's no logging yet, maybe that's useful? Especially for unknown proxy types? It would be easy to add, but I was worried about it being too noisy.

Closes #40089 (closed)

Edited by Cecylia Bocovich

Merge request reports