Unverified Commit d3790ada authored by Matthew Finkel's avatar Matthew Finkel
Browse files

Bug 40005: Add Fenix82 net audit

Add java_audit.sh, authored by Mike
(see tor-browser#40132 (comment 2710707))
parent 0cbb979f
`git diff cb11d5556759bd5bf174fbac719f51b2f02e2f0b 763b45bd9edb0073a2c6058dd3edc9254ec901e9`
and then go over all the changes containing the
above mentioned potentially dangerous calls and features. Grep the diff for
the following strings and examine surrounding usage.
=============== Native DNS Portion =============
PR_GetHostByName
PR_GetIPNodeByName
PR_GetAddrInfoByName
PR_StringToNetAddr
MDNS
TRR (DNS Trusted Recursive Resolver)
- Adds |doh-rollout.clearModeOnShutdown| pref for resetting |doh-rollout.mode| when the browser shuts down
Direct Paths to DNS resolution
nsDNSService::Resolve
nsDNSService::AsyncResolve
nsHostResolver::ResolveHost
# FF82: Nothing of interest
============ Misc Socket Portion ==============
SOCK_
SOCKET_
_SOCKET
UDPSocket
TCPSocket
PR_NewTCPSocket
AsyncTCPSocket
Misc PR_Socket
# FF82: Nothing of interest
=========== Misc XPCOM Portion ================
Misc XPCOM (including commands for pre-diff review approach)
*SocketProvider
grep -R udp-socket .
grep -R tcp-socket .
grep for tcpsocket
grep -R "NS_" | grep SOCKET | grep "_C"
grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket
- New usage of ResolveNative in nsHttpConnectionMgr::nsHalfOpenSocket::SetupStreams
(netwerk/protocol/http/nsHttpConnectionMgr.cpp) but resolution is blocked by
DNSForbiddenByActiveProxy
- New usage of @mozilla.org/network/dns-service;1 in toolkit/content/aboutNetworking.js
but it only allows clearing the DNS cache
============ Rust Portion ================
Rust
- XXX: What do we grep for here? Or do we rely on Ritter's compile-time tool?
- Check for new sendmsg and recvmsg usage
# FF82: Zero new instances of sendmsg/recvmsg/connect
============ Android Portion =============
Android Java calls
- URLConnection
- XXX: getInputStream? other methods?
- HttpURLConnection
- UrlConnectionDownloader
- ch.boye.httpclientandroidlib.impl.client.* (look for execute() calls)
- grep -n openConnection\( mobile/android/thirdparty/
- java.net.URL -- has SEVERAL proxy bypass URL fetching methods :/
- java.net
- javax.net
- ch.boye.httpclientandroidlib.conn.* (esp ssl)
- ch.boye.httpclientandroidlib.impl.conn.* (esp ssl)
- Sudden appearance of thirdparty libs:
- OkHttp
- Retrofit
- Glide
- com.amitshekhar.android
- IntentHelper
- openUriExternal (can come from GeckoAppShell too)
- getHandlersForMimeType
- getHandlersForURL
- getHandlersForIntent
- android.content.Intent - too common; instead find launch methods:
- startActivity
- startActivities
- sendBroadcast
- sendOrderedBroadcast
- startService
- bindService
- android.app.PendingIntent
- android.app.DownloadManager
- ActivityHandlerHelper.startIntentAndCatch
# FF82: Nothing of interest (using `java_audit.sh`)
============ Application Services Portion =============
Start: 160239424a37088ec84e15fb1bae82aed2cbee8f
End: 8e63363359c3d20385ed55f5308d19e321816898 # v63.0.0
Zero new usage found of known proxy-bypass APIs
============ Android Components Portion =============
Start: c84cf8e7736ee77c22c75ca9f0397b202e489991
End: 0a93a5ecd39e5a7f80e453a0d1a863057465aca0 # v60.0.3
Zero new usage found of known proxy-bypass APIs (using `java_audit.sh`)
============ Fenix Portion =============
Start: b54949e58f9fda3698ada3e64b9f4337177d84f0
End: 998b62866dee35929ca0d81641df101c83ac1224 # v82.0.0-beta.4
Zero new usage found of known proxy-bypass APIs (using `java_audit.sh`)
============ Regression/Prior Vuln Review =========
Review proxy bypass bugs; check for new vectors to look for:
- https://trac.torproject.org/projects/tor/query?keywords=~tbb-proxy
- Look for new features like these. Especially external app launch vectors
#!/bin/bash -e
if [ $# -ne 3 ]; then
echo "usage: <path/to/repo> <old commit> <new commit>"
exit 1
fi
REPO_DIR=$1
OLD=$2
NEW=$3
SCOPE="java" # string: this is the java audit
declare -a KEYWORDS
#KEYWORDS+=('\+\+\+\ ')
# URL access
KEYWORDS+=(URLConnection)
KEYWORDS+=(UrlConnectionDownloader)
# Proxy settings
KEYWORDS+=(ProxySelector)
# Android and java networking and 3rd party libs
KEYWORDS+=("openConnection\(")
KEYWORDS+=("java.net")
KEYWORDS+=("javax.net")
KEYWORDS+=(android.net)
KEYWORDS+=(android.webkit)
# Third Party http libs
KEYWORDS+=(ch.boye.httpclientandroidlib.impl.client)
KEYWORDS+=(okhttp)
# Intents
KEYWORDS+=(IntentHelper)
KEYWORDS+=(openUriExternal)
KEYWORDS+=(getHandlersForMimeType)
KEYWORDS+=(getHandlersForURL)
KEYWORDS+=(getHandlersForIntent)
# KEYOWRDS+=(android.content.Intent) # Common
KEYWORDS+=(startActivity)
KEYWORDS+=(startActivities)
KEYWORDS+=(startBroadcast)
KEYWORDS+=(sendBroadcast)
KEYWORDS+=(sendOrderedBroadcast)
KEYWORDS+=(startService)
KEYWORDS+=(bindService)
KEYWORDS+=(android.app.PendingIntent)
KEYWORDS+=(ActivityHandlerHelper.startIntentAndCatch)
KEYWORDS+=(AppLinksInterceptor)
KEYWORDS+=(AppLinksUseCases)
cd $REPO_DIR
#function join_by { local d=$1; shift; local f=$1; shift; printf %s "$f" "${@/#/ $d}"; }
#GREP_LINE="$(join_by \-G ${KEYWORDS[@]})"
base=`git merge-base ${OLD} ${NEW}`
#if [ ! -f "release-${OLD}-${NEW}.diff" ];
if [ ! -f "release-${base}-${NEW}.diff" ];
then
#echo "Diffing release-${OLD}-${NEW}.diff"
echo "Diffing release-${base}-${NEW}.diff"
#git diff --color=always --color-moved origin/$OLD origin/$NEW -U20 > release-${OLD}-${NEW}.diff
git diff --color=always --color-moved $base $NEW -U20 > release-${base}-${NEW}.diff
#git diff --color=always --color-moved -G${GREP_LINE} $OLD $NEW -U20 > release-${OLD}-${NEW}-G.diff
fi
echo "Done with diff"
function join_by { local d=$1; shift; local f=$1; shift; printf %s "$f" "${@/#/$d}"; }
GREP_LINE="$(join_by \| ${KEYWORDS[@]})"
#GREP_LINE="\+\+\+ |$(join_by \| ${KEYWORDS[@]})"
export GREP_COLOR="05;37;41"
# XXX: Arg this sometimes misses file context
egrep -A40 -B40 --color=always "${GREP_LINE}" release-${base}-${NEW}.diff > keywords-${base}-${NEW}-$SCOPE.diff
echo "Diff generated. View it with:"
echo " less -R $REPO_DIR/keywords-$base-$NEW-$SCOPE.diff"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment