Code audit for Sponsor 30
We are auditing the following tools for the DRL sponsor 30 project.
For each we will need:
- URLs to repos, diffs
- docs
OONI Probe
OONI Probe is a technology used for identifying censorship events. During this project, the OONI team integrated Tor tests into their measurement kit, expanded OONI’s methodologies to test protocol-based blocking, and measure the performance and blocking of other circumvention tools. The following repositories are the ones that changed during the project that need a software audit:
OONI Probe desktop UI: Desktop implementation of OONI Probe.
- Source: https://github.com/ooni/probe-desktop/
- Documentation: https://github.com/ooni/probe-desktop/wiki/Manual-Testing
RDSYS
A distribution system for circumvention proxies and related resources. Rdsys is short for resource distribution system: Resources related to censorship circumvention (e.g. proxies or download links) are handed out by a variety of distribution methods to censored users. The goal is to supply censored users with circumvention proxies, allowing these users to join us on the open Internet.
- Source: https://gitlab.torproject.org/tpo/anti-censorship/rdsys
- Documentation:
bridges.torproject.org
There is some part of the bridgedb code that manages the website bridges.torproject.org. That is the part that we changed during this project. Bridgedb communicates with rdsys to get the bridges distributed.
- Source: https://gitlab.torproject.org/tpo/anti-censorship/bridgedb
- Documentation: https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/tree/main/doc
- Scope: we only need to audit the management of bridges.torproject.org
Tor Browser
Tor Browser: Browser based on Firefox customized for security improvements and to use the Tor network.
- Source: https://gitlab.torproject.org/tpo/applications/tor-browser
- Documentation: https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/home
- Scope: we only need to audit the censorship circumvention mechanisms.
Conjure
Conjure is a refraction networking system that routes traffic to endpoints in an ISP's unused IP address space. This repository is for developing a Conjure pluggable transport for Tor.
- Source: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/
- Documentation:
Review of our building infrastructure
We would like to audit the build tools and deployment of the software we modified during this project:
- Rdsys build and deployment
-
Conjure infrastructure.There is nothing to audit on our side in the infrastructure. - Gitlab CI. We use the CI for deploying bridges.torproject.org
- Infrastructure that builds and releases Tor Browser
- Documentation: a bunch of documentation is in https://gitlab.torproject.org/tpo/tpa/team. Will send the rest via email.