archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

hardening(proxy): only accept ws & wss relays

Browse source
This commit is contained in:
WofWca 2024-08-30 16:36:32 +04:00 committed by Shelikhoo
parent 14f4c82ff7
commit 0f2bdffba0
No known key found for this signature in database
GPG key ID: 4C9764E9FE80A3DC
2 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
proxy/lib/proxy-go_test.go
View file

@ -537,9 +537,9 @@ func TestUtilityFuncs(t *testing.T) {
{pattern: "$", allowNonTLS: false, targetURL: "wss://1.1.1.1/test?test=test#test", expects: nil},
// Weird / invalid / ambiguous URL
// {pattern: "$", allowNonTLS: true, targetURL: "snowflake.torproject.net", expects: fmt.Errorf("")},
// {pattern: "$", allowNonTLS: true, targetURL: "//snowflake.torproject.net", expects: fmt.Errorf("")},
// {pattern: "$", allowNonTLS: true, targetURL: "/path", expects: fmt.Errorf("")},
{pattern: "$", allowNonTLS: true, targetURL: "snowflake.torproject.net", expects: fmt.Errorf("")},
{pattern: "$", allowNonTLS: true, targetURL: "//snowflake.torproject.net", expects: fmt.Errorf("")},
{pattern: "$", allowNonTLS: true, targetURL: "/path", expects: fmt.Errorf("")},
{pattern: "$", allowNonTLS: true, targetURL: "wss://snowflake.torproject .net", expects: fmt.Errorf("")},
{pattern: "$", allowNonTLS: true, targetURL: "wss://😀", expects: nil},
{pattern: "$", allowNonTLS: true, targetURL: "wss://пример.рф", expects: nil},
@ -547,9 +547,8 @@ func TestUtilityFuncs(t *testing.T) {
// Non-websocket protocols
{pattern: "snowflake.torproject.net$", allowNonTLS: false, targetURL: "https://snowflake.torproject.net", expects: fmt.Errorf("")},
{pattern: "snowflake.torproject.net$", allowNonTLS: false, targetURL: "ftp://snowflake.torproject.net", expects: fmt.Errorf("")},
// These are failing for now
// {pattern: "snowflake.torproject.net$", allowNonTLS: true, targetURL: "https://snowflake.torproject.net", expects: fmt.Errorf("")},
// {pattern: "snowflake.torproject.net$", allowNonTLS: true, targetURL: "ftp://snowflake.torproject.net", expects: fmt.Errorf("")},
{pattern: "snowflake.torproject.net$", allowNonTLS: true, targetURL: "https://snowflake.torproject.net", expects: fmt.Errorf("")},
{pattern: "snowflake.torproject.net$", allowNonTLS: true, targetURL: "ftp://snowflake.torproject.net", expects: fmt.Errorf("")},
}
for _, v := range testingVector {
err := checkIsRelayURLAcceptable(v.pattern, v.allowNonTLS, v.targetURL)