Startseite Erkunden Hilfe
Anmelden
yosoyhendrix
/
psiphon-tunnel-core
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

Avoid emitting user input urls in Notices

Rod Hynes vor 11 Jahren
Ursprung
7c015bc05e
Commit
c184df5b67
2 geänderte Dateien mit 25 neuen und 8 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 4 8
      psiphon/httpProxy.go
  2. 21 0
      psiphon/utils.go

+ 4 - 8
psiphon/httpProxy.go
Datei anzeigen 

@@ -95,7 +95,7 @@ func NewHttpProxy(
 
 		Transport: httpTunneledRelay,
 
 		Jar:       nil, // TODO: cookie support for URL proxy?
 
 
-		// This timeout cuts downloads of large response bodies
 
+		// Note: don't use this timeout -- it interrupts downloads of large response bodies
 
 		//Timeout:   HTTP_PROXY_ORIGIN_SERVER_TIMEOUT,
 
 	}
 
 
@@ -110,9 +110,6 @@ func NewHttpProxy(
 
 	httpDirectClient := &http.Client{
 
 		Transport: httpDirectRelay,
 
 		Jar:       nil,
 
-
 
-		// This timeout cuts downloads of large response bodies
 
-		//Timeout:   HTTP_PROXY_ORIGIN_SERVER_TIMEOUT,
 
 	}
 
 
 	proxy = &HttpProxy{
 
@@ -231,7 +228,7 @@ func (proxy *HttpProxy) urlProxyHandler(responseWriter http.ResponseWriter, requ
 
 		err = errors.New("missing origin URL")
 
 	}
 
 	if err != nil {
 
-		NoticeAlert("%s", ContextError(err))
 
+		NoticeAlert("%s", ContextError(FilterUrlError(err)))
 
 		forceClose(responseWriter)
 
 		return
 
 	}
 
@@ -239,7 +236,7 @@ func (proxy *HttpProxy) urlProxyHandler(responseWriter http.ResponseWriter, requ
 
 	// Origin URL must be well-formed, absolute, and have a scheme of  "http" or "https"
 
 	url, err := url.ParseRequestURI(originUrl)
 
 	if err != nil {
 
-		NoticeAlert("%s", ContextError(err))
 
+		NoticeAlert("%s", ContextError(FilterUrlError(err)))
 
 		forceClose(responseWriter)
 
 		return
 
 	}
 
@@ -266,10 +263,9 @@ func relayHttpRequest(client *http.Client, request *http.Request, responseWriter
 
 	}
 
 
 	// Relay the HTTP request and get the response
 
-	//response, err := relay.RoundTrip(request)
 
 	response, err := client.Do(request)
 
 	if err != nil {
 
-		NoticeAlert("%s", ContextError(err))
 
+		NoticeAlert("%s", ContextError(FilterUrlError(err)))
 
 		forceClose(responseWriter)
 
 		return
 
 	}

+ 21 - 0
psiphon/utils.go
Datei anzeigen 

@@ -27,6 +27,7 @@ import (
 
 	"fmt"
 
 	"math/big"
 
 	"net"
 
+	"net/url"
 
 	"os"
 
 	"runtime"
 
 	"strings"
 
@@ -120,6 +121,26 @@ func DecodeCertificate(encodedCertificate string) (certificate *x509.Certificate
 
 	return certificate, nil
 
 }
 
 
+// FilterUrlError transforms an error, when it is a url.Error, removing
 
+// the URL value. This is to avoid logging private user data in cases
 
+// where the URL may be a user input value.
 
+// This function is used with errors returned by net/http and net/url,
 
+// which are (currently) of type url.Error. In particular, the round trip
 
+// function used by our HttpProxy, http.Client.Do, returns errors of type
 
+// url.Error, with the URL being the url sent from the user's tunneled
 
+// applications:
 
+// https://github.com/golang/go/blob/release-branch.go1.4/src/net/http/client.go#L394
 
+func FilterUrlError(err error) error {
 
+	if urlErr, ok := err.(*url.Error); ok {
 
+		err = &url.Error{
 
+			Op:  urlErr.Op,
 
+			URL: "",
 
+			Err: urlErr.Err,
 
+		}
 
+	}
 
+	return err
 
+}
 
+
 
 // TrimError removes the middle of over-long error message strings
 
 func TrimError(err error) error {
 
 	const MAX_LEN = 100