[tbb-bugs] #22170 [Applications/Tor Browser]: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety on Android
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 30 22:04:20 UTC 2018
#22170: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety
on Android
-------------------------------------------------+-------------------------
Reporter: gk | Owner: sysrqb
Type: defect | Status:
| accepted
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-mobile, | Actual Points:
TorBrowserTeam201807 |
Parent ID: #21863 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by sysrqb):
All files where Fennec uses `impl.client`
{{{
$ git grep -n ch.boye.httpclientandroidlib.impl.client
mobile/android/[bs]*
mobile/android/base/java/org/mozilla/gecko/telemetry/TelemetryUploadService.java:15:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/FxAccountClient20.java:50:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/oauth/FxAccountAbstractClient.java:30:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/push/autopush/AutopushClient.java:35:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AbstractBearerTokenAuthHeaderProvider.java:9:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AuthHeaderProvider.java:11:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:51:import
ch.boye.httpclientandroidlib.impl.client.BasicAuthCache;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:52:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResourceDelegate.java:8:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BasicAuthHeaderProvider.java:12:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HMACAuthHeaderProvider.java:23:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HawkAuthHeaderProvider.java:29:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/ResourceDelegate.java:13:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageCollectionRequest.java:20:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageRequest.java:20:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/main/java/org/mozilla/gecko/tokenserver/TokenServerClient.java:37:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/test/java/org/mozilla/android/sync/test/helpers/MockResourceDelegate.java:9:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/test/java/org/mozilla/gecko/sync/net/test/TestHawkAuthHeaderProvider.java:12:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
mobile/android/services/src/test/java/org/mozilla/gecko/sync/net/test/TestLiveHawkAuth.java:11:import
ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
}}}
All files where Fennec uses `conn`
{{{
$ git grep -n ch.boye.httpclientandroidlib.conn mobile/android/[bs]*
mobile/android/base/java/org/mozilla/gecko/util/URIUtils.java:14:import
ch.boye.httpclientandroidlib.conn.util.InetAddressUtils;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:44:import
ch.boye.httpclientandroidlib.conn.ClientConnectionManager;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:45:import
ch.boye.httpclientandroidlib.conn.params.ConnRoutePNames;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:46:import
ch.boye.httpclientandroidlib.conn.scheme.PlainSocketFactory;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:47:import
ch.boye.httpclientandroidlib.conn.scheme.Scheme;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:48:import
ch.boye.httpclientandroidlib.conn.scheme.SchemeRegistry;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:49:import
ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java:16:import
ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
}}}
`mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java`
is now dead code since
[https://bugzilla.mozilla.org/show_bug.cgi?id=1061273 Bug 1061273]
(originally imported in Bug 709391 with only one caller)
{{{
$ git grep -n ch.boye.httpclientandroidlib.impl.conn mobile/android/[bs]*
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:53:import
ch.boye.httpclientandroidlib.impl.conn.tsccm.ThreadSafeClientConnManager;
}}}
I don't see any problematic usage in
`ch.boye.httpclientandroidlib.client.*`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22170#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list