[tor-bugs] #21304 [Obfuscation/Snowflake]: Sanitize snowflake.log

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 3 20:46:06 UTC 2019


#21304: Sanitize snowflake.log
-----------------------------------+-----------------------------
 Reporter:  arlolra                |          Owner:  cohosh
     Type:  defect                 |         Status:  merge_ready
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  starter                |  Actual Points:
Parent ID:                         |         Points:  1
 Reviewer:                         |        Sponsor:
-----------------------------------+-----------------------------

Comment (by dcf):

 Replying to [comment:17 cohosh]:
 > Replying to [comment:16 dcf]:
 > > Apart from the specific client and broker changes you made
 [https://github.com/cohosh/snowflake/commit/3eb9064438ca6242f935173aed88ec29a0c16c7d
 here], do the client and broker benefit from using the same log scrubber?
 I.e., is it worth it to factor out the log scrubber into its own package
 and share it, after merging it to server?
 > >
 > I would say yes, as a precaution, just because the broker at least also
 uses the net.http package for connections that involve the client IP
 address. It would be a very small library... is that a good way to do it?

 I think the way to do it is create a new subdirectory containing the code,
 put `package safelog` (or whatever) at the top of the file, and then
 import it where needed using `import git.torproject.org/pluggable-
 transports/snowflake.git/safelog` (or whatever).

 Compare to how obfs4proxy factors out some of its common code:
 https://gitlab.com/yawning/obfs4/blob/dba633c7dc0d7d919e8be1b61016cab7cfa8e60e/obfs4proxy/obfs4proxy.go#L45-48

 But in any case, the server code is fine to merge as-is now, IMO.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21304#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list