[tor-commits] [pluggable-transports/snowflake] 31/31: Update Relay Pattern format to include dollar sign

gitolite role git at cupani.torproject.org
Thu Jun 16 17:04:18 UTC 2022 

This is an automated email from the git hooks/post-receive script.

shelikhoo pushed a commit to branch main
in repository pluggable-transports/snowflake.

commit 97dea533da7b6b3b2b1dfbffe7dca3a8350fab0b
Author: Shelikhoo <xiaokangwang at outlook.com>
AuthorDate: Wed Jun 15 13:20:58 2022 +0100

    Update Relay Pattern format to include dollar sign
---
 common/namematcher/matcher.go      |  5 +++++
 common/namematcher/matcher_test.go | 26 +++++++++++++-------------
 proxy/lib/snowflake.go             |  6 +++++-
 proxy/main.go                      |  2 +-
 4 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/common/namematcher/matcher.go b/common/namematcher/matcher.go
index 57f9c56..afcdbff 100644
--- a/common/namematcher/matcher.go
+++ b/common/namematcher/matcher.go
@@ -3,9 +3,14 @@ package namematcher
 import "strings"
 
 func NewNameMatcher(rule string) NameMatcher {
+	rule = strings.TrimSuffix(rule, "$")
 	return NameMatcher{suffix: strings.TrimPrefix(rule, "^"), exact: strings.HasPrefix(rule, "^")}
 }
 
+func IsValidRule(rule string) bool {
+	return strings.HasSuffix(rule, "$")
+}
+
 type NameMatcher struct {
 	exact  bool
 	suffix string
diff --git a/common/namematcher/matcher_test.go b/common/namematcher/matcher_test.go
index 8d92614..08d089c 100644
--- a/common/namematcher/matcher_test.go
+++ b/common/namematcher/matcher_test.go
@@ -11,13 +11,13 @@ func TestMatchMember(t *testing.T) {
 		expects bool
 	}{
 		{matcher: "", target: "", expects: true},
-		{matcher: "^snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
-		{matcher: "^snowflake.torproject.net", target: "faketorproject.net", expects: false},
-		{matcher: "snowflake.torproject.net", target: "faketorproject.net", expects: false},
-		{matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "imaginary-01-snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false},
+		{matcher: "^snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true},
+		{matcher: "^snowflake.torproject.net$", target: "faketorproject.net", expects: false},
+		{matcher: "snowflake.torproject.net$", target: "faketorproject.net", expects: false},
+		{matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "imaginary-01-snowflake.torproject.net", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.torproject.net", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "imaginary-aaa-snowflake.faketorproject.net", expects: false},
 	}
 	for _, v := range testingVector {
 		t.Run(v.matcher+"<>"+v.target, func(t *testing.T) {
@@ -36,12 +36,12 @@ func TestMatchSubset(t *testing.T) {
 		expects bool
 	}{
 		{matcher: "", target: "", expects: true},
-		{matcher: "^snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "^snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "testing-snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "^testing-snowflake.torproject.net", expects: true},
-		{matcher: "snowflake.torproject.net", target: "", expects: false},
+		{matcher: "^snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "^snowflake.torproject.net$", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "snowflake.torproject.net$", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "testing-snowflake.torproject.net$", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "^testing-snowflake.torproject.net$", expects: true},
+		{matcher: "snowflake.torproject.net$", target: "", expects: false},
 	}
 	for _, v := range testingVector {
 		t.Run(v.matcher+"<>"+v.target, func(t *testing.T) {
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index 2770aa4..34f8abe 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -30,7 +30,6 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
 	"io"
 	"io/ioutil"
 	"log"
@@ -43,6 +42,7 @@ import (
 
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/event"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/messages"
+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/namematcher"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/task"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/util"
 	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/websocketconn"
@@ -582,6 +582,10 @@ func (sf *SnowflakeProxy) Start() error {
 		return fmt.Errorf("invalid relay url: %s", err)
 	}
 
+	if !namematcher.IsValidRule(sf.RelayDomainNamePattern) {
+		return fmt.Errorf("invalid relay domain name pattern")
+	}
+
 	config = webrtc.Configuration{
 		ICEServers: []webrtc.ICEServer{
 			{
diff --git a/proxy/main.go b/proxy/main.go
index 63ed5c7..c42852e 100644
--- a/proxy/main.go
+++ b/proxy/main.go
@@ -21,7 +21,7 @@ func main() {
 	unsafeLogging := flag.Bool("unsafe-logging", false, "prevent logs from being scrubbed")
 	keepLocalAddresses := flag.Bool("keep-local-addresses", false, "keep local LAN address ICE candidates")
 	relayURL := flag.String("relay", sf.DefaultRelayURL, "websocket relay URL")
-	allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net", "a pattern to specify allowed hostname pattern for relay URL.")
+	allowedRelayHostNamePattern := flag.String("allowed-relay-hostname-pattern", "snowflake.torproject.net$", "a pattern to specify allowed hostname pattern for relay URL.")
 	allowNonTLSRelay := flag.Bool("allow-non-tls-relay", false, "allow relay without tls encryption")
 	NATTypeMeasurementInterval := flag.Duration("nat-retest-interval", time.Hour*24,
 		"the time interval in second before NAT type is retested, 0s disables retest. Valid time units are \"s\", \"m\", \"h\". ")

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list