[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22170 [Applications/Tor Browser]: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety on Android
#22170: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety
on Android
-------------------------------------------------+-------------------------
Reporter: gk | Owner: sysrqb
Type: defect | Status:
| needs_review
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-mobile, | Actual Points:
TorBrowserTeam201808R |
Parent ID: #21863 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:22 sysrqb]:
> Replying to [comment:20 sysrqb]:
> > All files where Fennec uses `conn`
> >
> > {{{
> > $ git grep -n ch.boye.httpclientandroidlib.conn mobile/android/[bs]*
> >
mobile/android/base/java/org/mozilla/gecko/util/URIUtils.java:14:import
ch.boye.httpclientandroidlib.conn.util.InetAddressUtils;
> > }}}
>
> Only used for parsing a string. This class is only a utility, it doesn't
create any connections.
>
> > {{{
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:44:import
ch.boye.httpclientandroidlib.conn.ClientConnectionManager;
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:45:import
ch.boye.httpclientandroidlib.conn.params.ConnRoutePNames;
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:46:import
ch.boye.httpclientandroidlib.conn.scheme.PlainSocketFactory;
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:47:import
ch.boye.httpclientandroidlib.conn.scheme.Scheme;
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:48:import
ch.boye.httpclientandroidlib.conn.scheme.SchemeRegistry;
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:49:import
ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
> > }}}
>
> This is proxy-safe but only because we hard-code the default HTTP proxy.
`scheme.PlainSocketFactory` and `ssl.SSLSocketFactory` are used for
establishing a connection to the proxy, instead of the destination.
`params.ConnRoutePNames` is used for specifying the default proxy.
`scheme.Scheme`, `scheme.SchemeRegistry`, and `ClientConnectionManager`
are used during instantiation of the connection manager
(`ThreadSafeClientConnManager`).
>
> > {{{
> >
mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java:16:import
ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
> > }}}
>
> Dead class.
Looks good.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22170#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs