From 0024333a0ce771c2c94c01965b83020578fb619f Mon Sep 17 00:00:00 2001 From: Norbel Ambanumben Date: Fri, 11 Apr 2025 13:30:37 +0000 Subject: chore: update `fqdn` validation --- .../leap/bitmaskclient/base/models/Introducer.java | 27 ++++++++++++++++------ .../leap/bitmaskclient/base/models/Provider.java | 2 +- 2 files changed, 21 insertions(+), 8 deletions(-) (limited to 'app/src/main/java') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Introducer.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Introducer.java index 32eabadf..e3175010 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Introducer.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Introducer.java @@ -5,18 +5,18 @@ import android.os.Parcel; import android.os.Parcelable; import java.io.UnsupportedEncodingException; +import java.net.IDN; import java.net.URISyntaxException; import java.net.URLEncoder; import java.util.Locale; public class Introducer implements Parcelable { - private String type; - private String address; - private String certificate; - private String fullyQualifiedDomainName; - private boolean kcpEnabled; - - private String auth; + private final String type; + private final String address; + private final String certificate; + private final String fullyQualifiedDomainName; + private final boolean kcpEnabled; + private final String auth; public Introducer(String type, String address, String certificate, String fullyQualifiedDomainName, boolean kcpEnabled, String auth) { this.type = type; @@ -94,6 +94,10 @@ public class Introducer implements Parcelable { throw new IllegalArgumentException("FQDN not found in the introducer URL"); } + if (!isAscii(fqdn)) { + throw new IllegalArgumentException("FQDN is not ASCII: " + fqdn); + } + boolean kcp = "1".equals(uri.getQueryParameter( "kcp")); String cert = uri.getQueryParameter( "cert"); @@ -112,6 +116,15 @@ public class Introducer implements Parcelable { return auth; } + private static boolean isAscii(String fqdn) { + try { + String asciiFQDN = IDN.toASCII(fqdn, IDN.USE_STD3_ASCII_RULES); + return fqdn.equals(asciiFQDN); + } catch (IllegalArgumentException e) { + return false; + } + } + public String toUrl() throws UnsupportedEncodingException { return String.format(Locale.US, "%s://%s?fqdn=%s&kcp=%d&cert=%s&auth=%s", type, address, URLEncoder.encode(fullyQualifiedDomainName, "UTF-8"), kcpEnabled ? 1 : 0, URLEncoder.encode(certificate, "UTF-8"), URLEncoder.encode(auth, "UTF-8")); } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java index 76795616..b4ec23e6 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java @@ -983,7 +983,7 @@ public final class Provider implements Parcelable { return introducer; } - public void setIntroducer(String introducerUrl) throws URISyntaxException { + public void setIntroducer(String introducerUrl) throws URISyntaxException, IllegalArgumentException { this.introducer = Introducer.fromUrl(introducerUrl); } -- cgit v1.2.3