AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bugfix: improve malicious string detection for openvpn configs

Browse source
This commit is contained in:
vladimir.kuznetsov 2025-05-07 19:42:01 +08:00
parent e59a48f9f4
commit 7d4ba8b909
1 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

18
client/ui/controllers/importController.cpp
View file

@ -666,7 +666,7 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString(); QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString();
const QRegularExpression regExp { "(\\w+-\\w+|\\w+)" }; const QRegularExpression regExp { "(\\w+-\\w+|\\w+)" };
const size_t dangerousTagsMaxCount = 3; const size_t dangerousTagsMaxCount = 1;
// https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst // https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst
QStringList dangerousTags { QStringList dangerousTags {
@ -674,18 +674,22 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
}; };
QStringList maliciousStrings; QStringList maliciousStrings;
QStringList lines = protocolConfigJson.replace("\r", "").split("\n"); QStringList lines = protocolConfigJson.split('\n', Qt::SkipEmptyParts);
for (const QString &l : lines) {
QRegularExpressionMatch match = regExp.match(l);
if (dangerousTags.contains(match.captured(0))) { for (const QString &rawLine : lines) {
maliciousStrings << l; QString line = rawLine.trimmed();
QString command = line.section(' ', 0, 0, QString::SectionSkipEmpty);
if (dangerousTags.contains(command, Qt::CaseInsensitive)) {
maliciousStrings << rawLine;
} }
} }
m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious " m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious "
"scripts, so only add it if you fully trust the provider of this config. "); "scripts, so only add it if you fully trust the provider of this config. ");
if (maliciousStrings.size() >= dangerousTagsMaxCount) { if (!maliciousStrings.isEmpty()) {
m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:")); m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:"));
for (const auto &string : maliciousStrings) { for (const auto &string : maliciousStrings) {
m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string)); m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string));