OpenVPN import fix

client/ui/controllers/importController.cpp

@@ -656,39 +656,47 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
     const QJsonArray &containers = serverConfig[config_key::containers].toArray();
     for (const QJsonValue &container : containers) {
         auto containerConfig = container.toObject();
-        auto containerName = containerConfig[config_key::container].toString();
+        QString containerName = containerConfig[config_key::container].toString();
-        if ((containerName == ContainerProps::containerToString(DockerContainer::OpenVpn))
-            || (containerName == ContainerProps::containerToString(DockerContainer::Cloak))
-            || (containerName == ContainerProps::containerToString(DockerContainer::ShadowSocks))) {
 
-            QString protocolConfig =
+        if (containerName == ContainerProps::containerToString(DockerContainer::OpenVpn)
-                    containerConfig[ProtocolProps::protoToString(Proto::OpenVpn)].toObject()[config_key::last_config].toString();
+            || containerName == ContainerProps::containerToString(DockerContainer::Cloak)
-            QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString();
+            || containerName == ContainerProps::containerToString(DockerContainer::ShadowSocks))
+        {
+            QString protoCfgB64 = containerConfig[ProtocolProps::protoToString(Proto::OpenVpn)]
+                                          .toObject()[config_key::last_config].toString();
+            QString cfgJson = QJsonDocument::fromJson(protoCfgB64.toUtf8())
+                                      .object()[config_key::config].toString();
 
-            const QRegularExpression regExp { "(\\w+-\\w+|\\w+)" };
+            QStringList lines = cfgJson.replace("\r", "").split('\n');
-            const size_t dangerousTagsMaxCount = 3;
+
+            const size_t dangerousTagsMaxCount = 1;
 
             // https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst
-            QStringList dangerousTags {
+            const QStringList dangerousTags {
-                "up", "tls-verify", "ipchange", "client-connect", "route-up", "route-pre-down", "client-disconnect", "down", "learn-address", "auth-user-pass-verify"
+                "up", "tls-verify", "ipchange", "client-connect",
+                "route-up", "route-pre-down", "client-disconnect",
+                "down", "learn-address", "auth-user-pass-verify"
             };
+            const QStringList allowedTags { "up", "down" };
 
-            QStringList maliciousStrings;
+            QStringList found;
-            QStringList lines = protocolConfigJson.replace("\r", "").split("\n");
+            for (QString line : lines) {
-            for (const QString &l : lines) {
+                line = line.trimmed();
-                QRegularExpressionMatch match = regExp.match(l);
+                if (line.isEmpty() || line.startsWith('#') || line.startsWith(';'))
-                if (dangerousTags.contains(match.captured(0))) {
+                    continue;
-                    maliciousStrings << l;
+                QString tag = line.section(QRegularExpression("\\s+"), 0, 0);
+                if (dangerousTags.contains(tag) && !allowedTags.contains(tag)) {
+                    found << line;
                 }
             }
 
             m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious "
                                         "scripts, so only add it if you fully trust the provider of this config. ");
 
-            if (maliciousStrings.size() >= dangerousTagsMaxCount) {
+            if (found.size() >= dangerousTagsMaxCount) {
-                m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:"));
+                m_maliciousWarningText += tr("<br>Potentially dangerous directives found:");
-                for (const auto &string : maliciousStrings) {
+                for (auto &l : found) {
-                    m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string));
+                    m_maliciousWarningText += QString("<br><i>%1</i>").arg(l);
                 }
             }
         }