Mercury-IM/Smack
Mercury-IM/Smack
1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2025-12-06 21:21:08 +01:00
Code Issues Releases Wiki Activity

Add and use IQReplyFilter (SMACK-533)

Browse source 
In the absence of checks on the from address, it is possible for other
clients to fake an answer to an IQ request.

This commit adds an IQReplyFilter, which drops all packets which are not
a valid reply to an IQ request. In particular, it checks for packet id,
from address and packet type.

Most(?) places waiting for a reply to an IQ request are converted to use
the IQReplyFilter.

For a discussion of the issues, see the thread "Spoofing of iq ids and
misbehaving servers" from 2014-01 on the jdev@jabber.org mailing list
and following discussion in February and March.
This commit is contained in:
Lars Noschinski 2014-02-23 21:08:35 +01:00 committed by Florian Schmaus
parent 980047c4e1
commit 6c7296a37b
13 changed files with 520 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

352
core/src/test/java/org/jivesoftware/smack/filters/FromMatchesFilterTest.java
View file

@ -35,79 +35,333 @@ public class FromMatchesFilterTest {
private static final String BASE_JID2 = "sss@muc.myserver.com";
private static final String FULL_JID2 = BASE_JID2 + "/resource";
private static final String BASE_JID3 = "ss@muc.myserver.comm.net";
private static final String SERVICE_JID1 = "muc.myserver.com";
private static final String SERVICE_JID2 = "pubsub.myserver.com";
@Test
public void compareMatchingFullJid()
public void oldCompareMatchingFullJid()
{
FromMatchesFilter filter = new FromMatchesFilter(FULL_JID1_R1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
FromMatchesFilter filter = new FromMatchesFilter(FULL_JID1_R1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void compareMatchingBaseJid()
public void oldCompareMatchingBaseJid()
{
FromMatchesFilter filter = new FromMatchesFilter(BASE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
FromMatchesFilter filter = new FromMatchesFilter(BASE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void compareMatchingServiceJid()
public void oldCompareMatchingServiceJid()
{
FromMatchesFilter filter = new FromMatchesFilter(SERVICE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
FromMatchesFilter filter = new FromMatchesFilter(SERVICE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(SERVICE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(SERVICE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(SERVICE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(SERVICE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void autoCompareMatchingFullJid()
{
FromMatchesFilter filter = FromMatchesFilter.create(FULL_JID1_R1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void autoCompareMatchingBaseJid()
{
FromMatchesFilter filter = FromMatchesFilter.create(BASE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void autoCompareMatchingServiceJid()
{
FromMatchesFilter filter = FromMatchesFilter.create(SERVICE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(SERVICE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(SERVICE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void bareCompareMatchingFullJid()
{
FromMatchesFilter filter = FromMatchesFilter.createBare(FULL_JID1_R1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void bareCompareMatchingBaseJid()
{
FromMatchesFilter filter = FromMatchesFilter.createBare(BASE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void bareCompareMatchingServiceJid()
{
FromMatchesFilter filter = FromMatchesFilter.createBare(SERVICE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(SERVICE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(SERVICE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void fullCompareMatchingFullJid()
{
FromMatchesFilter filter = FromMatchesFilter.createFull(FULL_JID1_R1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(FULL_JID1_R1);
assertTrue(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void fullCompareMatchingBaseJid()
{
FromMatchesFilter filter = FromMatchesFilter.createFull(BASE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(BASE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
@Test
public void fullCompareMatchingServiceJid()
{
FromMatchesFilter filter = FromMatchesFilter.createFull(SERVICE_JID1);
Packet packet = new Packet() {
@Override
public String toXML() { return null; }
};
packet.setFrom(SERVICE_JID1);
assertTrue(filter.accept(packet));
packet.setFrom(SERVICE_JID2);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID1);
assertFalse(filter.accept(packet));
packet.setFrom(FULL_JID1_R1);
assertFalse(filter.accept(packet));
packet.setFrom(BASE_JID3);
assertFalse(filter.accept(packet));
}
}