#22170: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety on Android -------------------------------------------------+------------------------- Reporter: gk | Owner: sysrqb Type: defect | Status: | accepted Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff52-esr, tbb-mobile, | Actual Points: TorBrowserTeam201807 | Parent ID: #21863 | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by sysrqb): All files where Fennec uses `impl.client` {{{ $ git grep -n ch.boye.httpclientandroidlib.impl.client mobile/android/[bs]* mobile/android/base/java/org/mozilla/gecko/telemetry/TelemetryUploadService.java:15:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/FxAccountClient20.java:50:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/oauth/FxAccountAbstractClient.java:30:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/push/autopush/AutopushClient.java:35:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AbstractBearerTokenAuthHeaderProvider.java:9:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AuthHeaderProvider.java:11:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:51:import ch.boye.httpclientandroidlib.impl.client.BasicAuthCache; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:52:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResourceDelegate.java:8:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BasicAuthHeaderProvider.java:12:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HMACAuthHeaderProvider.java:23:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HawkAuthHeaderProvider.java:29:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/ResourceDelegate.java:13:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageCollectionRequest.java:20:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageRequest.java:20:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/main/java/org/mozilla/gecko/tokenserver/TokenServerClient.java:37:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/test/java/org/mozilla/android/sync/test/helpers/MockResourceDelegate.java:9:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/test/java/org/mozilla/gecko/sync/net/test/TestHawkAuthHeaderProvider.java:12:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; mobile/android/services/src/test/java/org/mozilla/gecko/sync/net/test/TestLiveHawkAuth.java:11:import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient; }}} All files where Fennec uses `conn` {{{ $ git grep -n ch.boye.httpclientandroidlib.conn mobile/android/[bs]* mobile/android/base/java/org/mozilla/gecko/util/URIUtils.java:14:import ch.boye.httpclientandroidlib.conn.util.InetAddressUtils; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:44:import ch.boye.httpclientandroidlib.conn.ClientConnectionManager; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:45:import ch.boye.httpclientandroidlib.conn.params.ConnRoutePNames; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:46:import ch.boye.httpclientandroidlib.conn.scheme.PlainSocketFactory; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:47:import ch.boye.httpclientandroidlib.conn.scheme.Scheme; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:48:import ch.boye.httpclientandroidlib.conn.scheme.SchemeRegistry; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:49:import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java:16:import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory; }}} `mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java` is now dead code since [https://bugzilla.mozilla.org/show_bug.cgi?id=1061273 Bug 1061273] (originally imported in Bug 709391 with only one caller) {{{ $ git grep -n ch.boye.httpclientandroidlib.impl.conn mobile/android/[bs]* mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java:53:import ch.boye.httpclientandroidlib.impl.conn.tsccm.ThreadSafeClientConnManager; }}} I don't see any problematic usage in `ch.boye.httpclientandroidlib.client.*`. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22170#comment:20> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs