mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-12-22 18:48:00 +01:00
Improve IQReplyFilter
Only log spoof attempts if the from filter doesn't match. Previously all non-matches where logged as spoof attempts. Fix String.format() s/%d/%s/
This commit is contained in:
parent
8e693ba5d5
commit
b489828027
2 changed files with 22 additions and 7 deletions
|
@ -50,7 +50,8 @@ import org.jivesoftware.smack.util.StringUtils;
|
|||
public class IQReplyFilter implements PacketFilter {
|
||||
private static final Logger LOGGER = Logger.getLogger(IQReplyFilter.class.getName());
|
||||
|
||||
private final PacketFilter filter;
|
||||
private final PacketFilter iqAndIdFilter;
|
||||
private final OrFilter fromFilter;
|
||||
private final String to;
|
||||
private final String local;
|
||||
private final String server;
|
||||
|
@ -91,8 +92,9 @@ public class IQReplyFilter implements PacketFilter {
|
|||
packetId = iqPacket.getPacketID();
|
||||
|
||||
PacketFilter iqFilter = new OrFilter(new IQTypeFilter(IQ.Type.ERROR), new IQTypeFilter(IQ.Type.RESULT));
|
||||
PacketFilter idFilter = new PacketIDFilter(iqPacket.getPacketID());
|
||||
OrFilter fromFilter = new OrFilter();
|
||||
PacketFilter idFilter = new PacketIDFilter(iqPacket);
|
||||
iqAndIdFilter = new AndFilter(iqFilter, idFilter);
|
||||
fromFilter = new OrFilter();
|
||||
fromFilter.addFilter(FromMatchesFilter.createFull(to));
|
||||
if (to == null) {
|
||||
if (local != null)
|
||||
|
@ -102,18 +104,22 @@ public class IQReplyFilter implements PacketFilter {
|
|||
else if (local != null && to.toLowerCase().equals(StringUtils.parseBareAddress(local))) {
|
||||
fromFilter.addFilter(FromMatchesFilter.createFull(null));
|
||||
}
|
||||
filter = new AndFilter(fromFilter, iqFilter, idFilter);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accept(Packet packet) {
|
||||
if (filter.accept(packet)) {
|
||||
// First filter out everything that is not an IQ stanza and does not have the correct ID set.
|
||||
if (!iqAndIdFilter.accept(packet))
|
||||
return false;
|
||||
|
||||
// Second, check if the from attributes are correct and log potential IQ spoofing attempts
|
||||
if (fromFilter.accept(packet)) {
|
||||
return true;
|
||||
} else {
|
||||
String msg = String.format("Rejected potentially spoofed reply to IQ-packet. Filter settings: "
|
||||
+ "packetId=%s, to=%s, local=%s, server=%s. Received packet with from=%d",
|
||||
+ "packetId=%s, to=%s, local=%s, server=%s. Received packet with from=%s",
|
||||
packetId, to, local, server, packet.getFrom());
|
||||
LOGGER.log(Level.INFO, msg , packet);
|
||||
LOGGER.log(Level.WARNING, msg , packet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,6 +28,15 @@ public class PacketIDFilter implements PacketFilter {
|
|||
|
||||
private String packetID;
|
||||
|
||||
/**
|
||||
* Creates a new packet ID filter using the specified packet's ID.
|
||||
*
|
||||
* @param packet the packet which the ID is taken from.
|
||||
*/
|
||||
public PacketIDFilter(Packet packet) {
|
||||
this(packet.getPacketID());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new packet ID filter using the specified packet ID.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue