hesoyam/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2026-05-14 10:00:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: require UUID path for sockopt browser dialer

Browse Source 
Agent-Logs-Url: https://github.com/XTLS/Xray-core/sessions/f1db6008-e292-4b43-a2e0-0bc80567ebba

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-26 15:49:47 +00:00
committed by GitHub
parent 57253b736d
commit 8fca7745fb
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
transport/internet/browser_dialer/dialer.go
+28
View File
@@ -35,6 +35,7 @@ var dialerServers map[string]*dialerServer
var mu sync.RWMutex
const browserDialerSubprotocol = "browser-dialer"
const uuidPathLength = 37
var upgrader = &websocket.Upgrader{
ReadBufferSize: 0,
@@ -96,6 +97,9 @@ func parseBrowserDialerAddress(addr string) (*browserDialerAddress, bool) {
if cleanPath == "." || cleanPath == "/" || cleanPath != path {
return nil, false
}
if !isUUIDPath(cleanPath) {
return nil, false
}
return &browserDialerAddress{
listenAddr: listenAddr,
@@ -103,6 +107,30 @@ func parseBrowserDialerAddress(addr string) (*browserDialerAddress, bool) {
}, true
}
func isUUIDPath(path string) bool {
if len(path) != uuidPathLength || path[0] != '/' || strings.Count(path, "/") != 1 {
return false
}
u := path[1:]
for i := 0; i < len(u); i++ {
c := u[i]
switch i {
case 8, 13, 18, 23:
if c != '-' {
return false
}
default:
isHex := (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')
if !isHex {
return false
}
}
}
return true
}
func newDialerInstance(path string) *dialerInstance {
page := bytes.ReplaceAll(webpage, []byte("dialerPath"), []byte(strings.TrimPrefix(path, "/")))
dialer := &dialerInstance{
transport/internet/browser_dialer/dialer_test.go
+22
View File
@@ -0,0 +1,22 @@
package browser_dialer
import "testing"
func TestParseBrowserDialerAddressRequireUUIDPath(t *testing.T) {
valid := "127.0.0.1:8080/123e4567-e89b-12d3-a456-426614174000"
if _, ok := parseBrowserDialerAddress(valid); !ok {
t.Fatalf("expected valid browser dialer address: %s", valid)
}
invalid := []string{
"127.0.0.1:8080/example",
"127.0.0.1:8080/short",
"127.0.0.1:8080/123e4567e89b12d3a456426614174000",
"127.0.0.1:8080/123e4567-e89b-12d3-a456-426614174000/extra",
}
for _, addr := range invalid {
if _, ok := parseBrowserDialerAddress(addr); ok {
t.Fatalf("expected invalid browser dialer address: %s", addr)
}
}
}