Skip to content

Confirm and validate StormDNS profile imports#49

Open
poulcarlsen53 wants to merge 1 commit into
WhiteDNS:mainfrom
poulcarlsen53:fix/harden-profile-imports
Open

Confirm and validate StormDNS profile imports#49
poulcarlsen53 wants to merge 1 commit into
WhiteDNS:mainfrom
poulcarlsen53:fix/harden-profile-imports

Conversation

@poulcarlsen53

@poulcarlsen53 poulcarlsen53 commented May 23, 2026

Copy link
Copy Markdown

What changed

This hardens the profile import path and the generated StormDNS TOML:

  • stormdns:// links opened from Android now show a confirmation dialog before importing
  • the dialog shows the profile name, server domain, and encryption method without revealing the key
  • profile-link parsing is shared by preview and import so both paths validate the same data
  • imported profile names, domains, and keys reject control characters; domains also reject whitespace
  • TOML string escaping now handles newlines, tabs, carriage returns, backspace/form-feed, and other controls
  • unit tests cover preview parsing, rejected unsafe imports, and TOML escaping

Why

A browsable stormdns:// link previously imported and selected a profile immediately. For a DNS/proxy/VPN client, that is a risky default because a crafted link can change the server a user routes traffic through. The TOML renderer also escaped quotes and backslashes only, so control characters could produce invalid or surprising config output.

Verification

  • ./gradlew :app:testDebugUnitTest --tests shop.whitedns.client.model.WhiteDnsModelsTest --tests shop.whitedns.client.storm.StormDnsConfigRendererTest --no-daemon
  • ./gradlew :app:compileDebugSources --no-daemon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poulcarlsen53