From bc9c5799b10859a19caaa74b3e2c3e78fd9dbde6 Mon Sep 17 00:00:00 2001 From: arm64v8a <48624112+arm64v8a@users.noreply.github.com> Date: Mon, 24 Apr 2023 14:21:06 +0900 Subject: [PATCH] delete insecure hint --- CMakeLists.txt | 1 - fmt/AbstractBean.hpp | 4 --- fmt/InsecureHint.cpp | 61 ------------------------------------ fmt/ShadowSocksBean.hpp | 2 -- fmt/SocksHttpBean.hpp | 2 -- fmt/TrojanVLESSBean.hpp | 2 -- fmt/V2RayStreamSettings.hpp | 2 -- fmt/VMessBean.hpp | 2 -- main/NekoRay.cpp | 1 - main/NekoRay_DataStore.hpp | 1 - translations/fa_IR.ts | 24 ++------------ translations/zh_CN.ts | 12 +++---- ui/dialog_basic_settings.cpp | 2 -- ui/dialog_basic_settings.ui | 7 ----- ui/mainwindow.cpp | 5 --- ui/mainwindow_grpc.cpp | 2 -- 16 files changed, 8 insertions(+), 122 deletions(-) delete mode 100644 fmt/InsecureHint.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index f9bb4ba..e5e67b2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -170,7 +170,6 @@ set(PROJECT_SOURCES fmt/Bean2CoreObj_box.cpp fmt/Bean2External.cpp fmt/Bean2Link.cpp - fmt/InsecureHint.cpp fmt/Link2Bean.cpp fmt/ChainBean.hpp # translate diff --git a/fmt/AbstractBean.hpp b/fmt/AbstractBean.hpp index f118b57..e8a3c69 100644 --- a/fmt/AbstractBean.hpp +++ b/fmt/AbstractBean.hpp @@ -63,10 +63,6 @@ namespace NekoRay::fmt { virtual ExternalBuildResult BuildExternal(int mapping_port, int socks_port, int external_stat) { return {}; }; virtual QString ToShareLink() { return {}; }; - - virtual QString InsecureHint() { return {}; }; - - QString DisplayInsecureHint(); }; } // namespace NekoRay::fmt diff --git a/fmt/InsecureHint.cpp b/fmt/InsecureHint.cpp deleted file mode 100644 index f7d0420..0000000 --- a/fmt/InsecureHint.cpp +++ /dev/null @@ -1,61 +0,0 @@ -#include "V2RayStreamSettings.hpp" -#include "ShadowSocksBean.hpp" -#include "VMessBean.hpp" -#include "TrojanVLESSBean.hpp" -#include "SocksHttpBean.hpp" - -namespace NekoRay::fmt { - QString AbstractBean::DisplayInsecureHint() { - if (!dataStore->insecure_hint) return {}; - auto insecure_hint = InsecureHint(); - auto stream = GetStreamSettings(this); - if (stream != nullptr) insecure_hint += "\n" + stream->InsecureHint(); - return insecure_hint.trimmed(); - } - - QString V2rayStreamSettings::InsecureHint() const { - if (allow_insecure) { - return QObject::tr("The configuration (insecure) can be detected and identified, the transmission is fully visible to the censor and is not resistant to man-in-the-middle tampering with the content of the communication."); - } - return {}; - } - - QString ShadowSocksBean::InsecureHint() { - if (method.contains("-poly") || method.contains("-gcm")) { - return {}; - } - return QObject::tr( - "This configuration (Shadowsocks streaming cipher) can be accurately proactively detected and decrypted by censors without requiring a password, and cannot be mitigated by turning on IV replay filters on the server side.\n" - "\n" - "Learn more: https://github.com/net4people/bbs/issues/24"); - } - - QString VMessBean::InsecureHint() { - if (security == "none" || security == "zero") { - if (stream->security.isEmpty()) { - return QObject::tr("This profile is cleartext, don't use it if the server is not in your local network."); - } - } - if (aid > 0) { - return QObject::tr( - "This configuration (VMess MD5 authentication) has been deprecated by upstream because of its questionable resistance to tampering and concealment.\n" - "\n" - "As of January 1, 2022, compatibility with MD5 authentication information will be disabled on the server side by default. Any client using MD5 authentication information will not be able to connect to a server with VMess MD5 authentication information disabled."); - } - return {}; - } - - QString TrojanVLESSBean::InsecureHint() { - if (stream->security.isEmpty()) { - return QObject::tr("This profile is cleartext, don't use it if the server is not in your local network."); - } - return {}; - } - - QString SocksHttpBean::InsecureHint() { - if (stream->security.isEmpty()) { - return QObject::tr("This profile is cleartext, don't use it if the server is not in your local network."); - } - return {}; - } -} // namespace NekoRay::fmt diff --git a/fmt/ShadowSocksBean.hpp b/fmt/ShadowSocksBean.hpp index 829a79f..d0b0159 100644 --- a/fmt/ShadowSocksBean.hpp +++ b/fmt/ShadowSocksBean.hpp @@ -28,7 +28,5 @@ namespace NekoRay::fmt { bool TryParseLink(const QString &link); QString ToShareLink() override; - - QString InsecureHint() override; }; } // namespace NekoRay::fmt diff --git a/fmt/SocksHttpBean.hpp b/fmt/SocksHttpBean.hpp index 8180b40..0ff497b 100644 --- a/fmt/SocksHttpBean.hpp +++ b/fmt/SocksHttpBean.hpp @@ -33,7 +33,5 @@ namespace NekoRay::fmt { bool TryParseLink(const QString &link); QString ToShareLink() override; - - QString InsecureHint() override; }; } // namespace NekoRay::fmt diff --git a/fmt/TrojanVLESSBean.hpp b/fmt/TrojanVLESSBean.hpp index 204f696..bdfd356 100644 --- a/fmt/TrojanVLESSBean.hpp +++ b/fmt/TrojanVLESSBean.hpp @@ -31,7 +31,5 @@ namespace NekoRay::fmt { bool TryParseLink(const QString &link); QString ToShareLink() override; - - QString InsecureHint() override; }; } // namespace NekoRay::fmt \ No newline at end of file diff --git a/fmt/V2RayStreamSettings.hpp b/fmt/V2RayStreamSettings.hpp index 4d43f4d..27495bb 100644 --- a/fmt/V2RayStreamSettings.hpp +++ b/fmt/V2RayStreamSettings.hpp @@ -47,8 +47,6 @@ namespace NekoRay::fmt { QJsonObject BuildStreamSettingsV2Ray(); void BuildStreamSettingsSingBox(QJsonObject *outbound); - - [[nodiscard]] QString InsecureHint() const; }; inline V2rayStreamSettings *GetStreamSettings(AbstractBean *bean) { diff --git a/fmt/VMessBean.hpp b/fmt/VMessBean.hpp index f6c5703..6681ca1 100644 --- a/fmt/VMessBean.hpp +++ b/fmt/VMessBean.hpp @@ -28,7 +28,5 @@ namespace NekoRay::fmt { bool TryParseLink(const QString &link); QString ToShareLink() override; - - QString InsecureHint() override; }; } // namespace NekoRay::fmt diff --git a/main/NekoRay.cpp b/main/NekoRay.cpp index 197a2d9..9d02ca3 100644 --- a/main/NekoRay.cpp +++ b/main/NekoRay.cpp @@ -47,7 +47,6 @@ namespace NekoRay { _add(new configItem("remember_enable", &remember_enable, itemType::boolean)); _add(new configItem("language", &language, itemType::integer)); _add(new configItem("spmode", &remember_spmode, itemType::integer)); - _add(new configItem("insecure_hint", &insecure_hint, itemType::boolean)); _add(new configItem("skip_cert", &skip_cert, itemType::boolean)); _add(new configItem("hk_mw", &hotkey_mainwindow, itemType::string)); _add(new configItem("hk_group", &hotkey_group, itemType::string)); diff --git a/main/NekoRay_DataStore.hpp b/main/NekoRay_DataStore.hpp index d353c10..5fcbd25 100644 --- a/main/NekoRay_DataStore.hpp +++ b/main/NekoRay_DataStore.hpp @@ -99,7 +99,6 @@ namespace NekoRay { bool sub_insecure = false; // Security - bool insecure_hint = true; bool skip_cert = false; int enable_js_hook = 0; QString utlsFingerprint = ""; diff --git a/translations/fa_IR.ts b/translations/fa_IR.ts index 7225677..410a111 100644 --- a/translations/fa_IR.ts +++ b/translations/fa_IR.ts @@ -102,7 +102,7 @@ Insecure hint - اشاره ناامن + اشاره ناامن Statistics refresh rate @@ -1328,7 +1328,7 @@ End: %2 Profile is insecure: %1 - پروفایل ناامن می باشد: %1 + پروفایل ناامن می باشد: %1 Stopping profile %1 @@ -1465,26 +1465,6 @@ Deleted %3 Profiles: Chain Proxy پروکسی زنجیره ای - - The configuration (insecure) can be detected and identified, the transmission is fully visible to the censor and is not resistant to man-in-the-middle tampering with the content of the communication. - - - - This configuration (Shadowsocks streaming cipher) can be accurately proactively detected and decrypted by censors without requiring a password, and cannot be mitigated by turning on IV replay filters on the server side. - -Learn more: https://github.com/net4people/bbs/issues/24 - - - - This profile is cleartext, don't use it if the server is not in your local network. - - - - This configuration (VMess MD5 authentication) has been deprecated by upstream because of its questionable resistance to tampering and concealment. - -As of January 1, 2022, compatibility with MD5 authentication information will be disabled on the server side by default. Any client using MD5 authentication information will not be able to connect to a server with VMess MD5 authentication information disabled. - - Core not found: %1 diff --git a/translations/zh_CN.ts b/translations/zh_CN.ts index c7a967f..0e29d79 100644 --- a/translations/zh_CN.ts +++ b/translations/zh_CN.ts @@ -97,7 +97,7 @@ Insecure hint - 提示不安全的配置 + 提示不安全的配置 Statistics refresh rate @@ -1144,7 +1144,7 @@ End: %2 Profile is insecure: %1 - 配置不安全: %1 + 配置不安全: %1 Remove Unavailable @@ -1453,13 +1453,13 @@ Release note: The configuration (insecure) can be detected and identified, the transmission is fully visible to the censor and is not resistant to man-in-the-middle tampering with the content of the communication. - 该配置 (不安全) 能够被检测识别,传输的内容对审查者完全可见,并且无法抵抗中间人篡改通讯内容. + 该配置 (不安全) 能够被检测识别,传输的内容对审查者完全可见,并且无法抵抗中间人篡改通讯内容. This configuration (Shadowsocks streaming cipher) can be accurately proactively detected and decrypted by censors without requiring a password, and cannot be mitigated by turning on IV replay filters on the server side. Learn more: https://github.com/net4people/bbs/issues/24 - 该配置 (Shadowsocks 流式密码) 可以被准确地主动探测、在不需要密码的情况下被审查者解密流量, 且服务端开启 IV 重放过滤器也无法缓解. + 该配置 (Shadowsocks 流式密码) 可以被准确地主动探测、在不需要密码的情况下被审查者解密流量, 且服务端开启 IV 重放过滤器也无法缓解. 了解更多: https://github.com/net4people/bbs/issues/24 @@ -1467,7 +1467,7 @@ Learn more: https://github.com/net4people/bbs/issues/24 This configuration (VMess MD5 authentication) has been deprecated by upstream because of its questionable resistance to tampering and concealment. As of January 1, 2022, compatibility with MD5 authentication information will be disabled on the server side by default. Any client using MD5 authentication information will not be able to connect to a server with VMess MD5 authentication information disabled. - 该配置 (VMess MD5 认证) 抗篡改能力存疑, 隐蔽性存疑, 已被上游废弃. + 该配置 (VMess MD5 认证) 抗篡改能力存疑, 隐蔽性存疑, 已被上游废弃. 自 2022 年 1 月 1 日起, 服务器端将默认禁用对于 MD5 认证信息 的兼容. 任何使用 MD5 认证信息的客户端将无法连接到禁用 VMess MD5 认证信息的服务器端. @@ -1489,7 +1489,7 @@ As of January 1, 2022, compatibility with MD5 authentication information will be This profile is cleartext, don't use it if the server is not in your local network. - 该配置为明文传输,如果服务器不在本地局域网,请不要使用。 + 该配置为明文传输,如果服务器不在本地局域网,请不要使用。 Select diff --git a/ui/dialog_basic_settings.cpp b/ui/dialog_basic_settings.cpp index 7d0b786..e97b93d 100644 --- a/ui/dialog_basic_settings.cpp +++ b/ui/dialog_basic_settings.cpp @@ -248,7 +248,6 @@ DialogBasicSettings::DialogBasicSettings(QWidget *parent) ui->utlsFingerprint->addItems(IS_NEKO_BOX ? Preset::SingBox::UtlsFingerPrint : Preset::V2Ray::UtlsFingerPrint); - D_LOAD_BOOL(insecure_hint) D_LOAD_BOOL(skip_cert) ui->enable_js_hook->setCurrentIndex(NekoRay::dataStore->enable_js_hook); ui->utlsFingerprint->setCurrentText(NekoRay::dataStore->utlsFingerprint); @@ -304,7 +303,6 @@ void DialogBasicSettings::accept() { // Security - D_SAVE_BOOL(insecure_hint) D_SAVE_BOOL(skip_cert) NekoRay::dataStore->enable_js_hook = ui->enable_js_hook->currentIndex(); NekoRay::dataStore->utlsFingerprint = ui->utlsFingerprint->currentText(); diff --git a/ui/dialog_basic_settings.ui b/ui/dialog_basic_settings.ui index adc5edb..13bb17a 100644 --- a/ui/dialog_basic_settings.ui +++ b/ui/dialog_basic_settings.ui @@ -663,13 +663,6 @@ Security - - - - Insecure hint - - - diff --git a/ui/mainwindow.cpp b/ui/mainwindow.cpp index ce0ff61..a6f2be8 100644 --- a/ui/mainwindow.cpp +++ b/ui/mainwindow.cpp @@ -933,11 +933,6 @@ void MainWindow::refresh_proxy_list_impl_refresh_data(const int &id) { // C0: Type auto f = f0->clone(); f->setText(profile->bean->DisplayType()); - auto insecure_hint = profile->bean->DisplayInsecureHint(); - if (!insecure_hint.isEmpty()) { - f->setBackground(Qt::red); - f->setToolTip(insecure_hint); - } ui->proxyListTable->setItem(row, 0, f); // C1: Address+Port diff --git a/ui/mainwindow_grpc.cpp b/ui/mainwindow_grpc.cpp index 209f3a3..3e94909 100644 --- a/ui/mainwindow_grpc.cpp +++ b/ui/mainwindow_grpc.cpp @@ -216,8 +216,6 @@ void MainWindow::neko_start(int _id) { if (NekoRay::dataStore->started_id >= 0) neko_stop(); show_log_impl(">>>>>>>> " + tr("Starting profile %1").arg(ent->bean->DisplayTypeAndName())); - auto insecure_hint = ent->bean->DisplayInsecureHint(); - if (!insecure_hint.isEmpty()) show_log_impl(">>>>>>>> " + tr("Profile is insecure: %1").arg(insecure_hint)); #ifndef NKR_NO_GRPC libcore::LoadConfigReq req;