fix(xmpp): obfuscate client identity in protocol exchanges
All checks were successful
CI Code / Check spelling (pull_request) Successful in 12s
CI Code / Check coding style (pull_request) Successful in 24s
CI Code / Code Coverage (pull_request) Successful in 3m54s
CI Code / Linux (debian) (pull_request) Successful in 5m16s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m22s
CI Code / Linux (arch) (pull_request) Successful in 6m56s
CI Code / Check spelling (push) Successful in 13s
CI Code / Check coding style (push) Successful in 27s
CI Code / Code Coverage (push) Successful in 3m35s
CI Code / Linux (debian) (push) Successful in 5m41s
CI Code / Linux (ubuntu) (push) Successful in 5m52s
CI Code / Linux (arch) (push) Successful in 7m36s

Modify version responses to return a generic client name and omit
version strings. Drop the "profanity." prefix from dynamically
generated JID resources. Spoof the XEP-0115 capabilities node URI to
prevent service discovery/presence fingerprinting. These adjustments
reduce the client's attack surface by minimizing identifiable metadata.
This commit is contained in:
2026-07-09 15:23:16 +00:00
parent b34faa2099
commit c5dd0cf9df
14 changed files with 101 additions and 58 deletions

View File

@@ -601,11 +601,11 @@ prof_connect_with_roster(const char* roster)
assert_true(prof_output_regex(".+online.+ \\(priority 0\\)\\."));
expect_timeout = EXPECT_TIMEOUT_CONNECT;
// Wait for presence stanza to be sent (content-based, not ID-based)
// Wait for presence stanza to be sent
// Match the actual attribute order from stanza_attach_caps
assert_true(stbbr_received(
"<presence id=\"*\">"
"<c xmlns=\"http://jabber.org/protocol/caps\" hash=\"sha-1\" node=\"http://profanity-im.github.io\" ver=\"*\"/>"
"<c xmlns=\"http://jabber.org/protocol/caps\" hash=\"sha-1\" node=\"*\" ver=\"*\"/>"
"</presence>"));
}