Handle invalid IP addresses and applications for split tunneling [VPNWIN-3065]

Author: Mindaugas Veblauskas

src/Client/Localization/ProtonVPN.Client.Localization/Strings/en-US/Resources.resw

@@ -2452,6 +2452,9 @@
   <data name="Settings_Connection_SplitTunneling_Apps_Remove" xml:space="preserve">
     <value>Remove app</value>
   </data>
+  <data name="Settings_Connection_SplitTunneling_Apps_NotFound" xml:space="preserve">
+    <value>Application not found</value>
+  </data>
   <data name="Settings_Connection_SplitTunneling_Description" xml:space="preserve">
     <value>Customize your connection by deciding which apps and IP addresses are protected by VPN.</value>
   </data>

src/Client/ProtonVPN.Client/UI/Main/Features/SplitTunneling/SplitTunnelingWidgetViewModel.cs

@@ -218,7 +218,7 @@ private async Task InvalidateAppsAndIpsAsync()
             _ => []
         };
 
-        foreach (SplitTunnelingApp app in apps.Where(a => a.IsActive))
+        foreach (SplitTunnelingApp app in apps.Where(a => a.IsActive && File.Exists(a.AppFilePath)))
         {
             items.Add(await _splitTunnelingItemFactory.GetAppAsync(app, splitTunnelingMode));
         }

src/Client/ProtonVPN.Client/UI/Main/Settings/Pages/Connection/SplitTunnelingAppViewModel.cs

@@ -31,7 +31,10 @@ public partial class SplitTunnelingAppViewModel : ViewModelBase
     private readonly SplitTunnelingPageViewModel _parentViewModel;
 
     [ObservableProperty]
-    private bool _isActive;
+    private bool _isActive; 
+    
+    [ObservableProperty]
+    private bool _isValidPath;
 
     public string AppFilePath { get; }
 
@@ -63,6 +66,8 @@ public SplitTunnelingAppViewModel(
 
         AppFilePath = appFilePath;
         AlternateAppFilePaths = alternateAppFilePaths ?? new List<string>();
+
+        IsValidPath = File.Exists(AppFilePath);
     }
 
     [RelayCommand]
@@ -73,6 +78,11 @@ public void RemoveApp()
 
     public async Task InitializeAsync()
     {
+        if (!IsValidPath)
+        {
+            return;
+        }
+
         AppName = AppFilePath.GetAppName();
         OnPropertyChanged(nameof(AppName));
 

src/Client/ProtonVPN.Client/UI/Main/Settings/Pages/Connection/SplitTunnelingPageView.xaml

@@ -136,23 +136,39 @@ along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
                                             <ColumnDefinition Width="*" />
                                             <ColumnDefinition Width="Auto" />
                                         </Grid.ColumnDefinitions>
-                                        <CheckBox Grid.Column="0"
-                                                  IsChecked="{x:Bind IsActive, Mode=TwoWay}"
-                                                  ToolTipService.ToolTip="{x:Bind AppFilePath}">
-                                            <Grid ColumnSpacing="8">
-                                                <Grid.ColumnDefinitions>
-                                                    <ColumnDefinition Width="Auto" />
-                                                    <ColumnDefinition Width="*" />
-                                                </Grid.ColumnDefinitions>
-                                                <Image Grid.Column="0"
-                                                       Width="20"
-                                                       Height="20"
-                                                       Source="{x:Bind AppIcon}" />
-                                                <TextBlock Grid.Column="1"
-                                                           Text="{x:Bind AppName}"
-                                                           TextTrimming="CharacterEllipsis" />
-                                            </Grid>
-                                        </CheckBox>
+                                        <Border Grid.Column="0"
+                                                Background="Transparent"
+                                                ToolTipService.ToolTip="{x:Bind AppFilePath}">
+                                            <CheckBox IsChecked="{x:Bind IsActive, Mode=TwoWay}"
+                                                      IsEnabled="{x:Bind IsValidPath}">
+                                                <Grid ColumnSpacing="8">
+                                                    <Grid.ColumnDefinitions>
+                                                        <ColumnDefinition Width="Auto" />
+                                                        <ColumnDefinition Width="*" />
+                                                    </Grid.ColumnDefinitions>
+                                                    <Image Grid.Column="0"
+                                                           Width="20"
+                                                           Height="20"
+                                                           Source="{x:Bind AppIcon}"
+                                                           Visibility="{x:Bind IsValidPath, Converter={StaticResource BooleanToVisibilityConverter}}" />
+                                                    <TextBlock Grid.Column="1"
+                                                               Text="{x:Bind AppName}"
+                                                               TextTrimming="CharacterEllipsis"
+                                                               Visibility="{x:Bind IsValidPath, Converter={StaticResource BooleanToVisibilityConverter}}" />
+                                                    <pathicons:ExclamationCircleFilled Grid.Column="0"
+                                                                                       Foreground="{ThemeResource SignalDangerColorBrush}"
+                                                                                       Opacity="0.6"
+                                                                                       Size="Pixels20"
+                                                                                       Visibility="{x:Bind IsValidPath, Converter={StaticResource NotBooleanToVisibilityConverter}}" />
+                                                    <TextBlock Grid.Column="1"
+                                                               Foreground="{ThemeResource SignalDangerColorBrush}"
+                                                               Opacity="0.6"
+                                                               Text="{x:Bind Localizer.Get('Settings_Connection_SplitTunneling_Apps_NotFound')}"
+                                                               TextTrimming="CharacterEllipsis"
+                                                               Visibility="{x:Bind IsValidPath, Converter={StaticResource NotBooleanToVisibilityConverter}}" />
+                                                </Grid>
+                                            </CheckBox>
+                                        </Border>
                                         <custom:GhostButton Grid.Column="1"
                                                             AutomationProperties.AutomationId="RemoveAppButton"
                                                             AutomationProperties.Name="{x:Bind Localizer.Get('Settings_Connection_SplitTunneling_Apps_Remove')}"
@@ -181,23 +197,39 @@ along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
                                             <ColumnDefinition Width="*" />
                                             <ColumnDefinition Width="Auto" />
                                         </Grid.ColumnDefinitions>
-                                        <CheckBox Grid.Column="0"
-                                                  IsChecked="{x:Bind IsActive, Mode=TwoWay}"
-                                                  ToolTipService.ToolTip="{x:Bind AppFilePath}">
-                                            <Grid ColumnSpacing="8">
-                                                <Grid.ColumnDefinitions>
-                                                    <ColumnDefinition Width="Auto" />
-                                                    <ColumnDefinition Width="*" />
-                                                </Grid.ColumnDefinitions>
-                                                <Image Grid.Column="0"
-                                                       Width="20"
-                                                       Height="20"
-                                                       Source="{x:Bind AppIcon}" />
-                                                <TextBlock Grid.Column="1"
-                                                           Text="{x:Bind AppName}"
-                                                           TextTrimming="CharacterEllipsis" />
-                                            </Grid>
-                                        </CheckBox>
+                                        <Border Grid.Column="0"
+                                                Background="Transparent"
+                                                ToolTipService.ToolTip="{x:Bind AppFilePath}">
+                                            <CheckBox IsChecked="{x:Bind IsActive, Mode=TwoWay}"
+                                                      IsEnabled="{x:Bind IsValidPath}">
+                                                <Grid ColumnSpacing="8">
+                                                    <Grid.ColumnDefinitions>
+                                                        <ColumnDefinition Width="Auto" />
+                                                        <ColumnDefinition Width="*" />
+                                                    </Grid.ColumnDefinitions>
+                                                    <Image Grid.Column="0"
+                                                           Width="20"
+                                                           Height="20"
+                                                           Source="{x:Bind AppIcon}"
+                                                           Visibility="{x:Bind IsValidPath, Converter={StaticResource BooleanToVisibilityConverter}}" />
+                                                    <TextBlock Grid.Column="1"
+                                                               Text="{x:Bind AppName}"
+                                                               TextTrimming="CharacterEllipsis"
+                                                               Visibility="{x:Bind IsValidPath, Converter={StaticResource BooleanToVisibilityConverter}}" />
+                                                    <pathicons:ExclamationCircleFilled Grid.Column="0"
+                                                                                       Foreground="{ThemeResource SignalDangerColorBrush}"
+                                                                                       Opacity="0.6"
+                                                                                       Size="Pixels20"
+                                                                                       Visibility="{x:Bind IsValidPath, Converter={StaticResource NotBooleanToVisibilityConverter}}" />
+                                                    <TextBlock Grid.Column="1"
+                                                               Foreground="{ThemeResource SignalDangerColorBrush}"
+                                                               Opacity="0.6"
+                                                               Text="{x:Bind Localizer.Get('Settings_Connection_SplitTunneling_Apps_NotFound')}"
+                                                               TextTrimming="CharacterEllipsis"
+                                                               Visibility="{x:Bind IsValidPath, Converter={StaticResource NotBooleanToVisibilityConverter}}" />
+                                                </Grid>
+                                            </CheckBox>
+                                        </Border>
                                         <custom:GhostButton Grid.Column="1"
                                                             AutomationProperties.AutomationId="RemoveAppButton"
                                                             AutomationProperties.Name="{x:Bind Localizer.Get('Settings_Connection_SplitTunneling_Apps_Remove')}"
@@ -300,8 +332,8 @@ along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
                                                             HorizontalAlignment="Left"
                                                             AutomationProperties.AutomationId="ShowIpv6DisabledWarningButton"
                                                             AutomationProperties.Name="{x:Bind Localizer.Get('Settings_Common_Ipv6WarningButton')}"
-                                                            ToolTipService.ToolTip="{x:Bind Localizer.Get('Settings_Common_Ipv6WarningButton')}"
                                                             Command="{x:Bind ShowIpv6DisabledWarningCommand, Mode=OneTime}"
+                                                            ToolTipService.ToolTip="{x:Bind Localizer.Get('Settings_Common_Ipv6WarningButton')}"
                                                             Visibility="{x:Bind IsInactiveDueToIpv6Disabled, Converter={StaticResource BooleanToVisibilityConverter}, Mode=OneTime}">
                                             <custom:GhostButton.LeftIcon>
                                                 <pathicons:ExclamationCircle />
@@ -322,8 +354,8 @@ along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
                         </ItemsRepeater>
 
                         <TextBlock Grid.Row="1"
-                                   Style="{StaticResource CaptionStrongTextBlockStyle}"
                                    Margin="0,0,0,8"
+                                   Style="{StaticResource CaptionStrongTextBlockStyle}"
                                    Text="{x:Bind ViewModel.Localizer.Get('Settings_Connection_SplitTunneling_IpAddresses_AddNew')}" />
 
                         <TextBox Grid.Row="2"

src/Logging/ProtonVPN.Logging.Contracts/Categories/AppServiceLogCategory.cs

@@ -17,8 +17,6 @@
  * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-using ProtonVPN.Logging.Contracts;
-
 namespace ProtonVPN.Logging.Contracts.Categories
 {
     public class AppServiceLogCategory : ILogCategory

src/Logging/ProtonVPN.Logging.Contracts/Categories/SplitTunnelLogCategory.cs

@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2025 Proton AG
+ *
+ * This file is part of ProtonVPN.
+ *
+ * ProtonVPN is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * ProtonVPN is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace ProtonVPN.Logging.Contracts.Categories;
+
+public class SplitTunnelLogCategory : ILogCategory
+{
+    public string Category => "SPLIT.TUNNEL";
+}

src/Logging/ProtonVPN.Logging.Contracts/Events/SplitTunnelLogs/SplitTunnelLog.cs

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2025 Proton AG
+ *
+ * This file is part of ProtonVPN.
+ *
+ * ProtonVPN is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * ProtonVPN is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ProtonVPN.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+using ProtonVPN.Logging.Contracts.Categories;
+
+namespace ProtonVPN.Logging.Contracts.Events.SplitTunnelLogs;
+
+public class SplitTunnelLog : LogEventBase<SplitTunnelLogCategory>
+{
+    protected override string Event => null;
+}

src/ProtonVPN.IpFilterLib/filter.cpp

@@ -250,30 +250,37 @@ unsigned int IPFilterCreateAppFilter(
 {
     std::vector<ipfilter::condition::Condition> conditions{};
 
-    if (appIdentifier != nullptr)
+    try
     {
-        // Check if it's a file path (contains backslash or drive letter) vs package family name
-        // Package family names have format like "PackageName_PublisherId" and don't contain path separators
-        bool isFilePath = (wcschr(appIdentifier, L'\\') != nullptr) ||
-            (wcschr(appIdentifier, L'/') != nullptr) ||
-            (wcslen(appIdentifier) >= 3 && appIdentifier[1] == L':');
-
-        if (isFilePath)
-        {
-            conditions.push_back(
-                ipfilter::condition::applicationId(
-                    ipfilter::matcher::equal(),
-                    ipfilter::value::ApplicationId::fromFilePath(appIdentifier)));
-        }
-        else
+        if (appIdentifier != nullptr)
         {
-            // Assume it's a package family name
-            conditions.push_back(
-                ipfilter::condition::packageFamilyName(
-                    ipfilter::matcher::equal(),
-                    ipfilter::value::SecurityIdentifier::fromPackageFamilyName(appIdentifier)));
+            // Check if it's a file path (contains backslash or drive letter) vs package family name
+            // Package family names have format like "PackageName_PublisherId" and don't contain path separators
+            bool isFilePath = (wcschr(appIdentifier, L'\\') != nullptr) ||
+                (wcschr(appIdentifier, L'/') != nullptr) ||
+                (wcslen(appIdentifier) >= 3 && appIdentifier[1] == L':');
+
+            if (isFilePath)
+            {
+                conditions.push_back(
+                    ipfilter::condition::applicationId(
+                        ipfilter::matcher::equal(),
+                        ipfilter::value::ApplicationId::fromFilePath(appIdentifier)));
+            }
+            else
+            {
+                // Assume it's a package family name
+                conditions.push_back(
+                    ipfilter::condition::packageFamilyName(
+                        ipfilter::matcher::equal(),
+                        ipfilter::value::SecurityIdentifier::fromPackageFamilyName(appIdentifier)));
+            }
         }
     }
+    catch (...)
+    {
+        return E_INVALIDARG;
+    }
 
     if (isDnsPortExcluded)
     {
@@ -416,24 +423,31 @@ unsigned int IPFilterCreateRemoteNetworkIPFilter(
 {
     std::vector<ipfilter::condition::Condition> conditions{};
 
-    if (addr->isIpv6)
+    try
     {
-        auto address = ipfilter::ip::makeAddressV6(addr->address, addr->prefix);
-        auto networkAddrCondition = ipfilter::condition::remoteIpV6AddressWithPrefix(
-            ipfilter::matcher::equal(),
-            ipfilter::value::IpAddressV6WithPrefix(address));
+        if (addr->isIpv6)
+        {
+            auto address = ipfilter::ip::makeAddressV6(addr->address, addr->prefix);
+            auto networkAddrCondition = ipfilter::condition::remoteIpV6AddressWithPrefix(
+                ipfilter::matcher::equal(),
+                ipfilter::value::IpAddressV6WithPrefix(address));
 
-        conditions.push_back(networkAddrCondition);
+            conditions.push_back(networkAddrCondition);
+        }
+        else
+        {
+            auto address = ipfilter::ip::makeAddressV4(addr->address);
+            auto mask = ipfilter::ip::makeAddressV4(addr->mask);
+            auto networkAddrCondition = ipfilter::condition::remoteIpNetworkAddressV4(
+                ipfilter::matcher::equal(),
+                ipfilter::value::IpNetworkAddressV4(address, mask));
+
+            conditions.push_back(networkAddrCondition);
+        }
     }
-    else
+    catch (...)
     {
-        auto address = ipfilter::ip::makeAddressV4(addr->address);
-        auto mask = ipfilter::ip::makeAddressV4(addr->mask);
-        auto networkAddrCondition = ipfilter::condition::remoteIpNetworkAddressV4(
-            ipfilter::matcher::equal(),
-            ipfilter::value::IpNetworkAddressV4(address, mask));
-
-        conditions.push_back(networkAddrCondition);
+        return E_INVALIDARG;
     }
 
     return IPFilterCreateFilter(
@@ -809,4 +823,4 @@ unsigned int PermitInboundIpv6Dhcp(
         },
         persistent,
         filterKey);
-}
+}