Inconsistency in URLMatcher and URLPattern when matching trailing dot domains |
||||
Issue description
Hello guys! I have found that url_matcher::URLMatcher and URLPattern works
differently when matching domains that ends with a dot. Simple test shows
this behavior:
TEST(TrailingDotDomainMatch, Test) {
const GURL normal_domain("http://example.com/");
const GURL trailing_dot_domain("http://example.com./");
// Test URLMatcher.
using namespace url_matcher;
URLMatcher matcher;
URLMatcherConditionFactory* matcher_factory = matcher.condition_factory();
URLMatcherConditionSet::Conditions conditions;
conditions.insert(matcher_factory->CreateHostEqualsCondition("example.com"));
const int kConditionSetId = 1;
URLMatcherConditionSet::Vector conditions_vector;
conditions_vector.push_back(make_scoped_refptr(
new URLMatcherConditionSet(kConditionSetId, conditions)));
matcher.AddConditionSets(conditions_vector);
EXPECT_EQ(1u, matcher.MatchURL(normal_domain).size());
EXPECT_EQ(1u, matcher.MatchURL(trailing_dot_domain).size()); // This match succeedes.
// Test URLPattern.
const URLPattern pattern(URLPattern::SCHEME_HTTP, "*://example.com/*");
EXPECT_TRUE(pattern.MatchesURL(GURL(normal_domain)));
EXPECT_TRUE(pattern.MatchesURL(GURL(trailing_dot_domain))); // This match fails.
}
I think that in some cases this behavior of URLPattern can lead to some security
problems, like enabled extensions/userscripts on URLs where it is forbidden.
Is this a bug or a feature? Should we fix this behavior of URLPattern to properly
match both variations of domain?
,
Apr 25 2016
Domains that ends with a dot is a FQDN (fully qualified domain name). And it is perfectly valid. More information can be found here: http://www.dns-sd.org/trailingdotsindomainnames.html This can be used to abuse sites that does not have a redirect from this domains to normal ones.
,
Apr 25 2016
I stand corrected! Thank you for taking the time to prove me wrong. :)
,
Apr 26 2016
,
Apr 26 2016
,
May 5 2016
Any news here? I can prepare CL to fix URLPattern::MatchesHost() (by removing trailing dot from host) if someone agrees that this is not desired behavior.
,
Nov 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/453ab88927c99dc1564b66aaa9003b870f886201 commit 453ab88927c99dc1564b66aaa9003b870f886201 Author: sense <sense@yandex-team.ru> Date: Fri Nov 04 12:51:26 2016 Add implicit trailing dot domain matching support to URLPattern. url_matcher::URLMatcher handles both trailing dot and non trailing dot domains as same. This CL enables same behaviour for URLPattern to be consistent across different components. BUG= 606321 Review-Url: https://codereview.chromium.org/2455373002 Cr-Commit-Position: refs/heads/master@{#429867} [modify] https://crrev.com/453ab88927c99dc1564b66aaa9003b870f886201/extensions/common/url_pattern.cc [modify] https://crrev.com/453ab88927c99dc1564b66aaa9003b870f886201/extensions/common/url_pattern_unittest.cc [modify] https://crrev.com/453ab88927c99dc1564b66aaa9003b870f886201/extensions/common/user_script_unittest.cc
,
Nov 6 2017
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by d...@dan-atkinson.com
, Apr 25 2016