New issue
Advanced search Search tips

Issue 737315 link

Starred by 1 user
Status: Fixed
Owner:
nrpeter@chromium.org
Closed: Jul 2017
Cc:
est...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug-Security



Sign in to add a comment

Effective TLD wildcarding for ExtensionSettings not working

Project Member Reported by nrpeter@chromium.org, Jun 27 2017 
Chrome Version: Version 61.0.3135.4 (Official Build) dev (64-bit)
OS: Linux

What steps will reproduce the problem?
(1) Load testing extension
(2) Craft policy for testing extension blocking runtime access to *://*.example.*
(3) Reload policy
(4) Browse to example.com and see test extension inject code

What is the expected result?
Test extension blocks injection into example.com

What happens instead?
Test extension injects into example.com

Please use labels and text to provide additional information.


For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by est...@chromium.org, Jun 27 2017 

I'm a bit confused, is "http://example.com" supposed to match *://*.example.*? I would think *.example.com would only match subdomains of example.com.

Comment 2 by est...@chromium.org, Jun 27 2017

Components: Platform>Extensions
Labels: -Type-Bug Restrict-View-SecurityTeam Type-Bug-Security

Comment 3 by est...@chromium.org, Jun 27 2017

Labels: Security_Impact-None
Marking Security_Impact-None because nrpeter tells me the feature hasn't launched yet.

Comment 4 by nrpeter@chromium.org, Jun 27 2017 

Yes, http://example.com should match *://*.example.*. The wildcard at the end of the URLPattern indicates it should match any effective TLD. 

This means *://*.example.* also matches https://test.example.co and http://example.co.uk.

Feature will launch with M61.

Comment 5 by est...@chromium.org, Jun 28 2017

Cc: est...@chromium.org
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/605f1df1854d4bc8868bfbd3bc4945c8d200ece0

commit 605f1df1854d4bc8868bfbd3bc4945c8d200ece0
Author: nrpeter <nrpeter@google.com>
Date: Fri Jun 30 23:24:04 2017

To use URLPattern with an effective TLD wildcard, a second parameter must be passed to the constructor specifically allowing this.

The IPC message parsing for URLPattern should always accept an effective TLD wildcard. This is since the check would have been done on the initial parse to populate a URLPattern.

This adds a unit test of the runtime blocked hosts and runtime allowed hosts in the extension messages IPC. This also adds a browser test for an effective TLD wildcard.

BUG= 737315 

Review-Url: https://codereview.chromium.org/2957233002
Cr-Commit-Position: refs/heads/master@{#483860}

[modify] https://crrev.com/605f1df1854d4bc8868bfbd3bc4945c8d200ece0/chrome/browser/extensions/content_script_apitest.cc
[modify] https://crrev.com/605f1df1854d4bc8868bfbd3bc4945c8d200ece0/extensions/common/extension_messages.cc
[modify] https://crrev.com/605f1df1854d4bc8868bfbd3bc4945c8d200ece0/extensions/common/extension_messages_unittest.cc

Comment 7 by nrpeter@chromium.org, Jul 5 2017

Status: Fixed (was: Started)
Project Member

Comment 8 by sheriffbot@chromium.org, Jul 6 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 12 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment