Skip to content
This repository was archived by the owner on Dec 11, 2019. It is now read-only.

Fix websockets bypass in Brave filtering #7121

Merged
merged 1 commit into from
Feb 21, 2017
Merged

Fix websockets bypass in Brave filtering #7121

merged 1 commit into from
Feb 21, 2017

Conversation

diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Feb 8, 2017
edited
Loading

Fix #6997.
Requires brave/muon#160

Auditors: @bridiver

Test Plan: covered by automated test

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).

@diracdeltas diracdeltas requested a review from bridiver February 8, 2017 01:24
diracdeltas
diracdeltas commented Feb 8, 2017
View reviewed changes
test/components/braveryPanelTest.js Outdated
})
// Assume blocking websockets is working if the time difference between
// onerror firing with adblock on vs off is sufficiently high.
assert(time2 - time1 > 100)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fwiw this test would be nicer if there were a way in webdriver to inspect the page console output. if the connection is blocked in app/filtering.js, it will show a CONNECTION_BLOCKED message. it shows a different error message when the connection is attempted but fails.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't it succeed if it isn't blocked?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bridiver no because "ws://ag.innovid.com/dv/sync?tid=2" doesn't support websockets. it fails either way: either because it's blocked by adblock (the fast case) or because the server response is incorrect (the slow case)

Copy link
Collaborator

@bridiver bridiver Feb 8, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that seems really fragile to me. I think we should mock up or add something that should be blocked. For now maybe we could even do it through site hacks in test only

bridiver
bridiver reviewed Feb 8, 2017
View reviewed changes
test/fixtures/websockets.html Outdated
<div id='errorTime'></div>
<script>
// This should get blocked by adblock if it is on
var exampleSocket = new WebSocket("ws://ag.innovid.com/dv/sync?tid=2");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use webpack for the blocked ws to prevent a false positive for the error?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure i understand. the webpack ws URL is not in adblock, so it shouldn't get blocked?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment above about mocking, but are there any patterns for ad block that have a wildcard domain? Another options would be to have a separate adblock file for testing or add a localhost match with a uuid path (wildcard port)

bridiver
bridiver reviewed Feb 8, 2017
View reviewed changes
test/components/braveryPanelTest.js Outdated
let time1 = 0
let time2 = 0
yield this.app.client
.waitForDataFile('adblock')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should really add a way to mock the adblock data so we don't have to wait for the download or worry about connection errors and changes in the adblock file contents

@diracdeltas diracdeltas added this to the 0.13.4 milestone Feb 8, 2017
@diracdeltas
Copy link
Member Author

talked to brianj on slack. the underlying issue causing this PR to be fragile is that the tabId for websockets is -1 because GetRenderFrameForRequest is false for ws and wss URLs. however this may be fixed with the Chromium 56 upgrade [1] so i'll redo this PR after that is out.

[1] https://chromium.googlesource.com/chromium/src/+/4a593833d44a457f177f99b2c907bd0f6ae397f7

@bbondy bbondy modified the milestones: 0.13.6, 0.13.5 Feb 16, 2017
@diracdeltas
Fix websockets bypass in Brave filtering
f91f678 
Fix #6997.
Requires brave/muon#160

Auditors: @bridiver

Test Plan: covered by automated test
@diracdeltas diracdeltas modified the milestones: 0.13.5, 0.13.6 Feb 16, 2017
@diracdeltas
Copy link
Member Author

@bridiver i fixed the websockets tabid issue in brave/muon#160 so the test is no longer fragile

@diracdeltas
Copy link
Member Author

muon changes are now in master

@diracdeltas diracdeltas merged commit 91ba85b into master Feb 21, 2017
@diracdeltas diracdeltas deleted the fix/6997 branch February 21, 2017 22:27
@bridiver
Copy link
Collaborator

++

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bridiver bridiver bridiver left review comments

Assignees
No one assigned
Labels
feature/adblock security
Projects
None yet
Milestone
0.13.5
Development

Successfully merging this pull request may close these issues.
4 participants
@diracdeltas @bridiver @bbondy @luixxiul