-
Notifications
You must be signed in to change notification settings - Fork 868
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PDF checks for blocking should use proper tab origin #958
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "brave/browser/net/url_context.h" | ||
#include "chrome/test/base/chrome_render_view_host_test_harness.h" | ||
#include "content/public/test/test_browser_thread_bundle.h" | ||
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | ||
#include "net/url_request/url_request_test_util.h" | ||
#include "url/gurl.h" | ||
|
||
namespace { | ||
|
||
class URLContextTest: public testing::Test { | ||
public: | ||
URLContextTest() : | ||
thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP), | ||
context_(new net::TestURLRequestContext(true)) { | ||
} | ||
|
||
~URLContextTest() override {} | ||
|
||
void SetUp() override { | ||
context_->Init(); | ||
} | ||
|
||
net::TestURLRequestContext* context() { return context_.get(); } | ||
|
||
protected: | ||
|
||
private: | ||
content::TestBrowserThreadBundle thread_bundle_; | ||
std::unique_ptr<net::TestURLRequestContext> context_; | ||
}; | ||
|
||
TEST_F(URLContextTest, TabHostResolvesProperlyForTabContext) { | ||
GURL url("https://www.brave.com/prime_numbers/127"); | ||
net::TestDelegate test_delegate; | ||
std::unique_ptr<net::URLRequest> request = | ||
context()->CreateRequest(url, net::IDLE, &test_delegate, | ||
TRAFFIC_ANNOTATION_FOR_TESTS); | ||
request->set_site_for_cookies(GURL("https://be.brave.com/test.html")); | ||
|
||
std::shared_ptr<brave::BraveRequestInfo> | ||
brave_request_info(new brave::BraveRequestInfo()); | ||
brave::BraveRequestInfo::FillCTXFromRequest(request.get(), brave_request_info); | ||
ASSERT_EQ(brave_request_info->tab_origin, "https://be.brave.com/"); | ||
} | ||
|
||
TEST_F(URLContextTest, PDFJSTabHostResolvesProperlyForTabContext) { | ||
GURL url("https://www.brave.com/prime_numbers/131"); | ||
net::TestDelegate test_delegate; | ||
std::unique_ptr<net::URLRequest> request = | ||
context()->CreateRequest(url, net::IDLE, &test_delegate, | ||
TRAFFIC_ANNOTATION_FOR_TESTS); | ||
request->set_site_for_cookies(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://example.com/test.pdf")); | ||
|
||
std::shared_ptr<brave::BraveRequestInfo> | ||
brave_request_info(new brave::BraveRequestInfo()); | ||
brave::BraveRequestInfo::FillCTXFromRequest(request.get(), brave_request_info); | ||
ASSERT_EQ(brave_request_info->tab_origin, "https://example.com/"); | ||
} | ||
|
||
} // namespace | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "brave/common/extensions/extension_constants.h" | ||
#include "brave/common/url_util.h" | ||
#include "url/gurl.h" | ||
|
||
namespace brave { | ||
|
||
GURL GetURLOrPDFURL(const GURL& url) { | ||
if (url.SchemeIs("chrome-extension") && | ||
url.host() == pdfjs_extension_id) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [minor] it would be helpful to set then this check can be replaced with |
||
static size_t pdfjs_substring_len = (std::string("chrome-extension://") + | ||
pdfjs_extension_id + "/").length(); | ||
size_t http_pos = url.spec().find(std::string("chrome-extension://") + | ||
pdfjs_extension_id + "/http://"); | ||
size_t https_pos = url.spec().find(std::string("chrome-extension://") + | ||
pdfjs_extension_id + "/https://"); | ||
if (http_pos != std::string::npos || https_pos != std::string::npos) { | ||
return GURL(url.spec().substr(pdfjs_substring_len, | ||
url.spec().length() - pdfjs_substring_len)); | ||
} | ||
} | ||
return url; | ||
} | ||
|
||
} // namespace brave |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#ifndef BRAVE_COMMON_URL_UTIL_H_ | ||
#define BRAVE_COMMON_URL_UTIL_H_ | ||
|
||
class GURL; | ||
|
||
namespace brave { | ||
|
||
// Returns the location of the PDF if this URL is a PDFJS extension URL. | ||
// Otherwise simply just returns the same URL as passed in. | ||
GURL GetURLOrPDFURL(const GURL& url); | ||
|
||
} // namespace brave | ||
|
||
#endif // BRAVE_COMMON_URL_UTIL_H_ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "brave/common/url_util.h" | ||
#include "chrome/test/base/chrome_render_view_host_test_harness.h" | ||
#include "url/gurl.h" | ||
|
||
typedef testing::Test BraveUrlUtilTest; | ||
|
||
namespace brave { | ||
|
||
TEST_F(BraveUrlUtilTest, GetURLOrPDFURL) { | ||
std::vector<GURL> unchanged_urls({ | ||
// PDFJS URL but not to a PDF | ||
GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/test.html"), | ||
// PDFJS ID but not chrome-extension scheme | ||
GURL("chrome://oemmndcbldboiebfnladdacbdfmadadm/https://test.html"), | ||
// Not PDFJS ID but format of a PDFJS PDF URL | ||
GURL("chrome-extension://aaamndcbldboiebfnladdacbdfmadaaa/https://example.com/test.html"), | ||
// Random other URL | ||
GURL("https://example.com") | ||
}); | ||
std::for_each(unchanged_urls.begin(), unchanged_urls.end(), | ||
[this](GURL url){ | ||
EXPECT_EQ(brave::GetURLOrPDFURL(url), url); | ||
}); | ||
EXPECT_EQ(brave::GetURLOrPDFURL(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/http://example.com?test")), | ||
GURL("http://example.com?test")); | ||
EXPECT_EQ(brave::GetURLOrPDFURL(GURL("chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://example.com?test")), | ||
GURL("https://example.com?test")); | ||
} | ||
|
||
} // namespace |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is
ctx->tab_origin
used for anything security-related? if so it probably shouldn't be set to the pdfjs pseudo-origin.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no only our internal filtering, but I'll update this to scope it to only adblock+TP or just exclude TP.