Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPFS onboarding does not validate postmessage origin #21234

Closed
diracdeltas opened this issue Feb 22, 2022 · 4 comments · Fixed by brave/brave-core#12374
Closed

IPFS onboarding does not validate postmessage origin #21234

diracdeltas opened this issue Feb 22, 2022 · 4 comments · Fixed by brave/brave-core#12374
Assignees
@spylogsster
Labels
feature/web3/ipfs OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Milestone
1.37.x - Release

Comments

@diracdeltas
Copy link
Member

see details at https://github.com/brave/brave-core/security/code-scanning/44?query=ref%3Arefs%2Fheads%2Fmaster
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. feature/web3/ipfs OS/Desktop labels Feb 22, 2022
@diracdeltas
Copy link
Member Author

Also as part of this, these other issues should be addressed: https://bravesoftware.slack.com/archives/C7VLGSR55/p1645560425184459

@spylogsster spylogsster mentioned this issue Feb 23, 2022
Merged
25 tasks
@spylogsster spylogsster added this to the 1.37.x - Nightly milestone Feb 23, 2022
@stephendonner
Copy link

Quick (and important) enough change to verify on all platforms -> QA/Test-All-Platforms.

@stephendonner
Copy link

Is this code shared with Android's IPFS/gateway support, and should be checked there, too? @spylogsster @diracdeltas

@stephendonner
Copy link

stephendonner commented Mar 9, 2022
edited by btlechowski
Loading

Verified PASSED using

Brave 1.37.84 Chromium: 99.0.4844.51 (Official Build) beta (x86_64)
Revision d537ec02474b5afe23684e7963d538896c63ac77-refs/branch-heads/4844@{#875}
OS macOS Version 11.6.3 (Build 20G415)

Steps:

Case 1: Use a Brave local IPFS node

  1. install 1.37.84
  2. launch Brave
  3. load ipns://ipfs.io
  4. click on Use a Brave local IPFS node
  5. wait for installation
example example
Screen Shot 2022-03-08 at 9 17 31 PM Screen Shot 2022-03-08 at 9 17 46 PM

Confirmed it loaded ipns://ipfs.io

Case 2: Use a public gateway

  1. install 1.37.84
  2. launch Brave
  3. load ipns://ipfs.io
  4. click on Use a public gateway

Confirm it loaded https://ipfs-io.ipns.dweb.link/ via public gateway

example example
Screen Shot 2022-03-08 at 9 17 31 PM Screen Shot 2022-03-08 at 9 20 54 PM

Verified PASSED using

Brave 1.37.84 Chromium: 99.0.4844.51 (Official Build) beta (64-bit)
Revision d537ec02474b5afe23684e7963d538896c63ac77-refs/branch-heads/4844@{#875}
OS Windows 10 Version 21H2 (Build 19044.1566)

Steps:

Case 1: Use a Brave local IPFS node

  1. install 1.37.84
  2. launch Brave
  3. load ipns://ipfs.io
  4. click on Use a Brave local IPFS node
  5. wait for installation
example example
21234-1 21234-2

Confirmed it loaded ipns://ipfs.io

Case 2: Use a public gateway

  1. install 1.37.84
  2. launch Brave
  3. load ipns://ipfs.io
  4. click on Use a public gateway

Confirm it loaded https://ipfs-io.ipns.dweb.link/ via public gateway

example example
21234-23png 21234-4png

Verification passed on

Brave 1.37.101 Chromium: 99.0.4844.83 (Official Build) beta (64-bit)
Revision b11086e62d7c1a44b0942ac5568d22a425c7ae35-refs/branch-heads/4844_74@{#5}
OS Ubuntu 20 LTS

Verified the above test plan

Case 1: Use a Brave local IPFS node
image
image

Case 2: Use a public gateway
image
image

@kjozwiak kjozwiak mentioned this issue Mar 30, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spylogsster spylogsster

Labels
feature/web3/ipfs OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Projects
None yet
Milestone
1.37.x - Release
Development

Successfully merging a pull request may close this issue.

Validate payload for ipfs onboarding page messages brave/brave-core
4 participants
@stephendonner @diracdeltas @spylogsster @btlechowski