-
Notifications
You must be signed in to change notification settings - Fork 895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
STP #403
Conversation
@@ -30,6 +38,31 @@ void BraveResourceDispatcherHostDelegate::AppendStandardResourceThrottles( | |||
content::ResourceContext* resource_context, | |||
ResourceType resource_type, | |||
std::vector<std::unique_ptr<content::ResourceThrottle>>* throttles) { | |||
|
|||
CHECK(g_brave_browser_process->tracking_protection_service()->IsInitialized()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wy are we doing this in AppendStandardResourceThrottles? This code isn't doing anything with resource throttles
@@ -54,6 +54,14 @@ void TrackingProtectionService::Cleanup() { | |||
tracking_protection_client_.reset(); | |||
} | |||
|
|||
std::vector<std::string> TrackingProtectionService::addFirstPartyTrackers() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Method names should be capitalized
These two methods don't really make sense to me. Why do we have add/remove instead of just providing a list?
HostContentSettingsMap* contentSettingsMap = io_data->GetHostContentSettingsMap(); | ||
|
||
if (!g_brave_browser_process->tracking_protection_service()->addFirstPartyTrackers().empty()) { | ||
for(std::string tracker : g_brave_browser_process->tracking_protection_service()->addFirstPartyTrackers()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think these should go into user content settings. That will potentially change or wipe out user specified settings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these need to come from a separate content settings provider as we discussed in slack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see comments
89a7aa4
to
05198eb
Compare
CHECK(g_brave_browser_process->tracking_protection_service()->IsInitialized()); | ||
|
||
bool allow_brave_shields = brave_shields::IsAllowContentSetting( | ||
host_content_settings_map_, top_origin_url, top_origin_url, CONTENT_SETTINGS_TYPE_PLUGINS, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't this use the primary and secondary url for the check?
return ChromeRenderMessageFilter::OnMessageReceived(message); | ||
} | ||
|
||
bool BraveRenderMessageFilter::ShouldStoreState(const GURL& origin_url, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are there two separate checks? ShouldStoreState in BraveRenderMessageFilter and then ShouldStoreState in TrackingProtectionService? I think TrackingProtectionService should encapsulate the whole check
service_manager::mojom::ServiceRequest* service_request) { | ||
int id = host->GetID(); | ||
Profile* profile = Profile::FromBrowserContext(host->GetBrowserContext()); | ||
- host->AddFilter(new ChromeRenderMessageFilter(id, profile)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
patching is not necessary for this, you can do a chromium src redefine
bool* allowed) { | ||
*allowed = ShouldStoreState(origin_url, top_origin_url); | ||
|
||
BrowserThread::PostTask( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should call the superclass method here and just pass it a different bool if we don't care about the result. We don't want to have to keep this in sync with upstream changes
0bd9e45
to
69e39e8
Compare
const GURL& origin_url) { | ||
|
||
if (!first_party_storage_trackers_initailized_) { | ||
LOG(INFO) << "First party storage trackers not initialized"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
INFO
till the PR in tracking-protection
repo is merged.
f974c1b
to
f06f1c4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't enumerate all the lints that requires <=80 chars, too many of them.
Also see other comments
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
945732d
to
35e3501
Compare
base::PostTaskWithTraits( | ||
FROM_HERE, {BrowserThread::IO}, | ||
base::Bind(&TrackingProtectionHelper::SetStartingSiteForRenderFrame, | ||
base::Unretained(this), handle->GetURL(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unretained
is not allowed here, you want weak pointers
} | ||
} | ||
|
||
void TrackingProtectionHelper::DeleteRenderFrameKey(int render_process_id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This and other IO functions now can be free functions, not methods.
9499fae
to
c46cf91
Compare
@jumde does this need an official security review? I didn't see one. I know @diracdeltas and likely others are aware of the change, but wanted to see if we could capture something formally |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ran through test plan - works great! Verified it builds + all tests pass (updated PR template). Let comment about security review - let's create one if needed (even if it's just a formality). Great work 😄
2b1efd2
to
b65057d
Compare
1. Parse the FirstPartyTracker list provided by the `tracking-protection` extension. 2. On any request to Store data (Cookies, localStorage, sessionStorage, WebSQL, indexedDB) 1. Check if the Shield Settings and tracker blocking is allowed for the site that initiated the redirects 2. Check if the site is in the Storage trackers list. 3. Deny if the URL is found in the tracker list. This feature is currently gated behind a BUILD flag and a runtime flag. The flags are disabled by default auditors: @bridiver, @iefremov
char* thirdPartyHosts = | ||
tracking_protection_client_->findFirstPartyHosts(base_host.c_str()); | ||
std::string thirdPartyHosts = | ||
tracking_protection_client_->findFirstPartyHosts(base_host.c_str()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is returning char*
that was allocated on heap... it gets leaked, because it's never cleaned up. Delete should still be called
A work-around for this (if you wanted to use std::string
) could be:
char* thirdPartyHosts =
tracking_protection_client_->findFirstPartyHosts(base_host.c_str());
std::string thirdPartyHostsStr = std::string(thirdPartyHosts);
delete []thirdPartyHosts;
// use thirdPartyHostsStr now instead
fix brave/brave-browser#803
fix brave/brave-browser#3025
related brave/brave-browser#3888
Description
Smart Tracking Protection aims to block trackers that use storage in the first party context to track users (see: https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ - First Party Bounce Trackers).
How it works:
For more info refer to:
Spec - https://docs.google.com/document/d/1jolVinFcN4sl0z1zdIHyGdV594Yz6RY4zssnm_VJOYg/edit#
Slide deck -
https://docs.google.com/presentation/d/1eykguzVpzAUSUWibabXEwUYsxES44eN61phTQ0fsgL8/edit#slide=id.p
Please feel free to DM/email me if you have any additional questions
Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests && npm run test-security
) ongit rebase -i
to squash commits (if needed).Test Plan:
Navigate to Brave's data directory and create a file:
StorageTrackingProtection.dat
inafalakplffnnnlkncjhbmahjfjhmlkal/1.0.9/1
Test Domains
Repro Steps
For Devs - Enable STP runtime and buildflags
brave_browser/lib/config.js
add an argbrave_stp_enabled: true
brave_browser/package.json
add--enable-smart-tracking-protection
to thestart
script to enable stpPR to add runtime switch to brave-browser: brave/brave-browser#3026
Feature test:
http://browsertesting.freevar.com/redirect_stp.html
http://browsertesting.orgfree.com/
.Developer Tools > Application
. Verify none of the storage entries (localStorage, sessionStorage, IndexedDB, WebSQL, Cookies) are populatedhttp://browsertesting.ueuo.com
Developer Tools > Application
. All of the storage entries should be populated.http://browsertesting.freevar.com/
. DisableAds and Trackers blocked
in shieldshttp://browsertesting.freevar.com/redirect_stp.php
. Storage entries should be available fororgfree.com
Reviewer Checklist: