Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Merge pull request #14665 from brave/fix/tor-whitelist-protocol
Browse files Browse the repository at this point in the history
Only allow whitelisted protocols to load in tor tabs
  • Loading branch information
bsclifton authored Jul 6, 2018
2 parents b70c57f + 2e345b0 commit 6a9a158
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 15 deletions.
4 changes: 2 additions & 2 deletions app/extensions/brave/locales/en-US/app.properties
Original file line number Diff line number Diff line change
Expand Up @@ -237,8 +237,8 @@ streetAddress=Street Address
submit=Submit
tabsSuggestionTitle=Tabs
topSiteSuggestionTitle=Top Site
torrentBlockedInTor=For your privacy, torrents are blocked in private tabs when Tor is enabled.
torrentWarningOk=Ok
urlBlockedInTor=For your privacy, Brave blocks this URL from loading in a private tab when Tor is enabled.
urlWarningOk=Ok
torConnectionError=Unable to connect to the Tor network
torConnectionErrorInfo=Brave could not make a connection to the Tor network. Disable Tor to continue private browsing without Tor protection.
torConnectionErrorDisable=Disable Tor
Expand Down
38 changes: 27 additions & 11 deletions app/filtering.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ const ipcMain = electron.ipcMain
const app = electron.app
const path = require('path')
const getOrigin = require('../js/lib/urlutil').getOrigin
const {isTorrentFile, isMagnetURL} = require('./browser/webtorrent')
const {isTorrentFile} = require('./browser/webtorrent')
const {adBlockResourceName} = require('./adBlock')
const {updateElectronDownloadItem} = require('./browser/electronDownloadItem')
const {fullscreenOption} = require('./common/constants/settingsEnums')
Expand Down Expand Up @@ -103,6 +103,13 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
headersReceivedFilteringFns.push(filteringFn)
}

// Protocols which are safe to load in tor tabs
const whitelistedTorProtocols = ['http:', 'https:', 'chrome-extension:', 'chrome-devtools:']
if (process.env.NODE_ENV === 'development') {
// Needed for connection to webpack local server
whitelistedTorProtocols.push('ws:')
}

/**
* Register for notifications for webRequest.onBeforeRequest for a particular
* session.
Expand All @@ -111,6 +118,20 @@ module.exports.registerHeadersReceivedFilteringCB = (filteringFn) => {
function registerForBeforeRequest (session, partition) {
const isPrivate = module.exports.isPrivate(partition)
session.webRequest.onBeforeRequest((details, muonCb) => {
if (partition === appConfig.tor.partition) {
if (!details.url) {
muonCb({ cancel: true })
return
}
// To minimize leakage risk, only allow whitelisted protocols in Tor
// sessions
const protocol = urlParse(details.url).protocol
if (!whitelistedTorProtocols.includes(protocol)) {
onBlockedInTor(details, muonCb)
return
}
}

if (process.env.NODE_ENV === 'development') {
let page = appUrlUtil.getGenDir(details.url)
if (page) {
Expand All @@ -136,11 +157,6 @@ function registerForBeforeRequest (session, partition) {
return
}

if ((isMagnetURL(details)) && partition === appConfig.tor.partition) {
showTorrentBlockedInTorWarning(details, muonCb)
return
}

const firstPartyUrl = module.exports.getMainFrameUrl(details)
// this can happen if the tab is closed and the webContents is no longer available
if (!firstPartyUrl) {
Expand Down Expand Up @@ -377,13 +393,13 @@ function registerForBeforeSendHeaders (session, partition) {
})
}

function showTorrentBlockedInTorWarning (details, muonCb) {
function onBlockedInTor (details, muonCb) {
const cb = () => muonCb({cancel: true})
if (details.tabId) {
if (details.tabId && details.resourceType === 'mainFrame') {
tabMessageBox.show(details.tabId, {
message: `${locale.translation('torrentBlockedInTor')}`,
message: `${locale.translation('urlBlockedInTor')}`,
title: 'Brave',
buttons: [locale.translation('torrentWarningOk')]
buttons: [locale.translation('urlWarningOk')]
}, cb)
} else {
cb()
Expand All @@ -404,7 +420,7 @@ function registerForHeadersReceived (session, partition) {
return
}
if ((isTorrentFile(details)) && partition === appConfig.tor.partition) {
showTorrentBlockedInTorWarning(details, muonCb)
onBlockedInTor(details, muonCb)
return
}
const firstPartyUrl = module.exports.getMainFrameUrl(details)
Expand Down
4 changes: 2 additions & 2 deletions app/locale.js
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,8 @@ var rendererIdentifiers = function () {
'downloadPaused',
'noDownloads',
'torrentDesc',
'torrentBlockedInTor',
'torrentWarningOk',
'urlBlockedInTor',
'urlWarningOk',
'multiSelectionBookmarks',
// Caption buttons in titlebar (min/max/close - Windows only)
'windowCaptionButtonMinimize',
Expand Down

0 comments on commit 6a9a158

Please sign in to comment.