Switch to headless mode, implement dynamic list selection #26
Conversation
mschfh
force-pushed
the
mschfh-dynamic-lists
branch
from
7c46acc to
45ed478
Compare
mschfh
force-pushed
the
mschfh-dynamic-lists
branch
from
d7e2a7b to
4ba9963
Compare
mschfh
changed the title
mschfh
force-pushed
the
mschfh-dynamic-lists
branch
from
4ba9963 to
9d252e7
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| // check if valid component id and not in keeplist | ||
| if (isValidChromeComponentId({ id: fileName }) && !isKeeplistedComponentId({ id: fileName, additionalComponentList: adblockComponents })) { | ||
| console.log('patching component: ', fileName) | ||
| const extensionDir = path.join(tmpProfile, fileName) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| console.log('patching component: ', fileName) | ||
| const extensionDir = path.join(tmpProfile, fileName) | ||
| const versionDir = getExtensionVersion(extensionDir) | ||
| const srcManifest = path.join(extensionDir, versionDir, 'manifest.json') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| const extensionDir = path.join(tmpProfile, fileName) | ||
| const versionDir = getExtensionVersion(extensionDir) | ||
| const srcManifest = path.join(extensionDir, versionDir, 'manifest.json') | ||
| const destPath = path.join(templateProfile, fileName, '999.999') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| mkdirSync(destPath, { recursive: true }) | ||
| if (fileName === 'gkboaolpopklhgplhaaiboijnklogmbc') { | ||
| // copy List Catalog files after modifying version | ||
| cpSync(path.join(extensionDir, versionDir), destPath, { recursive: true }) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| cpSync(path.join(extensionDir, versionDir), destPath, { recursive: true }) | ||
| } else { | ||
| // only copy the manifest for all other components | ||
| cpSync(srcManifest, path.join(destPath, 'manifest.json')) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| } | ||
|
|
||
| export const parseListCatalogComponentIds = ({ profileDir }) => { | ||
| const extensionDir = path.join(profileDir, 'gkboaolpopklhgplhaaiboijnklogmbc') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| const extensionDir = path.join(profileDir, 'gkboaolpopklhgplhaaiboijnklogmbc') | ||
| const versionDir = getExtensionVersion(extensionDir) | ||
| // gkboaolpopklhgplhaaiboijnklogmbc/1.0.60/list_catalog.json | ||
| const data = readFileSync(path.join(extensionDir, versionDir, 'list_catalog.json'), 'utf8') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| } | ||
|
|
||
| export const getAdblockUuids = ({ profileDir }) => { | ||
| const extensionDir = path.join(profileDir, 'gkboaolpopklhgplhaaiboijnklogmbc') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| const extensionDir = path.join(profileDir, 'gkboaolpopklhgplhaaiboijnklogmbc') | ||
| const versionDir = getExtensionVersion(extensionDir) | ||
| // gkboaolpopklhgplhaaiboijnklogmbc/1.0.60/list_catalog.json | ||
| const data = readFileSync(path.join(extensionDir, versionDir, 'list_catalog.json'), 'utf8') |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.
Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
Cc @thypon @bcaller
| listCatalog.forEach(item => { | ||
| if (item.uuid in adblockLists) { | ||
| item.default_enabled = Boolean(adblockLists[item.uuid]) | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] This allows item.uuid to be __proto__ or toString. To prevent prototype access use Object.prototype.hasOwnProperty.call(adblockLists, item.uuid) or use a Map.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/not-using-hasownproperty-proto-access.yaml
Cc @thypon @bcaller
There was a problem hiding this comment.
koa bodyparser uses co-body, which throws an error by default if a object contains __proto__:
onProtoPoisoning Defines what action the co-body lib must take when parsing a JSON object with __proto__. This functionality is provided by [bourne](https://github.com/hapijs/bourne). See [Prototype-Poisoning](https://fastify.dev/docs/latest/Guides/Prototype-Poisoning/) for more details about prototype poisoning attacks. Possible values are 'error', 'remove' and 'ignore'. Default to 'error', it will throw a SyntaxError when Prototype-Poisoning happen.
| const buttons = await page.$$('.button-check-update') | ||
| for (const button of buttons) { | ||
| const buttonId = await page.evaluate(el => el.getAttribute('id'), button) | ||
| if (buttonId) { | ||
| console.log('Updating component:', buttonId) | ||
| await button.click() | ||
| await setTimeout(50) // Wait for 50ms between clicks | ||
| } | ||
| } |
There was a problem hiding this comment.
there is a Update lists button in brave://settings/shields/filters` which will do the same with 1 click, btw.
|
also, how is |
yes, the content is extracted from |
Resolves https://github.com/brave/devops/issues/12120