STP #403
STP #403
Conversation
jumde
changed the title
| @@ -30,6 +38,31 @@ void BraveResourceDispatcherHostDelegate::AppendStandardResourceThrottles( | |||
| content::ResourceContext* resource_context, | |||
| ResourceType resource_type, | |||
| std::vector<std::unique_ptr<content::ResourceThrottle>>* throttles) { | |||
|
|
|||
| CHECK(g_brave_browser_process->tracking_protection_service()->IsInitialized()); | |||
There was a problem hiding this comment.
wy are we doing this in AppendStandardResourceThrottles? This code isn't doing anything with resource throttles
| @@ -54,6 +54,14 @@ void TrackingProtectionService::Cleanup() { | |||
| tracking_protection_client_.reset(); | |||
| } | |||
|
|
|||
| std::vector<std::string> TrackingProtectionService::addFirstPartyTrackers() { | |||
There was a problem hiding this comment.
Method names should be capitalized
These two methods don't really make sense to me. Why do we have add/remove instead of just providing a list?
| HostContentSettingsMap* contentSettingsMap = io_data->GetHostContentSettingsMap(); | ||
|
|
||
| if (!g_brave_browser_process->tracking_protection_service()->addFirstPartyTrackers().empty()) { | ||
| for(std::string tracker : g_brave_browser_process->tracking_protection_service()->addFirstPartyTrackers()) { |
There was a problem hiding this comment.
I don't think these should go into user content settings. That will potentially change or wipe out user specified settings
There was a problem hiding this comment.
these need to come from a separate content settings provider as we discussed in slack
jumde
force-pushed
the
stp
branch
5 times, most recently
from
89a7aa4
to
05198eb
Compare
| CHECK(g_brave_browser_process->tracking_protection_service()->IsInitialized()); | ||
|
|
||
| bool allow_brave_shields = brave_shields::IsAllowContentSetting( | ||
| host_content_settings_map_, top_origin_url, top_origin_url, CONTENT_SETTINGS_TYPE_PLUGINS, |
There was a problem hiding this comment.
shouldn't this use the primary and secondary url for the check?
| return ChromeRenderMessageFilter::OnMessageReceived(message); | ||
| } | ||
|
|
||
| bool BraveRenderMessageFilter::ShouldStoreState(const GURL& origin_url, |
There was a problem hiding this comment.
why are there two separate checks? ShouldStoreState in BraveRenderMessageFilter and then ShouldStoreState in TrackingProtectionService? I think TrackingProtectionService should encapsulate the whole check
| service_manager::mojom::ServiceRequest* service_request) { | ||
| int id = host->GetID(); | ||
| Profile* profile = Profile::FromBrowserContext(host->GetBrowserContext()); | ||
| - host->AddFilter(new ChromeRenderMessageFilter(id, profile)); |
There was a problem hiding this comment.
patching is not necessary for this, you can do a chromium src redefine
| bool* allowed) { | ||
| *allowed = ShouldStoreState(origin_url, top_origin_url); | ||
|
|
||
| BrowserThread::PostTask( |
There was a problem hiding this comment.
we should call the superclass method here and just pass it a different bool if we don't care about the result. We don't want to have to keep this in sync with upstream changes
jumde
force-pushed
the
stp
branch
2 times, most recently
from
0bd9e45
to
69e39e8
Compare
| const GURL& origin_url) { | ||
|
|
||
| if (!first_party_storage_trackers_initailized_) { | ||
| LOG(INFO) << "First party storage trackers not initialized"; |
There was a problem hiding this comment.
INFO till the PR in tracking-protection repo is merged.
jumde
force-pushed
the
stp
branch
2 times, most recently
from
f974c1b
to
f06f1c4
Compare
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
components/brave_shields/browser/tracking_protection_service.cc
Outdated
Show resolved
Hide resolved
jumde
force-pushed
the
stp
branch
4 times, most recently
from
945732d
to
35e3501
Compare
| base::PostTaskWithTraits( | ||
| FROM_HERE, {BrowserThread::IO}, | ||
| base::Bind(&TrackingProtectionHelper::SetStartingSiteForRenderFrame, | ||
| base::Unretained(this), handle->GetURL(), |
There was a problem hiding this comment.
Unretained is not allowed here, you want weak pointers
| } | ||
| } | ||
|
|
||
| void TrackingProtectionHelper::DeleteRenderFrameKey(int render_process_id, |
There was a problem hiding this comment.
This and other IO functions now can be free functions, not methods.
jumde
force-pushed
the
stp
branch
4 times, most recently
from
9499fae
to
c46cf91
Compare
|
@jumde does this need an official security review? I didn't see one. I know @diracdeltas and likely others are aware of the change, but wanted to see if we could capture something formally |
jumde
force-pushed
the
stp
branch
2 times, most recently
from
2b1efd2
to
b65057d
Compare
1. Parse the FirstPartyTracker list provided by the `tracking-protection` extension. 2. On any request to Store data (Cookies, localStorage, sessionStorage, WebSQL, indexedDB) 1. Check if the Shield Settings and tracker blocking is allowed for the site that initiated the redirects 2. Check if the site is in the Storage trackers list. 3. Deny if the URL is found in the tracker list. This feature is currently gated behind a BUILD flag and a runtime flag. The flags are disabled by default auditors: @bridiver, @iefremov
| char* thirdPartyHosts = | ||
| tracking_protection_client_->findFirstPartyHosts(base_host.c_str()); | ||
| std::string thirdPartyHosts = | ||
| tracking_protection_client_->findFirstPartyHosts(base_host.c_str()); |
There was a problem hiding this comment.
this is returning char* that was allocated on heap... it gets leaked, because it's never cleaned up. Delete should still be called
A work-around for this (if you wanted to use std::string) could be:
char* thirdPartyHosts =
tracking_protection_client_->findFirstPartyHosts(base_host.c_str());
std::string thirdPartyHostsStr = std::string(thirdPartyHosts);
delete []thirdPartyHosts;
// use thirdPartyHostsStr now instead
fix brave/brave-browser#803
fix brave/brave-browser#3025
related brave/brave-browser#3888
Description
Smart Tracking Protection aims to block trackers that use storage in the first party context to track users (see: https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ - First Party Bounce Trackers).
How it works:
For more info refer to:
Spec - https://docs.google.com/document/d/1jolVinFcN4sl0z1zdIHyGdV594Yz6RY4zssnm_VJOYg/edit#
Slide deck -
https://docs.google.com/presentation/d/1eykguzVpzAUSUWibabXEwUYsxES44eN61phTQ0fsgL8/edit#slide=id.p
Please feel free to DM/email me if you have any additional questions
Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests && npm run test-security) ongit rebase -ito squash commits (if needed).Test Plan:
Navigate to Brave's data directory and create a file:
StorageTrackingProtection.datinafalakplffnnnlkncjhbmahjfjhmlkal/1.0.9/1Test Domains
Repro Steps
For Devs - Enable STP runtime and buildflags
brave_browser/lib/config.jsadd an argbrave_stp_enabled: truebrave_browser/package.jsonadd--enable-smart-tracking-protectionto thestartscript to enable stpPR to add runtime switch to brave-browser: brave/brave-browser#3026
Feature test:
http://browsertesting.freevar.com/redirect_stp.htmlhttp://browsertesting.orgfree.com/.Developer Tools > Application. Verify none of the storage entries (localStorage, sessionStorage, IndexedDB, WebSQL, Cookies) are populatedhttp://browsertesting.ueuo.comDeveloper Tools > Application. All of the storage entries should be populated.http://browsertesting.freevar.com/. DisableAds and Trackers blockedin shieldshttp://browsertesting.freevar.com/redirect_stp.php. Storage entries should be available fororgfree.comReviewer Checklist: