From 4504d62755afd7eaffe9eccc6236a2ee066708c3 Mon Sep 17 00:00:00 2001 From: Pranjal Jumde Date: Fri, 6 Sep 2019 10:54:55 -0700 Subject: [PATCH 1/3] Fix 5891: Update fingerprinting exception for sandbox.uphold.com --- common/shield_exceptions.cc | 2 +- common/shield_exceptions_unittest.cc | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/common/shield_exceptions.cc b/common/shield_exceptions.cc index 596242292de2..a5dd3f2d8e19 100644 --- a/common/shield_exceptions.cc +++ b/common/shield_exceptions.cc @@ -49,7 +49,7 @@ bool IsWhitelistedFingerprintingException(const GURL& firstPartyOrigin, { GURL("https://sandbox.uphold.com/"), std::vector({URLPattern(URLPattern::SCHEME_ALL, - "https://netverify.com/*")}) + "https://*.netverify.com/*")}) } }; std::map >::iterator i = diff --git a/common/shield_exceptions_unittest.cc b/common/shield_exceptions_unittest.cc index e280dbca28de..b0f442f40b76 100644 --- a/common/shield_exceptions_unittest.cc +++ b/common/shield_exceptions_unittest.cc @@ -39,13 +39,16 @@ TEST_F(BraveShieldsExceptionsTest, IsWhitelistedFingerprintingException) { // Tests for sandbox URLs EXPECT_TRUE(IsWhitelistedFingerprintingException( GURL("https://sandbox.uphold.com"), - GURL("https://netverify.com/iframe"))); + GURL("https://sandbox-uphold.netverify.com/iframe"))); + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://sandbox.uphold.com/"), + GURL("https://random-subdomain.netverify.com"))); EXPECT_TRUE(IsWhitelistedFingerprintingException( GURL("https://sandbox.uphold.com/"), - GURL("https://netverify.com"))); + GURL("https://uphold.netverify.com"))); EXPECT_FALSE(IsWhitelistedFingerprintingException( GURL("http://sandbox.uphold.com/"), - GURL("https://uphold.netverify.com/"))); + GURL("https://netverify.com/"))); EXPECT_FALSE(IsWhitelistedFingerprintingException( GURL("https://sandbox.uphold.com/"), GURL("http://netverify.com/"))); @@ -53,10 +56,10 @@ TEST_F(BraveShieldsExceptionsTest, IsWhitelistedFingerprintingException) { GURL("https://netverify.com/iframe"), GURL("https://sandbox.uphold.com/"))); EXPECT_FALSE(IsWhitelistedFingerprintingException( - GURL("https://sandbox.uphold.com/"), - GURL("https://uphold.netverify.com/iframe"))); + GURL("https://random-subdomain.uphold.com/"), + GURL("https://netverify.com/iframe"))); EXPECT_FALSE(IsWhitelistedFingerprintingException( - GURL("https://www.sandbox.uphold.com/"), + GURL("http://www.sandbox.uphold.com/"), GURL("https://netverify.com/iframe"))); } From 642e8286f09222d112c5f5e03a3e5dd4ae8d6299 Mon Sep 17 00:00:00 2001 From: Pranjal Jumde Date: Tue, 17 Sep 2019 20:53:22 -0700 Subject: [PATCH 2/3] Issue 6007: Add temporary fingerprinting exception for 1password.com --- common/shield_exceptions.cc | 28 ++++++++++++++++------------ common/shield_exceptions_unittest.cc | 25 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 12 deletions(-) diff --git a/common/shield_exceptions.cc b/common/shield_exceptions.cc index a5dd3f2d8e19..7463f8848686 100644 --- a/common/shield_exceptions.cc +++ b/common/shield_exceptions.cc @@ -40,28 +40,32 @@ bool IsBlockedResource(const GURL& gurl) { bool IsWhitelistedFingerprintingException(const GURL& firstPartyOrigin, const GURL& subresourceUrl) { - static std::map > whitelist_patterns = { + static std::map > whitelist_patterns = { { - GURL("https://uphold.com/"), + URLPattern(URLPattern::SCHEME_ALL, "https://uphold.com/"), std::vector({URLPattern(URLPattern::SCHEME_ALL, "https://uphold.netverify.com/*")}) }, { - GURL("https://sandbox.uphold.com/"), + URLPattern(URLPattern::SCHEME_ALL, "https://sandbox.uphold.com/"), std::vector({URLPattern(URLPattern::SCHEME_ALL, "https://*.netverify.com/*")}) + }, + { + URLPattern(URLPattern::SCHEME_ALL, "https://*.1password.com/*"), + std::vector({URLPattern(URLPattern::SCHEME_ALL, + "https://map.1passwordservices.com/*")}) } }; - std::map >::iterator i = - whitelist_patterns.find(firstPartyOrigin); - if (i == whitelist_patterns.end()) { - return false; + for (const auto whitelist : whitelist_patterns) { + if (whitelist.first.MatchesURL(firstPartyOrigin)) { + return std::any_of(whitelist.second.begin(), whitelist.second.end(), + [&subresourceUrl](const URLPattern& pattern) { + return pattern.MatchesURL(subresourceUrl); + }); + } } - std::vector &exceptions = i->second; - return std::any_of(exceptions.begin(), exceptions.end(), - [&subresourceUrl](const URLPattern& pattern) { - return pattern.MatchesURL(subresourceUrl); - }); + return false; } } // namespace brave diff --git a/common/shield_exceptions_unittest.cc b/common/shield_exceptions_unittest.cc index b0f442f40b76..01f42d86d202 100644 --- a/common/shield_exceptions_unittest.cc +++ b/common/shield_exceptions_unittest.cc @@ -61,6 +61,31 @@ TEST_F(BraveShieldsExceptionsTest, IsWhitelistedFingerprintingException) { EXPECT_FALSE(IsWhitelistedFingerprintingException( GURL("http://www.sandbox.uphold.com/"), GURL("https://netverify.com/iframe"))); + + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://brave.1password.com"), + GURL("https://map.1passwordservices.com/iframe"))); + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://brave.1password.com/randompath"), + GURL("https://map.1passwordservices.com/"))); + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://1password.com/"), + GURL("https://map.1passwordservices.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://11password.com/"), + GURL("http://map.1passwordservices.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://map.1passwordservices.com/"), + GURL("https://map.1passwordservices.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("http://brave.1password.com/"), + GURL("https://map.1passwordservices.com/iframe"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://1password.1passwordservices.com/"), + GURL("https://map.1passwordservices.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://brave.1password.com/"), + GURL("https://randompath.1passwordservices.com/"))); } } // namespace From b5f4f32467bb7ccff06a84535e27d0fee8bce870 Mon Sep 17 00:00:00 2001 From: Pranjal Jumde Date: Mon, 18 Nov 2019 12:49:02 -0800 Subject: [PATCH 3/3] Fix 6983: Add fingerprinting exception for veriff.me on uphold --- common/shield_exceptions.cc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/common/shield_exceptions.cc b/common/shield_exceptions.cc index 7463f8848686..339dadc896bf 100644 --- a/common/shield_exceptions.cc +++ b/common/shield_exceptions.cc @@ -43,13 +43,17 @@ bool IsWhitelistedFingerprintingException(const GURL& firstPartyOrigin, static std::map > whitelist_patterns = { { URLPattern(URLPattern::SCHEME_ALL, "https://uphold.com/"), - std::vector({URLPattern(URLPattern::SCHEME_ALL, - "https://uphold.netverify.com/*")}) + std::vector({ + URLPattern(URLPattern::SCHEME_ALL, "https://uphold.netverify.com/*"), + URLPattern(URLPattern::SCHEME_ALL, "https://*.veriff.me/*"), + }) }, { URLPattern(URLPattern::SCHEME_ALL, "https://sandbox.uphold.com/"), - std::vector({URLPattern(URLPattern::SCHEME_ALL, - "https://*.netverify.com/*")}) + std::vector({ + URLPattern(URLPattern::SCHEME_ALL, "https://*.netverify.com/*"), + URLPattern(URLPattern::SCHEME_ALL, "https://*.veriff.me/*"), + }) }, { URLPattern(URLPattern::SCHEME_ALL, "https://*.1password.com/*"),