Closed
Bug 1435923
Opened 6 years ago
Closed 5 years ago
The logging of remote lookup protocol buffer is truncate
Categories
(Toolkit :: Safe Browsing, enhancement, P3)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
FIXED
mozilla66
| Tracking | Status | |
|---|---|---|
| firefox66 | --- | fixed |
People
(Reporter: francois, Assigned: dimi)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
It looks like we don't submit the redirection URLs when we perform a application reputation lookup against the Google service: Starting application reputation check [query=0x7fbfa42a80e0] Created pending lookup [this = 0x7fbfa5c185e0] PendingLookup::GetStrippedSpec(): URL stripped to 'http://localhost/francois/1434741/content.exe' [this = 0x7fbfa5c185e0] ApplicationReputation: Got 1 redirects PendingLookup::GetStrippedSpec(): URL stripped to 'http://localhost/download' [this = 0x7fbfa5c185e0] ApplicationReputation: Appending redirect http://localhost/download ... Suggested filename: content.exe [this = 0x7fbfa5c185e0] Sending remote query for application reputation [this = 0x7fbfa5c185e0] PendingLookup::GetStrippedSpec(): URL stripped to 'http://localhost/francois/1434741/content.exe' [this = 0x7fbfa5c185e0] Suggested filename: content.exe [this = 0x7fbfa5c185e0] Got unsigned binary for remote application reputation check [this = 0x7fbfa5c185e0] Serialized protocol buffer [this = 0x7fbfa5c185e0]: (length=192) -http://localhost/francois/1434741/content.exe" �p��J����)]��j�N������WQ~�"1 -http://localhost/francois/1434741/content.exe Destroying pending DB lookup [this = 0x7fbfa42cc8c0] Application Reputation verdict is 1, obtained in 242.345798 ms [this = 0x7fbfa5c185e0] Application Reputation check failed, blocking bad binary [this = 0x7fbfa5c185e0] I would have expected the serialized protobuf to contain "http://localhost/download". Note: this test case is a simple redirect from http://localhost/download to http://localhost/francois/1434741/content.exe.
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → dlee
Status: NEW → ASSIGNED
Priority: P3 → P2
|
|
Assignee | |
Comment 1•6 years ago
|
||
The redirect URLs are not shown in the console because the protocol buffer contains '\x00'. Print with serialized.c_str()[1] will be cut. I have verified the protocol buffer contains the information we set. I have also written a patch to verify the remote lookup protocol buffer stuff, but I will submit the patch in Bug 1190020 because it will also verify the sha256 hash. [1] https://searchfox.org/mozilla-central/rev/eef79962ba73f7759fd74da658f6e5ceae0fc730/toolkit/components/reputationservice/ApplicationReputation.cpp#1499
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
|
Reporter | |
Comment 2•6 years ago
|
||
Ah, we should probably fix the logging code then. This is bound to confuse someone else in the future :)
|
|
Assignee | |
Comment 3•6 years ago
|
||
(In reply to François Marier [:francois] from comment #2) > Ah, we should probably fix the logging code then. This is bound to confuse > someone else in the future :) Agree!
Status: RESOLVED → REOPENED
Priority: P2 → P3
Resolution: INVALID → ---
Summary: Redirect chain is not included in remote application reputation lookups → The logging of remote lookup protocol buffer is truncate
|
|
Assignee | |
Comment 4•5 years ago
|
||
Fix the truncate issue when output the protocol buffer
Pushed by dlee@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ff26ee3e478c Fix truncated logging of remote lookup protocol buffer. r=gcp
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 6 years ago → 5 years ago
status-firefox66:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in
before you can comment on or make changes to this bug.
Description
•