Closed Bug 1912384 Opened 2 months ago Closed 1 month ago

Firefox DLP scans the pasted content multiple times in Google/OneDrive Documents

Categories

(Firefox :: Data Loss Prevention, defect)

Product:
Firefox
Component:
Data Loss Prevention
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
131 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- verified
firefox129 --- disabled
firefox130 --- wontfix
firefox131 --- verified

People

(Reporter: bhidecuti, Assigned: gstoll)

References

(Blocks 3 open bugs)

Details

(Whiteboard: [fidefe-quality-foundation?])

Attachments

(5 files)

scan is performed 2-3 times
2.45 MB, video/mp4
Details
Bug 1912384 part 1 - cache DLP results for clipboard paste for a short time r=#dlp-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1912384 part 2 - don't show dialog for cached DLP results r=#dlp-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1912384 part 1 - cache DLP results for clipboard paste for a short time
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr128+
Details | Review
Bug 1912384 part 2 - don't show dialog for cached DLP results
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr128+
Details | Review

Found in

  • 130.0b2

Affected versions

  • 131.0a1 (2024-08-08)
  • 130.0b2
  • 128.1.0esr

Preconditions

  • Download the DLP test assets from https://drive.google.com/file/d/1yjqVRuxdKV3WnO7D2wzMgDXBuYBxUgVw/view
  • Create a distribution folder inside the Firefox folder and paste the policies-1.json to it and then rename it to policies.json
  • Run the DLP agent in CMD using: .\content_analysis_sdk_agent.exe --user --toblock=.\d{3}-?\d{2}-?\d{4}. --towarn=.warn. --delays=10

Tested platforms

  • Affected platforms: Windows 10/11
  • Unaffected platforms: Ubuntu, macOS

Steps to reproduce

  1. Go to https://drive.google.com/drive/home and sign in
  2. Open up a document in an external program (for example Notepad) and type “ok text” into it and copy it (or copy any text from a random website)
  3. Go back to Google Drive and open any Google Docs/Sheets/Slides
  4. Paste the copied text from step 2
  5. Observe the behavior

Expected result

  • The pasted content is scanned only once

Actual result

  • The pasted content is scanned 2-3 times consecutively

Regression range

  • This is not a regression as this is a new feature

Additional notes

  • See the attached video
  • Also reproducing when pasting a blocked content (e.g. "123456789") ->the "Blocked" message is displayed twice (as the scan is performed twice as well)
  • Also reproducing if the sample agent is not running -> the “Warn” message is displayed 2 times when pasting the text in Google Documents (tested with policies-2.json)
  • Also reproducing for One Drive Documents (Word/PowerPoint/OneNote docs)
  • Not reproducing for the upload operation
  • Adding the [fidefe-quality-foundation?] tag, as scanning the content multiple times creates a poor user experience, especially on high-traffic platforms like Google Drive or OneDrive. Also, the issue persists both with and without the agent running.

I'll paste the call stacks for the two requests below (when pasting into a Google Doc, anyway), but it seems like the JS is getting the clipboard data twice - the DataTransferItem is different in the two call stacks. Perhaps we could remember the last DLP request and if it matches exactly, skip it and return the same result?

first request:

- >	xul.dll!nsClipboardProxy::GetData(nsITransferable * aTransferable=0x0000016f529b24c0, nsIClipboard::ClipboardType aWhichClipboard=kGlobalClipboard, mozilla::dom::WindowContext * aWindowContext=0x0000016f4def9d00) Line 89	C++
-  	xul.dll!mozilla::dom::DataTransferItem::FillInExternalData() Line 188	C++
-  	xul.dll!mozilla::dom::DataTransferItem::DataNoSecurityCheck() Line 529	C++
-  	xul.dll!mozilla::dom::DataTransferItem::Data(nsIPrincipal * aPrincipal=0x0000016f44bbf2e0, mozilla::ErrorResult & aRv={...}) Line 549	C++
-  	xul.dll!mozilla::dom::DataTransfer::GetDataAtInternal(const nsTSubstring<char16_t> & aFormat={...}, unsigned int aIndex=0x00000000, nsIPrincipal * aSubjectPrincipal=0x0000016f44bbf2e0, nsIVariant * * aData=0x0000001ba27e6268) Line 543	C++
-  	xul.dll!mozilla::dom::DataTransfer::GetData(const nsTSubstring<char16_t> & aFormat={...}, nsTSubstring<char16_t> & aData={...}, nsIPrincipal & aSubjectPrincipal={...}, mozilla::ErrorResult & aRv={...}) Line 351	C++
-  	xul.dll!mozilla::dom::DataTransfer_Binding::getData(JSContext * cx=0x0000016f44a3b200, JS::Handle<JSObject *> obj={...}, void * void_self=0x0000016f551bdaf0, const JSJitMethodCallArgs & args={...}) Line 420	C++

second request:

- >	xul.dll!nsClipboardProxy::GetData(nsITransferable * aTransferable=0x0000016f529b2640, nsIClipboard::ClipboardType aWhichClipboard=kGlobalClipboard, mozilla::dom::WindowContext * aWindowContext=0x0000016f4def9d00) Line 89	C++
-  	xul.dll!mozilla::dom::DataTransferItem::FillInExternalData() Line 188	C++
-  	xul.dll!mozilla::dom::DataTransferItem::DataNoSecurityCheck() Line 529	C++
-  	xul.dll!mozilla::dom::DataTransferItem::Data(nsIPrincipal * aPrincipal=0x0000016f44bbf2e0, mozilla::ErrorResult & aRv={...}) Line 549	C++
-  	xul.dll!mozilla::dom::DataTransfer::GetDataAtInternal(const nsTSubstring<char16_t> & aFormat={...}, unsigned int aIndex=0x00000000, nsIPrincipal * aSubjectPrincipal=0x0000016f44bbf2e0, nsIVariant * * aData=0x0000001ba27e7408) Line 543	C++
-  	xul.dll!mozilla::dom::DataTransfer::GetData(const nsTSubstring<char16_t> & aFormat={...}, nsTSubstring<char16_t> & aData={...}, nsIPrincipal & aSubjectPrincipal={...}, mozilla::ErrorResult & aRv={...}) Line 351	C++
-  	xul.dll!mozilla::dom::TextEvent::GetData(nsTSubstring<char16_t> & aData={...}, nsIPrincipal & aSubjectPrincipal={...}) Line 54	C++
-  	xul.dll!mozilla::dom::TextEvent_Binding::get_data(JSContext * cx=0x0000016f44a3b200, JS::Handle<JSObject *> obj={...}, void * void_self=0x0000016f560a8d30, JSJitGetterCallArgs args={...}) Line 64	C++

I would also note that it's possible that the agent may cache requests and so the second request might be fast. We won't know this until we try with a real agent, though.

Assignee: nobody → gstoll
Status: NEW → ASSIGNED

I dove into Google Doc's JS a bit but it's very obfuscated. The first call is to DataTransfer.getData(), which is a way to get the clipboard contents, and makes sense. The second call is to TextEvent.data, which is a property Firefox added (presumably for webcompat) in Fx 129, and this explains why this wasn't a problem when I tested with Google Docs a while ago.

I think adding a time-limited cache of just the last text request sent to the DLP agent is the best approach here. It's relatively safe and is likely to workaround issues like this as they arrive in the future.

This is a bit of a bandaid fix, but it's straightforward and
less brittle than trying to fix the various ways of getting
the clipboard contents.

I added a relatively short timeout to the cached data to
ensure we don't have to worry about DLP settings in the agent
changing or anything like that. In all the cases of double
calls I've seen, the calls come very very close to each other
in time.

Attachment #9419321 - Attachment description: Bug 1912384 - cache DLP results for clipboard paste for a short time r=#dlp-reviewers! → Bug 1912384 part 1 - cache DLP results for clipboard paste for a short time r=#dlp-reviewers!

For BLOCKED text, if we do two requests in quick succession, we will now
return a cached result for the second request. This patch avoids showing
the BLOCK dialog more than once. (also works for WARN)

Blocks: 1914026
Pushed by gstoll@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/21c0482d0f97 part 1 - cache DLP results for clipboard paste for a short time r=dlp-reviewers,handyman https://hg.mozilla.org/integration/autoland/rev/d906de157f37 part 2 - don't show dialog for cached DLP results r=dlp-reviewers,handyman

https://hg.mozilla.org/mozilla-central/rev/21c0482d0f97
https://hg.mozilla.org/mozilla-central/rev/d906de157f37

Status: ASSIGNED → RESOLVED
Closed: 1 month ago
status-firefox131: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 131 Branch

The patch landed in nightly and beta is affected.
:gstoll, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox130 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(gstoll)
status-firefox130: affectedwontfix
Flags: needinfo?(gstoll)

Verified as fixed on Firefox Nightly 131.0a1 (2024-08-26), using Windows 10/11.
Firefox DLP scans the pasted content only once in Google/OneDrive Documents when it was copied from an external app (e.g. Notepad) while the agent is running.
However, the following behavior from the notes is still reproducing:

Also reproducing if the sample agent is not running -> the “Warn” message is displayed 2 times when pasting the text in Google Documents (tested with policies-2.json)

@Greg, should we reopen this bug for the above behavior or file a new one? Thanks in advance!

Also, if pasting a text content from a random website (e.g. from Wikipedia) or from another Gdoc/OndeDrive Doc, the content is still scanned multiple times. We logged a separate ticket for this - bug 1915351.

Flags: needinfo?(gstoll)
No longer regressions: 1915350

Go ahead and file a new bug for the "warn" message being displayed twice. Thanks!

Flags: needinfo?(gstoll) → needinfo?(bhidecuti)

Thanks for the response. Logged bug 1915536 for the "warn" message being displayed twice when the agent is not running.
Based on Comment 9 I am marking this verified as fixed on Firefox 131.0a1.

status-firefox131: fixedverified
Flags: needinfo?(bhidecuti)

This is a bit of a bandaid fix, but it's straightforward and
less brittle than trying to fix the various ways of getting
the clipboard contents.

I added a relatively short timeout to the cached data to
ensure we don't have to worry about DLP settings in the agent
changing or anything like that. In all the cases of double
calls I've seen, the calls come very very close to each other
in time.

Original Revision: https://phabricator.services.mozilla.com/D219291

Attachment #9422890 - Flags: approval-mozilla-esr128?

For BLOCKED text, if we do two requests in quick succession, we will now
return a cached result for the second request. This patch avoids showing
the BLOCK dialog more than once. (also works for WARN)

Original Revision: https://phabricator.services.mozilla.com/D219496

Attachment #9422891 - Flags: approval-mozilla-esr128?

esr128 Uplift Approval Request

  • User impact if declined: DLP agent may be called more times than is necessary, which is irritating for the user
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: low
  • Explanation of risk level: only affects DLP
  • String changes made/needed: no
  • Is Android affected?: no
Attachment #9422890 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+
Attachment #9422891 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+

Verified as fixed on Firefox 128.3.0esr, build ID 20240911002735 (from Treeherder), using Windows 10/11. Firefox DLP scans the pasted content only once in Google/OneDrive Documents when it was copied from an external app (e.g. Notepad) while the agent is running.

Status: RESOLVED → VERIFIED
status-firefox-esr128: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: