Closed Bug 1927751 Opened 19 days ago Closed 19 days ago

Increased scanning time with warning dialog displayed after pasting a random string from a certain GDOC to another GDOC or another webpage

Categories

(Firefox :: Data Loss Prevention, defect)

Product:
Firefox
Component:
Data Loss Prevention
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- disabled
firefox132 --- unaffected
firefox133 --- disabled
firefox134 --- affected

People

(Reporter: atrif, Unassigned)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

1029.mp4
4.86 MB, video/mp4
Details
Attached video 1029.mp4

Found in

  • 134.0a1 (2024-10-29)

Affected versions

  • 134.0a1 (2024-10-29)

Tested platforms

  • Affected platforms: Windows 11, Windows 10
  • Unaffected platforms: macOS 12, Ubuntu

Preconditions

  • Download the DLP test assets from https://drive.google.com/file/d/1yjqVRuxdKV3WnO7D2wzMgDXBuYBxUgVw/view
  • Create a distribution folder inside the Firefox folder and paste the policies-1.json to it and then rename it to policies.json
  • run the DLP agent in CMD using: .\content_analysis_sdk_agent.exe --user --toblock=.\d{3}-\d{2}-\d{4}. --towarn=.warn. --delays=10 (Note: we are using the DLP agent command without the ?? symbols for the blocked content as instructed in bug 1915352#c1)

Steps to reproduce

  1. Open https://docs.google.com/document/d/13OVyqaJ2GlbNpkxAssF_mLI7vyb6o8TeDqucs6WcnDw/edit?tab=t.0.
  2. Copy and paste the Sample text string to another gdoc or Wikipedia page.
  3. Observe the behaviors.

Expected result

  • Scanning is performed and the string is pasted.

Actual result

  • Long scanning time
  • The warning dialog is displayed even if the string does not contain *warn (this happens for any string)
  • [intermittent] Sometimes after clicking the use content/ cancel buttons on the warning dialog the content is scanned again

Regression range

  • The waiting time issue can be reproduced with 128esr as well so this is not a regression. The difference is that after clicking Use content after bug 1915351 is implemented there will be only one more scanning. Before bug 1915351 the scanning will happen more times, even the warning dialog will appear 2 times. I will set bug 1915351 as dependent since this fixes things a little.

Additional notes

  • Attached a screen recording.
  • Since this does not happen with every pasted gdoc data we will not treat this issue as high impact unless we find if this may be reproduced more often.
  • We are using the DLP Agent command (.\content_analysis_sdk_agent.exe --user --toblock=.\d{3}-?\d{2}-?\d{4}. --towarn=.warn. --delays=10) with ?? symbols will also result in another 3 blocked dialogs displayed and block pasting the string.
  • This is not string dependent. The issue reproduces with any string that has a gray color.
  • This also happens when pasting to Wikipedia.

OK, there are a few things going on here:

  • When copying from Google Docs it puts a bunch of custom data on the clipboard (that's the big string you can see in the agent's console window around 0:40 in the attached screen recording), and some part of that has the string "warn" in it which is why we get the warning dialog. For testing purposes I've started to use --towarn=.awarnb. instead of --towarn=.warn. and that seems to avoid the warn dialog always being triggered. (the fact that the warn dialog shows up is a similar issue to bug 1927796 - maybe we should file a separate bug for that if we can reproduce it with normal warning text?)
  • The fact that the agent is so slow is because it's trying to match the regular expression for --toblock against a giant string. This is just a limitation of the demo agent. If you change that argument to something like --toblock=mysecret I think the problem will go away.

For this reasons, I'm going to mark this as invalid.

(thanks for attaching the screen recording, that made it much easier to see what was going on!)

Status: NEW → RESOLVED
Closed: 19 days ago
Resolution: --- → INVALID

Thank you for the explanation, Greg! It seems that we can reproduce the multiple warning dialogs for which we filled bug 1927992.
So it will be ok to use the --towarn=.awarnb. and --toblock=mysecret commands for the agent especially when testing Google Docs to avoid showing the warning/ blocked dialogs on allowed strings and avoid increased scanning times?
The final command will be:.\content_analysis_sdk_agent.exe --user --toblock=.*mysecret* --towarn=.*awarnb.* --delays=3. Will this be ok? Thank you!

Flags: needinfo?(gstoll)

Yes, something like this should be fine to make testing more convenient. In fact, looking at the source again, I don't think you need the .* stuff, just

.\content_analysis_sdk_agent.exe --user --toblock=mysecret --towarn=awarnb --delays=3

should work fine. Thanks!

Flags: needinfo?(gstoll)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: