Closed Bug 1939981 Opened 2 months ago Closed 2 months ago

Bug in WebExtension DNR "initiatorDomains" condition

Categories

(WebExtensions :: Request Handling, defect)

Product:
WebExtensions
Component:
Request Handling
Type:
defect

Tracking

(firefox-esr115 unaffected, firefox-esr128 fixed, firefox133 wontfix, firefox134 wontfix, firefox135 fixed, firefox136 fixed)

Status:
RESOLVED FIXED
Milestone:
136 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- fixed
firefox133 --- wontfix
firefox134 --- wontfix
firefox135 --- fixed
firefox136 --- fixed

People

(Reporter: arkadiyt, Assigned: arkadiyt)

References

(Regression)

Details

(Keywords: regression)

Attachments

(3 files)

Bug 1939981 - Avoid skipping domains in DNR requestDomains/initiatorDomains. r=robwu
48 bytes, text/x-phabricator-request
Details | Review
Bug 1939981 - Avoid skipping domains in DNR requestDomains/initiatorDomains. r=robwu
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-beta+
Details | Review
Bug 1939981 - Avoid skipping domains in DNR requestDomains/initiatorDomains. r=robwu
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-esr128+
Details | Review

Steps to reproduce:

Firefox supports WebExtension DNR conditions such as initiatorDomains, excludeInitiatorDomains, requestDomains, and excludeRequestDomains:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest

This logic is implemented here: https://searchfox.org/mozilla-central/source/toolkit/components/extensions/ExtensionDNR.sys.mjs

Recently this commit merged to try to optimize the speed of matching rule conditions: https://phabricator.services.mozilla.com/D212691

The way that it works is:

  • for a given e.g. initiatorDomain, construct the list of superdomains of it. For instance for "sub.example.com" construct the list ["sub.example.com", "example.com", "com"]
  • when evaluating a rule, check that any of the initiatorDomains match against any of the list of superdomains

Unfortunately there is a bug in the list of superdomains due to a shadowed variable:
https://searchfox.org/mozilla-central/source/toolkit/components/extensions/ExtensionDNR.sys.mjs#1512-1526

In particular we have:

> getAllDomainsWithin('signin.aws.amazon.com')
[ 'signin.aws.amazon.com', 'aws.amazon.com', 'com' ]

Notice that it is missing amazon.com.

This is causing rules to not match in the extension that I'm writing

Actual results:

getAllDomainsWithin('signin.aws.amazon.com') is missing `amazon.com``

Expected results:

getAllDomainsWithin('signin.aws.amazon.com') should contain amazon.com

Assignee: nobody → arkadiyt
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

The Bugbug bot thinks this bug should belong to the 'WebExtensions::Request Handling' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Request Handling
Product: Firefox → WebExtensions

This also affects requestDomains, not just initiatorDomains, as it shares the same logic.

status-firefox133: --- → affected
status-firefox134: --- → affected
status-firefox135: --- → affected
status-firefox-esr115: --- → unaffected
status-firefox-esr128: --- → affected
Keywords: regression
Regressed by: 1853569
Attachment #9445787 - Attachment description: Bug 1939981 - Fix bug in WebExtension DNR "initiatorDomains" condition. r=zombie,robwu → Bug 1939981 - Avoid skipping domains in DNR requestDomains/initiatorDomains. r=robwu
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/c8952dd92e3c Avoid skipping domains in DNR requestDomains/initiatorDomains. r=robwu

https://hg.mozilla.org/mozilla-central/rev/c8952dd92e3c

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox136: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch

The patch landed in nightly and beta is affected.
:arkadiyt, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox135 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(arkadiyt)

I'll request uplifts.

Flags: needinfo?(arkadiyt)
Attachment #9446266 - Flags: approval-mozilla-beta?
Attachment #9446267 - Flags: approval-mozilla-esr128?

beta Uplift Approval Request

  • User impact if declined: Some extension-specified declarative network rule conditions may fail to apply. E.g. network requests that should be blocked may unexpectedly be allowed.
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: Not needed; covered by automated unit tests
  • Risk associated with taking this patch: Low
  • Explanation of risk level: Fixes logical error, with unit tests
  • String changes made/needed: None
  • Is Android affected?: yes

esr128 Uplift Approval Request

  • User impact if declined: Some extension-specified declarative network rule conditions may fail to apply. E.g. network requests that should be blocked may unexpectedly be allowed.
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: Not needed; covered by automated unit tests
  • Risk associated with taking this patch: Low
  • Explanation of risk level: Fixes logical error, with unit tests
  • String changes made/needed: None
  • Is Android affected?: yes
Flags: in-testsuite+
Attachment #9446266 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9446267 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: