Release v1.0.1646286: AI: Restrict getResourceContent to same-origin and block file:// URLs · ChromeDevTools/devtools-frontend

v1.0.1646286
6481ca5
Choose a tag to compare

Filter

View all tags

v1.0.1646286: AI: Restrict getResourceContent to same-origin and block file:// URLs

v1.0.1646286
6481ca5
Choose a tag to compare

Filter

View all tags

jackfranklin tagged this 16 Jun 07:35

The getResourceContent tool in the Performance AI agent retrieved V8
trace script contents without verifying the resource URL origin. This
could allow an attacker to use prompt injection (e.g., via trace
events) to read and exfiltrate sensitive cross-origin script source
code, bypassing a previous fix that redacted sourceText from raw trace
events.

To mitigate this, we restrict the tool as follows:
- Block execution of `getResourceContent` entirely if the trace is not fresh (imported).
- For fresh recordings, enforce same-origin validation between the resource URL and the trace origin.
- Block all `file://` URLs for both target resources and trace origins to prevent local file access.

This aligns the security model of `getResourceContent` with `getFunctionCode`.

Fixed: 523743289
TAG=agy
CONV=b132e803-d587-436c-9556-c215b4289296
Change-Id: I041c26213e6b85f8f9488aaec088041de730ea03
Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/7942370
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Jack Franklin <jacktfranklin@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!