Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Report DevTools issue for insecure attributionsrc redirects
Bug: 1347848 Change-Id: Ib050cd51cb714852d1f4dd781e02062086ab49c3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3784973 Reviewed-by: Nate Chapin <japhet@chromium.org> Commit-Queue: Andrew Paseltiner <apaseltiner@chromium.org> Quick-Run: Andrew Paseltiner <apaseltiner@chromium.org> Cr-Commit-Position: refs/heads/main@{#1030199}
- Loading branch information
Andrew Paseltiner
authored and
Chromium LUCI CQ
committed
Aug 1, 2022
1 parent
5b1cc65
commit 3ecbb5c
Showing
8 changed files
with
131 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
...tests/inspector-protocol/attribution-reporting/insecure-attributionsrc-redirect-source.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
// Copyright 2022 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
(async function(testRunner) { | ||
const {page, dp} = await testRunner.startBlank( | ||
`Test that an attributionsrc that redirects to an insecure origin and tries to register a source triggers an issue.`); | ||
|
||
await dp.Audits.enable(); | ||
|
||
await page.loadHTML( | ||
`<img attributionsrc="https://devtools.test:8443/inspector-protocol/attribution-reporting/resources/redirect-to-insecure-origin-and-register-source.php">`); | ||
|
||
const issuePromise = dp.Audits.onceIssueAdded(); | ||
const issue = await issuePromise; | ||
testRunner.log(issue.params.issue, 'Issue reported: ', ['request']); | ||
testRunner.completeTest(); | ||
}) |
18 changes: 18 additions & 0 deletions
18
...ests/inspector-protocol/attribution-reporting/insecure-attributionsrc-redirect-trigger.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
// Copyright 2022 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
(async function(testRunner) { | ||
const {page, dp} = await testRunner.startBlank( | ||
`Test that an attributionsrc that redirects to an insecure origin and tries to register a trigger triggers an issue.`); | ||
|
||
await dp.Audits.enable(); | ||
|
||
await page.loadHTML( | ||
`<img attributionsrc="https://devtools.test:8443/inspector-protocol/attribution-reporting/resources/redirect-to-insecure-origin-and-register-trigger.php">`); | ||
|
||
const issuePromise = dp.Audits.onceIssueAdded(); | ||
const issue = await issuePromise; | ||
testRunner.log(issue.params.issue, 'Issue reported: ', ['request']); | ||
testRunner.completeTest(); | ||
}) |
3 changes: 3 additions & 0 deletions
3
...tocol/attribution-reporting/resources/redirect-to-insecure-origin-and-register-source.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<?php | ||
header('Location: http://devtools.test:8000/inspector-protocol/attribution-reporting/resources/register-source.php'); | ||
?> |
3 changes: 3 additions & 0 deletions
3
...ocol/attribution-reporting/resources/redirect-to-insecure-origin-and-register-trigger.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<?php | ||
header('Location: http://devtools.test:8000/inspector-protocol/attribution-reporting/resources/register-trigger.php'); | ||
?> |
3 changes: 3 additions & 0 deletions
3
...b_tests/http/tests/inspector-protocol/attribution-reporting/resources/register-source.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<?php | ||
header('Attribution-Reporting-Register-Source: {"source_event_id":"0","destination":"https://a.example"}'); | ||
?> |
12 changes: 12 additions & 0 deletions
12
...ector-protocol/attribution-reporting/insecure-attributionsrc-redirect-source-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Test that an attributionsrc that redirects to an insecure origin and tries to register a source triggers an issue. | ||
Issue reported: { | ||
code : AttributionReportingIssue | ||
details : { | ||
attributionReportingIssueDetails : { | ||
invalidParameter : http://devtools.test:8000 | ||
request : <object> | ||
violationType : UntrustworthyReportingOrigin | ||
} | ||
} | ||
} | ||
|
12 changes: 12 additions & 0 deletions
12
...ctor-protocol/attribution-reporting/insecure-attributionsrc-redirect-trigger-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Test that an attributionsrc that redirects to an insecure origin and tries to register a trigger triggers an issue. | ||
Issue reported: { | ||
code : AttributionReportingIssue | ||
details : { | ||
attributionReportingIssueDetails : { | ||
invalidParameter : http://devtools.test:8000 | ||
request : <object> | ||
violationType : UntrustworthyReportingOrigin | ||
} | ||
} | ||
} | ||
|