In [15]:
%load_ext autoreload
%autoreload 2

In [44]:
import pandas as pd
import re

from utils import get_data, Config

## Load Data + Preprocessing

In [57]:
# Load all data
initial_data = """
SELECT "Result".*, 
"Response".raw_header, "Response".status_code, "Response".label, "Response".resp_type,
"Browser".name, "Browser".version, "Browser".headless_mode, "Browser".os, "Browser".automation_mode, "Browser".add_info
FROM "Result"
JOIN "Response" ON "Result".response_id = "Response".id JOIN "Browser" ON "Result".browser_id = "Browser".id
WHERE "Response".id <= 116032;
"""
df = get_data(Config(), initial_data)

Connecting to the PostgreSQL database...
Connection successful


In [158]:
# Extra columns
df["outcome_str"] = df["outcome_value"].fillna("None").astype(str)

# Unify outcomes that are the same
# Firefox: {'error': 'object "TypeError: NetworkError when attempting to fetch resource."', 'headers': ''} Chromium: {'error': 'object "TypeError: Failed to fetch"', 'headers': ''}
df["outcome_str"] = df["outcome_str"].replace("{'error': 'object \"TypeError: NetworkError when attempting to fetch resource.\"', 'headers': ''}", "{'error': 'object \"TypeError: Failed to fetch\"', 'headers': ''}")
# For document referrer we do not want to know the exact resp_id and count
# Maybe we even only want to know whether it is a origin or the full URl?
df['outcome_str'] = df['outcome_str'].replace(r'resp_id=\d+', 'resp_id=<resp_id>', regex=True)
df['outcome_str'] = df['outcome_str'].replace(r'count=\d+', 'count=<count>', regex=True)

## Overview

In [162]:
display(df.head(2))
display(df.describe())
display(df.columns)

Unnamed: 0,id,outcome_type,outcome_value,test_name,test_status,test_message,test_stack,org_scheme,org_host,resp_scheme,...,status_code,label,resp_type,name,version,headless_mode,os,automation_mode,add_info,outcome_str
0,1,<class 'dict'>,"{'error': 'object ""TypeError: Failed to fetch""...",fetch_GET,0,,,https,sub.headers.websec.saarland,http,...,200,CORS,basic,chrome,119,headless-new,Ubuntu 22.04,selenium,,"{'error': 'object ""TypeError: Failed to fetch""..."
1,2,<class 'dict'>,"{'error': 'object ""TypeError: Failed to fetch""...",fetch_TEST,0,,,https,sub.headers.websec.saarland,http,...,200,CORS,basic,chrome,119,headless-new,Ubuntu 22.04,selenium,,"{'error': 'object ""TypeError: Failed to fetch""..."


Unnamed: 0,id,test_status,browser_id,testcase_id,response_id,created_at,updated_at,status_code
count,116032.0,116032.0,116032.0,116032.0,116032.0,116032,116032,116032.0
mean,58016.5,5.2e-05,52.621208,1.0,1396.614796,2023-11-17 20:35:29.695941120,2023-11-17 20:35:29.695942144,214.515168
min,1.0,0.0,13.0,1.0,60.0,2023-11-17 17:59:33.478706,2023-11-17 17:59:33.478712,200.0
25%,29008.75,0.0,15.0,1.0,342.0,2023-11-17 19:15:53.122749696,2023-11-17 19:15:53.122755072,200.0
50%,58016.5,0.0,71.0,1.0,1370.0,2023-11-17 20:37:59.985938944,2023-11-17 20:37:59.985939456,200.0
75%,87024.25,0.0,73.0,1.0,2082.0,2023-11-17 21:56:40.352541440,2023-11-17 21:56:40.352542464,200.0
max,116032.0,2.0,75.0,1.0,3088.0,2023-11-17 23:19:02.786333,2023-11-17 23:19:02.786335,302.0
std,33495.697555,0.010169,25.793203,0.0,774.76509,,,35.635207


Index(['id', 'outcome_type', 'outcome_value', 'test_name', 'test_status',
       'test_message', 'test_stack', 'org_scheme', 'org_host', 'resp_scheme',
       'resp_host', 'relation_info', 'browser_id', 'testcase_id',
       'response_id', 'status', 'created_at', 'updated_at', 'raw_header',
       'status_code', 'label', 'resp_type', 'name', 'version', 'headless_mode',
       'os', 'automation_mode', 'add_info', 'outcome_str'],
      dtype='object')

In [71]:
# Collected results per browser
df.groupby(["name", "version", "os", "headless_mode", "automation_mode"])["id"].count().sort_values(ascending=False).to_frame()

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,Unnamed: 3_level_0,Unnamed: 4_level_0,id
name,version,os,headless_mode,automation_mode,Unnamed: 5_level_1
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,headless-new,selenium,11624
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,xvfb,selenium,11624
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,headless-new,selenium,11624
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,xvfb,selenium,11624
chrome,119,Ubuntu 22.04,headless-new,selenium,11624
chrome,119,Ubuntu 22.04,xvfb,selenium,11624
edge,119,Ubuntu 22.04,headless-new,selenium,11624
edge,119,Ubuntu 22.04,xvfb,selenium,11624
firefox,119,Ubuntu 22.04,xvfb,selenium,11528
firefox,119,Ubuntu 22.04,headless,selenium,11512


In [74]:
# Timeouts
display(df.groupby(["name", "version", "os", "headless_mode", "automation_mode"])["test_status"].value_counts().to_frame())

display(df.loc[df["test_status"] == 2])

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,Unnamed: 3_level_0,Unnamed: 4_level_0,Unnamed: 5_level_0,count
name,version,os,headless_mode,automation_mode,test_status,Unnamed: 6_level_1
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,headless-new,selenium,0,11624
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,xvfb,selenium,0,11624
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,headless-new,selenium,0,11624
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,xvfb,selenium,0,11624
chrome,119,Ubuntu 22.04,headless-new,selenium,0,11624
chrome,119,Ubuntu 22.04,xvfb,selenium,0,11624
edge,119,Ubuntu 22.04,headless-new,selenium,0,11624
edge,119,Ubuntu 22.04,xvfb,selenium,0,11622
edge,119,Ubuntu 22.04,xvfb,selenium,2,2
firefox,119,Ubuntu 22.04,headless,selenium,0,11512


Unnamed: 0,id,outcome_type,outcome_value,test_name,test_status,test_message,test_stack,org_scheme,org_host,resp_scheme,...,raw_header,status_code,label,resp_type,name,version,headless_mode,os,automation_mode,add_info
73595,73631,<class 'NoneType'>,,referrer_iframe,2,Test timed out,,http,sub.headers.websec.saarland,https,...,"[[Referrer-Policy, no-referrer]]",200,RP,basic,firefox,119,xvfb,Ubuntu 22.04,selenium,
84995,84976,<class 'NoneType'>,,oac_window.open,2,Test timed out,,http,sub.headers.websec.saarland,https,...,"[[origin-agent-cluster, ?0], [location, https:...",302,OAC,basic,edge,119,xvfb,Ubuntu 22.04,selenium,
85333,85352,<class 'NoneType'>,,referrer_iframe,2,Test timed out,,http,sub.headers.websec.saarland,https,...,"[[Referrer-Policy, unsafe-url], [location, htt...",302,RP,basic,edge,119,xvfb,Ubuntu 22.04,selenium,


In [80]:
# Time taken!
# Currently the HTTP times of Chromium-based browsers do not make too much sense due to HTTPS upgrades; however this is fixed for the next run
df.groupby(["name", "version", "os", "headless_mode", "automation_mode", "org_scheme"])["created_at"].agg(["min", "max"]).apply(lambda x: x["max"] - x["min"], axis=1).to_frame()

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,Unnamed: 3_level_0,Unnamed: 4_level_0,Unnamed: 5_level_0,0
name,version,os,headless_mode,automation_mode,org_scheme,Unnamed: 6_level_1
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,headless-new,selenium,http,0 days 00:16:54.759901
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,headless-new,selenium,https,0 days 00:32:53.405975
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,xvfb,selenium,http,0 days 00:16:57.517750
brave,1.59.120 (118.0.5993.88),Ubuntu 22.04,xvfb,selenium,https,0 days 00:32:59.348796
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,headless-new,selenium,http,0 days 00:16:53.083071
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,headless-new,selenium,https,0 days 00:32:52.104873
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,xvfb,selenium,http,0 days 00:16:58.926585
brave,1.60.114 (119.0.6045.124),Ubuntu 22.04,xvfb,selenium,https,0 days 00:33:05.305826
chrome,119,Ubuntu 22.04,headless-new,selenium,http,0 days 00:00:49.338957
chrome,119,Ubuntu 22.04,headless-new,selenium,https,0 days 00:32:25.278693


## Response analysis

- We have 11624 unique tests: (test_name x relation_info) x org_scheme x (resp_scheme x resp_host) x response_id)
- They should all have 10 (num browsers in various settings) outcomes
    -  Due to the HTTPS Upgrade bug many have either 16 or 4 outcomes only (as the 6 http outcomes of Chrome + Brave instead resulted in HTTPS outcomes)
    -  Without org_scheme they should have 20; a couple tests have less than 20 (due to the Firefox errors and/or timeouts?)

In [142]:
# Unique tests
tests = {
    "Fetch": [4, 2, 8, 6], 
    "Framing": [9, 2, 8, 35], # 7+11+17
    "PP": [4, 2, 8, 24],
    "OAC": [3, 2, 8, 14],
    "TAO": [1, 2, 8, 13],
    "RP": [2, 2, 8, 16],
    "CSP-SCRIPT": [2, 2, 8, 17],
    "COEP": [2, 2, 8, 11],
    "CORP": [4, 2, 8, 11],
    "CSP-IMG": [1, 2, 8, 17],
    "HSTS": [2, 1, 2, 14],
    "COOP": [1, 2, 8, 11],
}
tests = pd.DataFrame.from_dict(tests, columns=["tests", "org_origins", "resp_origins", "responses"], orient="index")
tests["All tests"] = tests.prod(axis=1)
tests.loc["Sum"] = tests.sum(axis=0)
tests

Unnamed: 0,tests,org_origins,resp_origins,responses,All tests
Fetch,4,2,8,6,384
Framing,9,2,8,35,5040
PP,4,2,8,24,1536
OAC,3,2,8,14,672
TAO,1,2,8,13,208
RP,2,2,8,16,512
CSP-SCRIPT,2,2,8,17,544
COEP,2,2,8,11,352
CORP,4,2,8,11,704
CSP-IMG,1,2,8,17,272


In [163]:
# SELECT count(*) as c2, count(DISTINCT browser_id), count(DISTINCT outcome_value) as c1, test_name, org_scheme, org_host, resp_scheme, resp_host, relation_info, response_id 
# FROM "Result" GROUP by test_name, org_scheme, org_host, resp_scheme, resp_host, relation_info, response_id order by c1 DESC, c2 DESC

# Currently ignore "org_scheme"
res = df.loc[df["org_scheme"] == "https"].groupby(["test_name", "org_host", "resp_scheme", "resp_host", "relation_info", "response_id"])[["browser_id", "outcome_str"]].agg(["count", "nunique"])
display(res)
display(res.value_counts().to_frame())

Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,Unnamed: 3_level_0,Unnamed: 4_level_0,Unnamed: 5_level_0,browser_id,browser_id,outcome_str,outcome_str
Unnamed: 0_level_1,Unnamed: 1_level_1,Unnamed: 2_level_1,Unnamed: 3_level_1,Unnamed: 4_level_1,Unnamed: 5_level_1,count,nunique,count,nunique
test_name,org_host,resp_scheme,resp_host,relation_info,response_id,Unnamed: 6_level_2,Unnamed: 7_level_2,Unnamed: 8_level_2,Unnamed: 9_level_2
accesswindow_direct,sub.headers.websec.saarland,http,headers.webappsec.eu,direct,1524,16,10,16,1
accesswindow_direct,sub.headers.websec.saarland,http,headers.webappsec.eu,direct,1525,16,10,16,1
accesswindow_direct,sub.headers.websec.saarland,http,headers.webappsec.eu,direct,1526,16,10,16,1
accesswindow_direct,sub.headers.websec.saarland,http,headers.webappsec.eu,direct,1527,16,10,16,1
accesswindow_direct,sub.headers.websec.saarland,http,headers.webappsec.eu,direct,1528,16,10,16,1
...,...,...,...,...,...,...,...,...,...
subresourceloadingCORP_object,sub.headers.websec.saarland,https,sub.sub.headers.websec.saarland,direct,1907,16,10,16,1
subresourceloadingCORP_object,sub.headers.websec.saarland,https,sub.sub.headers.websec.saarland,direct,2113,16,10,16,1
subresourceloadingCORP_object,sub.headers.websec.saarland,https,sub.sub.headers.websec.saarland,direct,2114,16,10,16,2
subresourceloadingCORP_object,sub.headers.websec.saarland,https,sub.sub.headers.websec.saarland,direct,2115,16,10,16,1


Unnamed: 0_level_0,Unnamed: 1_level_0,Unnamed: 2_level_0,Unnamed: 3_level_0,count
"(browser_id, count)","(browser_id, nunique)","(outcome_str, count)","(outcome_str, nunique)",Unnamed: 4_level_1
16,10,16,1,5102
16,10,16,2,368
16,10,16,3,138
12,10,12,1,96
14,8,14,1,80


### Differences (currently only look at HTTPS):
- COOP (accesswindow_direct):
    - [ ] Edge + Firefox: redirect first
    - [ ] Brave + Chrome: COOP first?
-  Framing:
    -  [ ] framing_iframe_sandbox: CSP-FA *; Firefox allows, all other browsers deny?
- PP not supported in Firefox
- OAC not supported in Firefox
    - [ ] Also random/caching behavior?
- PerfAPI:
    - [ ] Chrome/Firefox have different rules when to create an entry at all?
- COEP (CORP):
    - [ ] Firefox incorrect behavior for same-origin (applies same-site?)
- CORP:
    - [ ] same-origin: Edge does not check the scheme?
    - [x] Firefox applies CORP on object tags (even though it should not!)
    - [ ] Some other CORP and/or COEP strange stuff (Firefox)
- Referrer Policy: different default in Brave (unsafe-url is never allowed)
- ...

In [170]:
test_name_seen = set()
for test_name, org_host, resp_scheme, resp_host, relation_info, response_id in res.loc[res[("outcome_str", "nunique")] != 1].index:
    # Only look at each feature group once
    if test_name in test_name_seen:
        continue
    test_name_seen.add(test_name)
    print(test_name)
    # no org_scheme at the moment
    rows = df.loc[df["org_scheme"] == "https"].loc[(df["test_name"] == test_name) & (df["resp_scheme"] == resp_scheme) & (df["resp_host"] == resp_host) & (df["relation_info"] == relation_info) & (df["response_id"] == response_id)]
    with pd.option_context("display.max_colwidth", 200):
        display(rows[["outcome_str", "name"]].value_counts().to_frame())
        display(rows.drop_duplicates(subset="outcome_str")[["browser_id", "outcome_str", "raw_header", "test_name", "org_scheme", "org_host", "resp_scheme", "relation_info", "resp_host"]])
    

accesswindow_direct


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
{'window.open.opener': 'null'},brave,8
{'window.open.opener': 'null'},chrome,4
"{'window.open.opener': 'object ""[object Window]""'}",edge,2
"{'window.open.opener': 'object ""[object Window]""'}",firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
5794,13,{'window.open.opener': 'null'},"[[Cross-Origin-Opener-Policy, same-origin-allow-popups], [location, https://sub.headers.websec.saarland/_hp/common/empty.html]]",accesswindow_direct,https,sub.headers.websec.saarland,http,direct,headers.webappsec.eu
23100,14,"{'window.open.opener': 'object ""[object Window]""'}","[[Cross-Origin-Opener-Policy, same-origin-allow-popups], [location, https://sub.headers.websec.saarland/_hp/common/empty.html]]",accesswindow_direct,https,sub.headers.websec.saarland,http,direct,headers.webappsec.eu


framing_iframe


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
message timeout,brave,8
message timeout,chrome,4
message send,firefox,2
message timeout,edge,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
1210,13,message timeout,"[[Content-Security-Policy, frame-ancestors *]]",framing_iframe,https,sub.headers.websec.saarland,https,sandbox,headers.webappsec.eu
18758,14,message send,"[[Content-Security-Policy, frame-ancestors *]]",framing_iframe,https,sub.headers.websec.saarland,https,sandbox,headers.webappsec.eu


fullscreen_iframe


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
fullscreenEnabled: false,brave,8
fullscreenEnabled: false,chrome,4
fullscreenEnabled: false,edge,2
fullscreenEnabled: true,firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
2951,13,fullscreenEnabled: false,"[[Permissions-Policy, fullscreen=()]]",fullscreen_iframe,https,sub.headers.websec.saarland,https,child_allow,headers.webappsec.eu
20206,14,fullscreenEnabled: true,"[[Permissions-Policy, fullscreen=()]]",fullscreen_iframe,https,sub.headers.websec.saarland,https,child_allow,headers.webappsec.eu


oac_iframe


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
window.originAgentCluster: false,brave,4
window.originAgentCluster: true,brave,4
window.originAgentCluster: true,chrome,4
window.originAgentCluster: true,edge,2
window.originAgentCluster: undefined,firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
3501,13,window.originAgentCluster: true,"[[origin-agent-cluster, *]]",oac_iframe,https,sub.headers.websec.saarland,https,direct,headers.webappsec.eu
21056,14,window.originAgentCluster: undefined,"[[origin-agent-cluster, *]]",oac_iframe,https,sub.headers.websec.saarland,https,direct,headers.webappsec.eu
38280,60,window.originAgentCluster: false,"[[origin-agent-cluster, *]]",oac_iframe,https,sub.headers.websec.saarland,https,direct,headers.webappsec.eu


oac_window.open


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
window.originAgentCluster: false,brave,4
window.originAgentCluster: true,brave,4
window.originAgentCluster: true,chrome,4
window.originAgentCluster: false,edge,2
window.originAgentCluster: undefined,firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
3500,13,window.originAgentCluster: true,"[[origin-agent-cluster, *]]",oac_window.open,https,sub.headers.websec.saarland,http,window.open,headers.webappsec.eu
21055,14,window.originAgentCluster: undefined,"[[origin-agent-cluster, *]]",oac_window.open,https,sub.headers.websec.saarland,http,window.open,headers.webappsec.eu
32479,15,window.originAgentCluster: false,"[[origin-agent-cluster, *]]",oac_window.open,https,sub.headers.websec.saarland,http,window.open,headers.webappsec.eu


perfAPI_img


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
No performance entry,brave,8
No performance entry,chrome,4
No performance entry,edge,2
{'requestStart != 0': False},firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
3906,13,No performance entry,"[[Timing-Allow-Origin, null]]",perfAPI_img,https,sub.headers.websec.saarland,http,direct,headers.webappsec.eu
21166,14,{'requestStart != 0': False},"[[Timing-Allow-Origin, null]]",perfAPI_img,https,sub.headers.websec.saarland,http,direct,headers.webappsec.eu


referrer_iframe


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
document.referrer: https://headers.webappsec.eu/,brave,8
document.referrer: https://headers.webappsec.eu/,chrome,4
document.referrer: http://headers.webappsec.eu/,firefox,2
document.referrer: http://headers.webappsec.eu/,edge,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
3937,13,document.referrer: https://headers.webappsec.eu/,"[[Referrer-Policy, *]]",referrer_iframe,https,sub.headers.websec.saarland,http,window.open,headers.webappsec.eu
21380,14,document.referrer: http://headers.webappsec.eu/,"[[Referrer-Policy, *]]",referrer_iframe,https,sub.headers.websec.saarland,http,window.open,headers.webappsec.eu


subresourceloadingCOEP_img


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'error'}, 'window.crossOriginIsolated': False}",brave,8
"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'error'}, 'window.crossOriginIsolated': False}",chrome,4
"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'error'}, 'window.crossOriginIsolated': False}",edge,2
"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'load'}, 'window.crossOriginIsolated': False}",firefox,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
4314,13,"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'error'}, 'window.crossOriginIsolated': False}","[[Cross-Origin-Embedder-Policy, frame-ancestors]]",subresourceloadingCOEP_img,https,sub.headers.websec.saarland,https,direct,headers.websec.saarland
21882,14,"{'image-events': {'swag.jpg': 'load', 'swag-same-site.jpg': 'load', 'swag-cross-site.jpg': 'load', 'swag-same-origin.jpg': 'load'}, 'window.crossOriginIsolated': False}","[[Cross-Origin-Embedder-Policy, frame-ancestors]]",subresourceloadingCOEP_img,https,sub.headers.websec.saarland,https,direct,headers.websec.saarland


subresourceloadingCORP_img


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
load,brave,8
load,chrome,4
error,firefox,2
load,edge,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
5262,13,load,"[[Cross-Origin-Resource-Policy, same-origin]]",subresourceloadingCORP_img,https,sub.headers.websec.saarland,http,direct,sub.headers.websec.saarland
22587,14,error,"[[Cross-Origin-Resource-Policy, same-origin]]",subresourceloadingCORP_img,https,sub.headers.websec.saarland,http,direct,sub.headers.websec.saarland


subresourceloadingCORP_object


Unnamed: 0_level_0,Unnamed: 1_level_0,count
outcome_str,name,Unnamed: 2_level_1
load,brave,8
load,chrome,4
error,firefox,2
load,edge,2


Unnamed: 0,browser_id,outcome_str,raw_header,test_name,org_scheme,org_host,resp_scheme,relation_info,resp_host
5339,13,load,"[[Cross-Origin-Resource-Policy, same-origin], [location, https://sub.headers.websec.saarland/_hp/common/empty.html]]",subresourceloadingCORP_object,https,sub.headers.websec.saarland,https,direct,headers.webappsec.eu
22716,14,error,"[[Cross-Origin-Resource-Policy, same-origin], [location, https://sub.headers.websec.saarland/_hp/common/empty.html]]",subresourceloadingCORP_object,https,sub.headers.websec.saarland,https,direct,headers.webappsec.eu


# Crash analysis

### Exceptions thrown
- Fixed:
    - Only Firefox; both headless + Xvfb
        - OAC + RP
        - Both on HTTP and HTTPS
        - Response_ids: 185, 186, 341, 342; these are the ones that have status code 302!
        - Reason seems to be that Firefox switches to another tab in these cases and thus the wait for crashes. Solution: forcefully switch back to the original tab before waiting!
    - Only Brave: both headless + Xvfb
        - OAC + RP
        - Both on HTTP and HTTPS
        - Reason seems to be the tab switching, if deactivated no issue occurs

In [147]:
with open("/home/ubuntu/wpt/_hp/tools/crawler/desktop-selenium-2023-11-20 16:09:24.649008.log", "r") as f:
    crashes = []
    for l in f.readlines():
        if "649008: http" in l:
            match = re.match(".*(http|https)://.*browser_id=(\d+)&label=(.*)&first_id=(\d+).*", l)
            crashes.append([match[1], match[2], match[3], match[4]])

In [148]:
crashes = pd.DataFrame(crashes, columns=["scheme", "browser_id", "label", "response_id"]).drop_duplicates()
crashes

Unnamed: 0,scheme,browser_id,label,response_id
0,http,59,RP,172
2,http,59,RP,173
4,https,59,OAC,339
6,https,59,RP,181
8,http,75,RP,171
10,http,75,RP,172
12,https,75,OAC,330
14,https,75,OAC,338
16,https,75,RP,180
18,https,74,OAC,337
