Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix URL matching with Browser Integration #3759

Conversation

@varjolintu
Copy link
Member

varjolintu commented Nov 1, 2019

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Description and Context

Ignores junk URL's, and fixes port matching. Also renames some functions and variables.

If scheme matching is enabled, entry URL's without a scheme will fallback to https.

Fixes #3751.

Testing strategy

Manually. Previously an entry with URL https:///example.com was requested for all sites. Also, tests are included.

Checklist:

  • I have read the CONTRIBUTING document. [REQUIRED]
  • My code follows the code style of this project. [REQUIRED]
  • All new and existing tests passed. [REQUIRED]
  • I have compiled and verified my code with -DWITH_ASAN=ON. [REQUIRED]
  • I have added tests to cover my changes.
@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 1, 2019

Should we alert the user some how that there is an invalid url entered? Perhaps a simple label that pops up or using the red x icon in the url field similar to when passwords are mismatched. We would have to exclude cmd:// style URLs from that check though.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 1, 2019

@droidmonkey I agree. Some kind of warning is needed in the GUI also.

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 1, 2019

Something like "the entered URL will not work with the browser extension because {reason}"

@Talv

This comment has been minimized.

Copy link

Talv commented Nov 5, 2019

Will this PR also fix handling of URLs with trailing space (\x20)? (And possibly other white-space characters).

Example: entry with an URL like https://www.kickstarter.com will be proposed on every domain by browser extension (since v2.5.0).

Further observations:

  • Removing space fixes the issue (https://www.kickstarter.com behaves fine)
  • Appending / before the space fixes the issue as well (https://www.kickstarter.com/ behaves fine)
@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 5, 2019

@Talv It fixes those too. Just tested it.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 6, 2019

This PR has still some issues. Trying to fix them and add the GUI warning. Then we are good to go.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 7, 2019

Problems with the matching are fixed. I'll do the UI stuff next.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 7, 2019

Added the UI warning. This is good to go!

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 8, 2019

This isn't ready for prime time. It's marking perfectly valid URL's as invalid. It also doesn't mark invalid URL's in the new browser settings page.

image

image

image

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 8, 2019

I am going to withhold this until 2.5.2

@droidmonkey droidmonkey modified the milestones: v2.5.1, v2.5.2 Nov 8, 2019
@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 8, 2019

@varjolintu can you separate the fixes for the URL Parsing from the UI error checking code? I do want the URL parsing to be fixed in 2.5.1.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 8, 2019

@droidmonkey Sure, I can separate the UI fixes for now.

EDIT: Done.

@varjolintu varjolintu force-pushed the varjolintu:hotfix/browser_url_validation branch from 3cdc3f7 to 141e7e7 Nov 8, 2019
@varjolintu varjolintu modified the milestones: v2.5.2, v2.5.1 Nov 8, 2019
@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 8, 2019

@droidmonkey One more thing. Should URL's without a scheme match every time with all scheme's in the page URL? Or only when the scheme matching is disabled?

EDIT: I'm in favor to fallback to https scheme if matching is enabled but a scheme has not been specified in the entry URL. I have commit ready for push.

@phoerious phoerious modified the milestones: v2.5.1, v2.5.2 Nov 8, 2019
@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 8, 2019

Yah if there is no scheme we assume https

@varjolintu varjolintu force-pushed the varjolintu:hotfix/browser_url_validation branch from 141e7e7 to ac79177 Nov 8, 2019
@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 8, 2019

Pushed and rebased.

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 8, 2019

@phoerious We are merging this with 2.5.1, but the UI stuff will be another PR for 2.5.2. That's why I changed the milestone.

@phoerious phoerious modified the milestones: v2.5.2, v2.5.1 Nov 8, 2019
@phoerious

This comment has been minimized.

Copy link
Member

phoerious commented Nov 8, 2019

ok.

@varjolintu varjolintu removed the request for review from louib Nov 10, 2019
@droidmonkey droidmonkey merged commit 3d0964b into keepassxreboot:release/2.5.1 Nov 10, 2019
3 checks passed
3 checks passed
MacOS (KeepassXC) TeamCity build finished
Details
Ubuntu Linux (KeepassXC) TeamCity build finished
Details
Windows 10 (KeepassXC) TeamCity build finished
Details
@varjolintu varjolintu deleted the varjolintu:hotfix/browser_url_validation branch Nov 10, 2019
phoerious added a commit that referenced this pull request Nov 11, 2019
Added

- Add programmatic use of the EntrySearcher [#3760]
- Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824]
- macOS: Add ability to perform notarization of built package [#3827]

Changed

- Reduce file hash checking to every 30 seconds to correct performance issues [#3724]
- Correct formatting of notes in entry preview widget [#3727]
- Improve performance and UX of database statistics page [#3780]
- Improve interface for key file selection to discourage use of the database file [#3807]
- Hide Auto-Type sequences column when not needed [#3794]
- macOS: Revert back to using Carbon API for hotkey detection [#3794]
- CLI: Do not show protected fields by default [#3710]

Fixed

- Secret Service: Correct issues interfacing with various applications [#3761]
- Fix building without additional features [#3693]
- Fix handling TOTP secret keys that require padding [#3764]
- Fix database unlock dialog password field focus [#3764]
- Correctly label open databases as locked on launch [#3764]
- Prevent infinite recursion when two databases AutoOpen each other [#3764]
- Browser: Fix incorrect matching of invalid URLs [#3759]
- Properly stylize the application name on Linux [#3775]
- Show application icon on Plasma Wayland sessions [#3777]
- macOS: Check for Auto-Type permissions on use instead of at launch [#3794]
@a-v-popov

This comment has been minimized.

Copy link

a-v-popov commented Nov 14, 2019

It seems that with the "fix" only first level domain is considered.
I.e. if there are a.foo.com and b.foo.com in the db, and you try to open c.foo.com the two records will match (none of them probably should).
UPD: seems to be #3848

@varjolintu

This comment has been minimized.

Copy link
Member Author

varjolintu commented Nov 14, 2019

@a-v-popov Yes, that's what the next PR will fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
5 participants
You can’t perform that action at this time.