Opened on 02/15/2019 at 01:15:00 PM

Closed on 02/21/2019 at 02:00:28 PM

Last modified on 02/22/2019 at 10:21:30 AM

#7290 closed defect (fixed)

Signature header generated by sitekey-frame page doesn't verify

Reported by: kzar Assignee: kvas
Priority: P3 Milestone:
Module: Sitescripts Keywords:
Cc: kvas, Ross, greiner Blocked By:
Blocking: #7164 Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/30011569

Description (last modified by kzar)

Environment

Chrome 71, Adblock Plus development build from current HEAD.

How to reproduce

  1. Modify Adblock Plus to log the result of verifySignature in adblockplus/lib/whitelisting.js.
  2. Rebuild the extension.
  3. Navigate to https://testpages.adblockplus.org/sitekey-frame

Observed behaviour

The signature verification fails.

Expected behaviour

The signature verification succeeds.

Notes

  • This likely means that sitescripts/sitescripts/testpages/web/sitekey_frame.py is using the wrong parameters to generate the signature. See this line: 
key.sign_update('\x00'.join((
    request_path(environ), environ['HTTP_HOST'], environ['HTTP_USER_AGENT']
)))
  • When I run sitekey-frame locally using multiplexer.py the signature verifies OK. The values I see are /sitekey-frame, localhost:5000 and Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 respectively.

Attachments (0)

Change History (11)

comment:1 Changed on 02/15/2019 at 01:15:50 PM by kzar

  • Description modified (diff)

comment:2 Changed on 02/15/2019 at 01:22:47 PM by kzar

What do you think Vasily? Do you think request_path(environ), environ['HTTP_HOST'] and environ['HTTP_USER_AGENT'] are correct? Any idea how we can verify their values?

comment:3 Changed on 02/15/2019 at 01:27:51 PM by kzar

  • Description modified (diff)

comment:4 Changed on 02/15/2019 at 01:30:32 PM by kzar

  • Description modified (diff)

comment:5 Changed on 02/19/2019 at 12:31:54 PM by greiner

  • Cc greiner added

comment:6 Changed on 02/19/2019 at 10:40:06 PM by kvas

  • Owner set to kvas
  • Priority changed from Unknown to P3
  • Ready set

comment:7 Changed on 02/19/2019 at 10:40:34 PM by kvas

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:8 Changed on 02/21/2019 at 01:45:42 PM by abpbot

A commit referencing this issue has landed:
Issue 7290 - Fix signature production in sitekey_frame.py

comment:9 Changed on 02/21/2019 at 02:00:28 PM by kzar

  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:10 Changed on 02/21/2019 at 03:23:23 PM by kzar

Thanks again Vasily :)

comment:11 Changed on 02/22/2019 at 10:21:30 AM by kvas

No problem. Thanks for the review!

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from kvas.
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.