Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Even more strict on address bar for IPNS #13874

Closed
bbondy opened this issue Feb 1, 2021 · 5 comments · Fixed by brave/brave-core#8328
Closed

[Security] Even more strict on address bar for IPNS #13874

bbondy opened this issue Feb 1, 2021 · 5 comments · Fixed by brave/brave-core#8328
Assignees
@spylogsster
Labels
feature/web3/ipfs OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Required QA/Yes release-notes/include security
Milestone
1.24.x - Release

Comments

@bbondy
Copy link
Member

bbondy commented Feb 1, 2021

This issue #13872 makes it so we only use ipns:// and ipfs:// for configured gateways.

This issue #13873 is for being more strict for ipfs://.

For IPNS, once we have DNSLink, we should only replace when there's a valid CID and when DNSLink has no information for the name being used.
@bbondy bbondy added security priority/P3 The next thing for us to work on. It'll ride the trains. OS/Desktop labels Feb 1, 2021
@diracdeltas diracdeltas mentioned this issue Feb 1, 2021
Closed
@spylogsster spylogsster mentioned this issue Mar 23, 2021
Merged
23 tasks
@spylogsster spylogsster added this to the 1.24.x - Nightly milestone Mar 24, 2021
@stephendonner
Copy link

@spylogsster mind adding a test plan for this and #13873? Thanks!

@spylogsster
Copy link

@stephendonner same as here #13873 (comment)

@stephendonner
Copy link

@lidel do you have any (additional) testcases to help me verify this (in addition to #13873)? Thanks!

@lidel
Copy link

lidel commented Apr 6, 2021
edited
Loading

@stephendonner you mean for DNSLink names other than brantly.eth from #13873 (comment)?

  • This should succeed and redirect to ipns:// (has DNSLink)
    http://en.wikipedia-on-ipfs.org.ipns.localhost:[gw port]/#/
  • This should fail and not redirect to ipns:// (no DNSLink)
    http://google.com.ipns.localhost:[gw port]/#/

@stephendonner
Copy link

stephendonner commented Apr 6, 2021
edited
Loading

Verified PASSED with

Brave 1.24.50 Chromium: 90.0.4430.51 (Official Build) nightly (x86_64)
Revision 32e5fa33a31641bded70a90e60121060691e7125-refs/branch-heads/4430@{#927}
OS macOS Version 11.2.3 (Build 20D91)

Steps:

  1. loaded http://en.wikipedia-on-ipfs.org.ipns.localhost:48081/ and redirected to http://en.wikipedia-on-ipfs.org.ipns.localhost:48081/wiki; clicked on Open using IPFS and got ipns://en.wikipedia-on-ipfs.org/wiki
  2. loaded http://google.com.ipns.localhost:48081 and got expected ipfs resolve -r /ipns/google.com/: could not resolve name error

Screen Shot 2021-04-06 at 11 37 35 AM

Screen Shot 2021-04-06 at 11 37 30 AM

Screen Shot 2021-04-06 at 11 37 24 AM

Verification passed on

Brave 1.24.70 Chromium: 90.0.4430.72 (Official Build) beta (64-bit)
Revision b6172ef8d07ef486489a4b11b66b2eaeed50d132-refs/branch-heads/4430@{#1233}
OS Ubuntu 20

Verified the above test plan

image
image
image

Verified PASSED with

Brave 1.24.82 Chromium: 90.0.4430.93 (Official Build) (64-bit)
Revision 4df112c29cfe9a2c69b14195c0275faed4e997a7-refs/branch-heads/4430@{#1348}
OS Windows 10 OS Version 2009 (Build 21370.1)

Steps:

  1. loaded http://en.wikipedia-on-ipfs.org.ipns.localhost:48084/ and redirected to http://en.wikipedia-on-ipfs.org.ipns.localhost:48084/wiki; clicked on Open using IPFS and got ipns://en.wikipedia-on-ipfs.org/wiki
  2. loaded http://google.com.ipns.localhost:48084 and got expected ipfs resolve -r /ipns/google.com/: could not resolve name error
example example example
before-ipfs using-ipfs dns-resolve

@LaurenWags LaurenWags changed the title Even more strict on address bar for IPNS [Security] Even more strict on address bar for IPNS May 4, 2021
@LaurenWags LaurenWags mentioned this issue May 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spylogsster spylogsster

Labels
feature/web3/ipfs OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Required QA/Yes release-notes/include security
Projects
None yet
Milestone
1.24.x - Release
Development

Successfully merging a pull request may close this issue.

Added simple cid validation brave/brave-core
6 participants
@lidel @stephendonner @bbondy @spylogsster @LaurenWags @btlechowski