Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix URL matching with Browser Integration #3759

Conversation

varjolintu
Copy link
Member

@varjolintu varjolintu commented Nov 1, 2019

Type of change

  • ✅ Bug fix (non-breaking change which fixes an issue)

Description and Context

Ignores junk URL's, and fixes port matching. Also renames some functions and variables.

If scheme matching is enabled, entry URL's without a scheme will fallback to https.

Fixes #3751.

Testing strategy

Manually. Previously an entry with URL https:///example.com was requested for all sites. Also, tests are included.

Checklist:

  • ✅ I have read the CONTRIBUTING document. [REQUIRED]
  • ✅ My code follows the code style of this project. [REQUIRED]
  • ✅ All new and existing tests passed. [REQUIRED]
  • ✅ I have compiled and verified my code with -DWITH_ASAN=ON. [REQUIRED]
  • ✅ I have added tests to cover my changes.

@droidmonkey
Copy link
Member

Should we alert the user some how that there is an invalid url entered? Perhaps a simple label that pops up or using the red x icon in the url field similar to when passwords are mismatched. We would have to exclude cmd:// style URLs from that check though.

@varjolintu
Copy link
Member Author

@droidmonkey I agree. Some kind of warning is needed in the GUI also.

@droidmonkey
Copy link
Member

Something like "the entered URL will not work with the browser extension because {reason}"

@Talv
Copy link

Talv commented Nov 5, 2019

Will this PR also fix handling of URLs with trailing space (\x20)? (And possibly other white-space characters).

Example: entry with an URL like https://www.kickstarter.com will be proposed on every domain by browser extension (since v2.5.0).

Further observations:

  • Removing space fixes the issue (https://www.kickstarter.com behaves fine)
  • Appending / before the space fixes the issue as well (https://www.kickstarter.com/ behaves fine)

@varjolintu
Copy link
Member Author

@Talv It fixes those too. Just tested it.

@varjolintu
Copy link
Member Author

This PR has still some issues. Trying to fix them and add the GUI warning. Then we are good to go.

@varjolintu
Copy link
Member Author

Problems with the matching are fixed. I'll do the UI stuff next.

@varjolintu
Copy link
Member Author

Added the UI warning. This is good to go!

@droidmonkey
Copy link
Member

This isn't ready for prime time. It's marking perfectly valid URL's as invalid. It also doesn't mark invalid URL's in the new browser settings page.

image

image

image

@droidmonkey
Copy link
Member

I am going to withhold this until 2.5.2

@droidmonkey droidmonkey modified the milestones: v2.5.1, v2.5.2 Nov 8, 2019
@droidmonkey
Copy link
Member

droidmonkey commented Nov 8, 2019

@varjolintu can you separate the fixes for the URL Parsing from the UI error checking code? I do want the URL parsing to be fixed in 2.5.1.

@varjolintu
Copy link
Member Author

varjolintu commented Nov 8, 2019

@droidmonkey Sure, I can separate the UI fixes for now.

EDIT: Done.

@varjolintu varjolintu force-pushed the hotfix/browser_url_validation branch from 3cdc3f7 to 141e7e7 Compare November 8, 2019 04:58
@varjolintu varjolintu modified the milestones: v2.5.2, v2.5.1 Nov 8, 2019
@varjolintu
Copy link
Member Author

varjolintu commented Nov 8, 2019

@droidmonkey One more thing. Should URL's without a scheme match every time with all scheme's in the page URL? Or only when the scheme matching is disabled?

EDIT: I'm in favor to fallback to https scheme if matching is enabled but a scheme has not been specified in the entry URL. I have commit ready for push.

@phoerious phoerious modified the milestones: v2.5.1, v2.5.2 Nov 8, 2019
@droidmonkey
Copy link
Member

Yah if there is no scheme we assume https

@varjolintu varjolintu force-pushed the hotfix/browser_url_validation branch from 141e7e7 to ac79177 Compare November 8, 2019 11:37
@varjolintu
Copy link
Member Author

Pushed and rebased.

@varjolintu
Copy link
Member Author

@phoerious We are merging this with 2.5.1, but the UI stuff will be another PR for 2.5.2. That's why I changed the milestone.

@phoerious phoerious modified the milestones: v2.5.2, v2.5.1 Nov 8, 2019
@phoerious
Copy link
Member

ok.

@varjolintu varjolintu removed the request for review from louib November 10, 2019 06:03
@droidmonkey droidmonkey merged commit 3d0964b into keepassxreboot:release/2.5.1 Nov 10, 2019
@varjolintu varjolintu deleted the hotfix/browser_url_validation branch November 10, 2019 14:02
phoerious added a commit that referenced this pull request Nov 11, 2019
Added

- Add programmatic use of the EntrySearcher [#3760]
- Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824]
- macOS: Add ability to perform notarization of built package [#3827]

Changed

- Reduce file hash checking to every 30 seconds to correct performance issues [#3724]
- Correct formatting of notes in entry preview widget [#3727]
- Improve performance and UX of database statistics page [#3780]
- Improve interface for key file selection to discourage use of the database file [#3807]
- Hide Auto-Type sequences column when not needed [#3794]
- macOS: Revert back to using Carbon API for hotkey detection [#3794]
- CLI: Do not show protected fields by default [#3710]

Fixed

- Secret Service: Correct issues interfacing with various applications [#3761]
- Fix building without additional features [#3693]
- Fix handling TOTP secret keys that require padding [#3764]
- Fix database unlock dialog password field focus [#3764]
- Correctly label open databases as locked on launch [#3764]
- Prevent infinite recursion when two databases AutoOpen each other [#3764]
- Browser: Fix incorrect matching of invalid URLs [#3759]
- Properly stylize the application name on Linux [#3775]
- Show application icon on Plasma Wayland sessions [#3777]
- macOS: Check for Auto-Type permissions on use instead of at launch [#3794]
@a-v-popov
Copy link

a-v-popov commented Nov 14, 2019

It seems that with the "fix" only first level domain is considered.
I.e. if there are a.foo.com and b.foo.com in the db, and you try to open c.foo.com the two records will match (none of them probably should).
UPD: seems to be #3848

@varjolintu
Copy link
Member Author

@a-v-popov Yes, that's what the next PR will fix.

@phoerious phoerious added pr: bugfix Pull request that fixes a bug and removed bug labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants