Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify checksum on adblock list load from component #35174

Open
ShivanKaul opened this issue Jan 8, 2024 · 3 comments
Open

Verify checksum on adblock list load from component #35174

ShivanKaul opened this issue Jan 8, 2024 · 3 comments
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P4 Planned work. We expect to get to it "soon". privacy webcompat/cookielist Cookie list related webcompat/lists Webcompat issues that seem to be because our lists of what to or not to block could be improved.

Comments

@ShivanKaul
Copy link
Collaborator

Related to brave/brave-core-crx-packager#806, to be maximally safe that an adblock list hasn't gotten corrupted somewhere in the process of reaching the user, we should verify the checksum before actually loading into brave-core. Note that we can only do this for certain adblock lists, the ones that have checksums in the first place.

@ShivanKaul ShivanKaul added webcompat/lists Webcompat issues that seem to be because our lists of what to or not to block could be improved. OS/Android Fixes related to Android browser functionality privacy-pod Feature work for the Privacy & Web Compatibility pod OS/Desktop webcompat/cookielist Cookie list related privacy priority/P4 Planned work. We expect to get to it "soon". and removed privacy-pod Feature work for the Privacy & Web Compatibility pod labels Jan 8, 2024
@bbondy
Copy link
Member

bbondy commented Jan 10, 2024

Could we up this priority for checksums @ShivanKaul ? I think a check could be added pretty painlessly somewhere around here: https://github.com/brave/adblock-resources/blob/master/index.js#L7

@bbondy
Copy link
Member

bbondy commented Jan 10, 2024

Update: I see this is for the brave-core side, I think that's OK to be lower priority as is now so long as the checksums are being made in a place similar to the one I mentioned above when packaging them into crx files.

@ShivanKaul
Copy link
Collaborator Author

Yes, exactly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop priority/P4 Planned work. We expect to get to it "soon". privacy webcompat/cookielist Cookie list related webcompat/lists Webcompat issues that seem to be because our lists of what to or not to block could be improved.
Projects
None yet
Development

No branches or pull requests

2 participants