bubblev
/
bubble
9
0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 130 Wiki Activiteit
Labels Mijlpalen
Nieuwe Pull aanvraag

#58 Add request protector app with cross-domain cookies filtering

Samengevoegd
jonathan heeft 35 commits samengevoegd van kris/request_protector_app naar master 4 jaren geleden
Discussie 4 Commits 35 Bestanden gewijzigd 17
kris commented 4 jaren geleden

@jonathan please review

Waiting on Jenkins build: https://jenkins.bubblev.org/job/bubble-dev-kris/252/
but not sure how it will go as current master build is failing.

@jonathan please review Waiting on Jenkins build: https://jenkins.bubblev.org/job/bubble-dev-kris/252/ but not sure how it will go as current master build is failing.
jonathan was toegekend door kris 4 jaren geleden
jonathan commented 4 jaren geleden
Eigenaar

Looks good, but what would the regex be if the intent is “delete any cookies NOT belonging to the current domain, or one of its subdomains”?

It seems like we would need some more logic -- if we add these 2 things I think it would work:

  1. The regex can include {{fqdn}} which will be replaced (in mitm-land) with the (regex-escaped) FQDN for the current request
  2. In addition to regex and replacement, add mode which can be match or no_match. Or, alternatively, see if the “regex negation” syntax works in Python’s regex implementation, see: https://stackoverflow.com/questions/2637675/how-to-negate-the-whole-regex ). If regex negation works, that may be easier.

Thoughts?

Looks good, but what would the regex be if the intent is "delete any cookies NOT belonging to the current domain, or one of its subdomains"? It seems like we would need some more logic -- if we add these 2 things I think it would work: 1. The regex can include `{{fqdn}}` which will be replaced (in mitm-land) with the (regex-escaped) FQDN for the current request 2. In addition to `regex` and `replacement`, add `mode` which can be `match` or `no_match`. Or, alternatively, see if the "regex negation" syntax works in Python's regex implementation, see: https://stackoverflow.com/questions/2637675/how-to-negate-the-whole-regex ). If regex negation works, that may be easier. Thoughts?
kris commented 4 jaren geleden
Poster
  1. will do. Separate PR? (easier review)
  2. (?!...) is supported in python3’s re
1. will do. Separate PR? (easier review) 2. `(?!...)` is supported in python3's `re`
jonathan commented 4 jaren geleden
Eigenaar
  1. will do. Separate PR? (easier review)

No, let’s do it in this one. And test it :) this will be very cool when it works!

  1. (?!...) is supported in python3’s re

That’s good news. Let’s do that.

> 1. will do. Separate PR? (easier review) No, let's do it in this one. And test it :) this will be very cool when it works! > 2. `(?!...)` is supported in python3's `re` That's good news. Let's do that.
👍 1
kris titel aangepast van Add request protector app with cross-domain cookies filtering naar WIP: (testing after fqdn part) Add request protector app with cross-domain cookies filtering 4 jaren geleden
kris titel aangepast van WIP: (testing after fqdn part) Add request protector app with cross-domain cookies filtering naar Add request protector app with cross-domain cookies filtering 4 jaren geleden
kris titel aangepast van Add request protector app with cross-domain cookies filtering naar WIP: (waiting on fresh Jenkins build) Add request protector app with cross-domain cookies filtering 4 jaren geleden
kris titel aangepast van WIP: (waiting on fresh Jenkins build) Add request protector app with cross-domain cookies filtering naar Add request protector app with cross-domain cookies filtering 4 jaren geleden
kris commented 4 jaren geleden
Poster

Passing Jenkins build: https://jenkins.bubblev.org/job/bubble-dev-kris/260/

Passing Jenkins build: https://jenkins.bubblev.org/job/bubble-dev-kris/260/
jonathan aangevraagde wijzigingen 4 jaren geleden
jonathan heeft een reactie achtergelaten

minor changes requested.

bubble-server/src/main/resources/models/defaults/bubblePlan.json
@@ -38,2 +38,3 @@
{"app": "UserBlocker"},
{"app": "TlsPassthru"}
{"app": "TlsPassthru"},
{"app": "RequestProtector"}
jonathan commented 4 jaren geleden

Let’s add RequestProtector app to all plans.

Let's add `RequestProtector` app to all plans.
bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_api.py
@@ -452,0 +487,4 @@

def _replace_in_headers(headers: nheaders.Headers, modifiers_dict: dict) -> int:
"""
Taken from original mitmproxy's Header class implementation with sligh change to allow replacement with empty string
jonathan commented 4 jaren geleden

r/sligh/slight/

`r/sligh/slight/`
kris commented 4 jaren geleden

Actully, I’ll remove this second part completely as I did a larger changes here recently

Actully, I'll remove this second part completely as I did a larger changes here recently
jonathan verwees naar dit probleem vanuit commit 4 jaren geleden'
Add request protector app with cross-domain cookies filtering (#58) Add RequestProtector app to cheapest plan Update comment with typo Merge branch 'master' into kris/request_protector_app Merge branch 'master' into kris/request_protector_app Merge branch 'kris/request_protector_app' of git.bubblev.org:bubblev/bubble into kris/request_protector_app Extract method for updating requests host and port Fix header replacement Replace all cross-domain cookies with empty Add fqdn variable support in header replacements Merge branch 'master' into kris/request_protector_app Merge branch 'master' into kris/request_protector_app Merge branch 'master' into kris/request_protector_app Merge branch 'master' into kris/request_protector_app Add add header replacement button label Try to add initial header replacement for cross-domain cookies Merge branch 'master' into kris/request_protector_app Merge branch 'master' into kris/request_protector_app use special header replacement to skip emptied headers Set RequestProtector replacement optional again Fix replacement reference in RequestProtector app Update flex domains with empty set if needed Add back request heades modifiers as prime app Extract and refactor _primeApp method Merge branch 'master' into kris/request_protector_app # Conflicts - WIP: # bubble-server/src/main/java/bubble/service/stream/StandardAppPrimerService.java Use HeaderReplacement's id field in JSONs Make RequestProtector's replacement field required Add new app to some plans Set new app to have `app` presentation Add RuleDriver and AppMatcher for the new app Add request protector app Remove not used filter Merge branch 'master' into kris/request_protector_app Add full support for response header modification Merge branch 'master' into kris/request_protector_app # Conflicts: # utils/cobbzilla-utils Add RequestProtector app Co-authored-by: jonathan <jonathan@noreply.git.bubblev.org> Co-authored-by: Kristijan Mitrovic <kmitrovic@itekako.com> Reviewed-on: https://git.bubblev.org/bubblev/bubble/pulls/58
jonathan heeft deze pull request gesloten 4 jaren geleden
jonathan heeft 4 jaren geleden de branch kris/request_protector_app verwijderd.

Reviewers

jonathan aangevraagde wijzigingen 4 jaren geleden
The pull request has been merged as 237e90d126.
Log in om deel te nemen aan deze discussie.
Reviewers
Beoordeling aanvragen
Geen beoordelaars
 jonathan
Labels
Labels toepassen
Verwijder labels
Geen items
Geen label
Mijlpaal
Stel mijlpaal in
Verwijder mijlpaal
Geen items
Geen mijlpaal
Toegewezen aan
Gebruikers toewijzen
Verwijder toegewezen aan
Niet toegewezen
 jonathan
2 deelnemers
Notificaties
Vervaldatum

Geen vervaldatum ingesteld.

Afhankelijkheden

Deze pull-aanvraag heeft momenteel geen afhankelijkheden.

Schrijf Voorbeeld
Laden…
Annuleren
Opslaan
Er is nog geen inhoud.
Verwijder branch 'kris/request_protector_app'

Het verwijderen van een branch is permanent. Het KAN NIET ongedaan gemaakt worden. Wil je toch doorgaan?

Nee
Ja