From 4ed0db86f27688b7447c4f29e809b7fe9df279f7 Mon Sep 17 00:00:00 2001 From: Pranjal Jumde Date: Mon, 3 Feb 2020 13:45:02 -0800 Subject: [PATCH] Fix 8034: Add Crowd Deny requests to audit whitelist --- lib/whitelistedUrlPatterns.js | 4 ++-- lib/whitelistedUrlPrefixes.js | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/whitelistedUrlPatterns.js b/lib/whitelistedUrlPatterns.js index b3e445511521..5a3cef2eb872 100644 --- a/lib/whitelistedUrlPatterns.js +++ b/lib/whitelistedUrlPatterns.js @@ -1,7 +1,7 @@ // Before adding to this list, get approval from the security team module.exports = [ - 'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com - 'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/chrome_component/.+', // allowed because it 307's to crlsets.brave.com + 'http://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com + 'https://[A-Za-z0-9-\.]+\.gvt1\.com/edgedl/release2/.+', // allowed because it 307's to redirector.brave.com 'http://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com 'https://www.google.com/dl/release2/chrome_component/.+crl-set.+', // allowed because it 307's to crlsets.brave.com 'http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxd', // allowed because it 307's to crlsets.brave.com, diff --git a/lib/whitelistedUrlPrefixes.js b/lib/whitelistedUrlPrefixes.js index e664cef9d59b..764884eada93 100644 --- a/lib/whitelistedUrlPrefixes.js +++ b/lib/whitelistedUrlPrefixes.js @@ -4,8 +4,8 @@ module.exports = [ 'https://update.googleapis.com/service/update2', // allowed because it 307's to go-updater.brave.com. should never actually connect to googleapis.com. 'https://safebrowsing.googleapis.com/v4/threatListUpdates', // allowed because it 307's to safebrowsing.brave.com 'https://clients2.googleusercontent.com/crx/blobs/', - 'http://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com - 'https://dl.google.com/release2/chrome_component/', // allowed because it 307's to crlset1.brave.com + 'http://dl.google.com/', // allowed because it 307's to redirector.brave.com + 'https://dl.google.com/', // allowed because it 307's to redirector.brave.com 'https://no-thanks.invalid/', // fake gaia URL 'https://go-updater.brave.com/', 'https://safebrowsing.brave.com/', @@ -30,4 +30,5 @@ module.exports = [ 'https://dns.google/dns-query', // needed for DoH on Mac build machines 'https://chrome.cloudflare-dns.com/dns-query', // needed for DoH on Mac build machines 'https://tor.bravesoftware.com/', // for fetching tor client updater component + 'https://redirector.brave.com/', ]