From d84479c4cdb5bfd13ba4f9b61796253c300a1237 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Thu, 25 Aug 2016 20:32:55 +0000 Subject: [PATCH] Add urls from various adware to the CSP false positive list URLs are based on spam that comes into the Wikimedia log files, based on testing on elwiki. Change-Id: Iee86633abaae86c55764365042681bda1f2304be --- includes/DefaultSettings.php | 22 ++++++++++++++++++++++ includes/api/ApiCSPReport.php | 11 +++++++++++ 2 files changed, 33 insertions(+) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index f1afc4cb7a..b7fbbb775a 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -8381,6 +8381,28 @@ $wgEventRelayerConfig = [ */ $wgPingback = false; +/** + * List of urls which appear often to be triggering CSP reports + * but do not appear to be caused by actual content, but by client + * software inserting scripts (i.e. Ad-Ware). + * List based on results from Wikimedia logs. + * + * @since 1.28 + */ +$wgCSPFalsePositiveUrls = [ + 'https://3hub.co' => true, + 'https://morepro.info' => true, + 'https://p.ato.mx' => true, + 'https://s.ato.mx' => true, + 'https://adserver.adtech.de' => true, + 'https://ums.adtechus.com' => true, + 'https://cas.criteo.com' => true, + 'https://cat.nl.eu.criteo.com' => true, + 'https://atpixel.alephd.com' => true, + 'https://rtb.metrigo.com' => true, + 'https://d5p.de17a.com' => true, +]; + /** * For really cool vim folding this needs to be at the end: * vim: foldmarker=@{,@} foldmethod=marker diff --git a/includes/api/ApiCSPReport.php b/includes/api/ApiCSPReport.php index 5271996080..407ae71fbb 100644 --- a/includes/api/ApiCSPReport.php +++ b/includes/api/ApiCSPReport.php @@ -87,6 +87,7 @@ class ApiCSPReport extends ApiBase { $reportOnly = $this->getParameter( 'reportonly' ); $userAgent = $this->getRequest()->getHeader( 'user-agent' ); $source = $this->getParameter( 'source' ); + $falsePositives = $this->getConfig()->get( 'CSPFalsePositiveUrls' ); $flags = []; if ( $source !== 'internal' ) { @@ -95,6 +96,16 @@ class ApiCSPReport extends ApiBase { if ( $reportOnly ) { $flags[] = 'report-only'; } + + if ( + ( isset( $report['blocked-uri'] ) && + isset( $falsePositives[$report['blocked-uri']] ) ) + || ( isset( $report['source-file'] ) && + isset( $falsePositives[$report['source-file']] ) ) + ) { + // Report caused by Ad-Ware + $flags[] = 'false-positive'; + } return $flags; } -- 2.20.1