bromite/build/patches/Block-all-connection-requests-with-qjz9zk-in-the-domain-name-or-with-a-trk-scheme.patch

From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Wed, 30 Oct 2019 11:50:13 +0100
Subject: Block all connection requests with 'qjz9zk' in the domain name or
 with a 'trk:' scheme.

An info bar is displayed unless the --disable-trkbar command-line flag or the chrome://flag option is used.
This patch is based on Iridium's 'net: add "trk:" scheme and help identify URLs being retrieved'
---
 .../chrome_autocomplete_scheme_classifier.cc  |  1 +
 chrome/browser/history/history_utils.cc       |  1 +
 chrome/browser/ui/singleton_tabs.cc           |  3 +-
 .../browser/url_request_context_factory.cc    |  7 +++-
 .../omnibox/browser/autocomplete_input.cc     |  7 ++--
 components/url_formatter/url_fixer.cc         |  4 +++
 .../child_process_security_policy_impl.cc     |  1 +
 net/BUILD.gn                                  |  2 ++
 net/url_request/trk_protocol_handler.cc       | 26 +++++++++++++++
 net/url_request/trk_protocol_handler.h        | 33 +++++++++++++++++++
 net/url_request/url_request.cc                |  8 +++++
 .../url_request_context_builder.cc            |  4 +++
 url/url_constants.cc                          |  1 +
 url/url_constants.h                           |  1 +
 url/url_util.cc                               |  2 ++
 15 files changed, 97 insertions(+), 4 deletions(-)
 create mode 100644 net/url_request/trk_protocol_handler.cc
 create mode 100644 net/url_request/trk_protocol_handler.h

diff --git a/chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.cc b/chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.cc
--- a/chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.cc
+++ b/chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.cc
@@ -28,6 +28,7 @@ ChromeAutocompleteSchemeClassifier::GetInputTypeForScheme(
   if (base::IsStringASCII(scheme) &&
       (ProfileIOData::IsHandledProtocol(scheme) ||
        base::LowerCaseEqualsASCII(scheme, content::kViewSourceScheme) ||
+       base::LowerCaseEqualsASCII(scheme, url::kTraceScheme) ||
        base::LowerCaseEqualsASCII(scheme, url::kJavaScriptScheme) ||
        base::LowerCaseEqualsASCII(scheme, url::kDataScheme))) {
     return metrics::OmniboxInputType::URL;
diff --git a/chrome/browser/history/history_utils.cc b/chrome/browser/history/history_utils.cc
--- a/chrome/browser/history/history_utils.cc
+++ b/chrome/browser/history/history_utils.cc
@@ -22,6 +22,7 @@ bool CanAddURLToHistory(const GURL& url) {
       url.SchemeIs(content::kChromeDevToolsScheme) ||
       url.SchemeIs(content::kChromeUIScheme) ||
       url.SchemeIs(content::kViewSourceScheme) ||
+      url.SchemeIs(url::kTraceScheme) ||
       url.SchemeIs(chrome::kChromeNativeScheme) ||
       url.SchemeIs(chrome::kChromeSearchScheme) ||
       url.SchemeIs(dom_distiller::kDomDistillerScheme) ||
diff --git a/chrome/browser/ui/singleton_tabs.cc b/chrome/browser/ui/singleton_tabs.cc
--- a/chrome/browser/ui/singleton_tabs.cc
+++ b/chrome/browser/ui/singleton_tabs.cc
@@ -100,7 +100,8 @@ int GetIndexOfExistingTab(Browser* browser, const NavigateParams& params) {
 
     // Skip view-source tabs. This is needed because RewriteURLIfNecessary
     // removes the "view-source:" scheme which leads to incorrect matching.
-    if (tab_url.SchemeIs(content::kViewSourceScheme))
+    if (tab_url.SchemeIs(content::kViewSourceScheme) ||
+        tab_url.SchemeIs(url::kTraceScheme))
       continue;
 
     GURL rewritten_tab_url = tab_url;
diff --git a/chromecast/browser/url_request_context_factory.cc b/chromecast/browser/url_request_context_factory.cc
--- a/chromecast/browser/url_request_context_factory.cc
+++ b/chromecast/browser/url_request_context_factory.cc
@@ -39,6 +39,7 @@
 #include "net/http/http_stream_factory.h"
 #include "net/proxy_resolution/proxy_resolution_service.h"
 #include "net/ssl/ssl_config_service_defaults.h"
+#include "net/url_request/trk_protocol_handler.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_builder.h"
 #include "net/url_request/url_request_context_getter.h"
@@ -245,13 +246,17 @@ void URLRequestContextFactory::InitializeMainContextDependencies(
       new net::URLRequestJobFactoryImpl());
   // Keep ProtocolHandlers added in sync with
   // CastContentBrowserClient::IsHandledURL().
+  bool set_protocol = false;
   for (content::ProtocolHandlerMap::iterator it = protocol_handlers->begin();
        it != protocol_handlers->end();
        ++it) {
-    bool set_protocol =
+    set_protocol =
         job_factory->SetProtocolHandler(it->first, std::move(it->second));
     DCHECK(set_protocol);
   }
+  set_protocol = job_factory->SetProtocolHandler(
+      url::kTraceScheme, base::WrapUnique(new net::TrkProtocolHandler));
+  DCHECK(set_protocol);
 
   // Set up interceptors in the reverse order.
   std::unique_ptr<net::URLRequestJobFactory> top_job_factory =
diff --git a/components/omnibox/browser/autocomplete_input.cc b/components/omnibox/browser/autocomplete_input.cc
--- a/components/omnibox/browser/autocomplete_input.cc
+++ b/components/omnibox/browser/autocomplete_input.cc
@@ -496,7 +496,8 @@ void AutocompleteInput::ParseForEmphasizeComponents(
   // For the view-source and blob schemes, we should emphasize the host of the
   // URL qualified by the view-source or blob prefix.
   if ((base::LowerCaseEqualsASCII(scheme_str, kViewSourceScheme) ||
-       base::LowerCaseEqualsASCII(scheme_str, url::kBlobScheme)) &&
+       base::LowerCaseEqualsASCII(scheme_str, url::kBlobScheme) ||
+       base::LowerCaseEqualsASCII(scheme_str, url::kTraceScheme)) &&
       (static_cast<int>(text.length()) > after_scheme_and_colon)) {
     // Obtain the URL prefixed by view-source or blob and parse it.
     base::string16 real_url(text.substr(after_scheme_and_colon));
@@ -569,7 +570,9 @@ int AutocompleteInput::NumNonHostComponents(const url::Parsed& parts) {
 bool AutocompleteInput::HasHTTPScheme(const base::string16& input) {
   std::string utf8_input(base::UTF16ToUTF8(input));
   url::Component scheme;
-  if (url::FindAndCompareScheme(utf8_input, kViewSourceScheme, &scheme)) {
+  if (url::FindAndCompareScheme(utf8_input, url::kTraceScheme, &scheme)) {
+    return false;
+  } else if (url::FindAndCompareScheme(utf8_input, kViewSourceScheme, &scheme)) {
     utf8_input.erase(0, scheme.end() + 1);
   }
   return url::FindAndCompareScheme(utf8_input, url::kHttpScheme, nullptr);
diff --git a/components/url_formatter/url_fixer.cc b/components/url_formatter/url_fixer.cc
--- a/components/url_formatter/url_fixer.cc
+++ b/components/url_formatter/url_fixer.cc
@@ -552,6 +552,10 @@ GURL FixupURL(const std::string& text, const std::string& desired_tld) {
     }
   }
 
+  if (scheme == url::kTraceScheme) {
+    return GURL();
+  }
+
   // We handle the file scheme separately.
   if (scheme == url::kFileScheme)
     return GURL(parts.scheme.is_valid() ? text : FixupPath(text));
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -513,6 +513,7 @@ ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
   RegisterWebSafeScheme(url::kHttpsScheme);
   RegisterWebSafeScheme(url::kFtpScheme);
   RegisterWebSafeScheme(url::kDataScheme);
+  RegisterWebSafeScheme(url::kTraceScheme);
   RegisterWebSafeScheme("feed");
 
   // TODO(nick): https://crbug.com/651534 blob: and filesystem: schemes embed
diff --git a/net/BUILD.gn b/net/BUILD.gn
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -1801,6 +1801,8 @@ component("net") {
       "url_request/report_sender.h",
       "url_request/static_http_user_agent_settings.cc",
       "url_request/static_http_user_agent_settings.h",
+      "url_request/trk_protocol_handler.cc",
+      "url_request/trk_protocol_handler.h",
       "url_request/url_fetcher.cc",
       "url_request/url_fetcher.h",
       "url_request/url_fetcher_core.cc",
diff --git a/net/url_request/trk_protocol_handler.cc b/net/url_request/trk_protocol_handler.cc
new file mode 100644
--- /dev/null
+++ b/net/url_request/trk_protocol_handler.cc
@@ -0,0 +1,26 @@
+// Copyright (c) 2018 The ungoogled-chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/url_request/trk_protocol_handler.h"
+
+#include "base/logging.h"
+#include "net/base/net_errors.h"
+#include "net/url_request/url_request_error_job.h"
+
+namespace net {
+
+TrkProtocolHandler::TrkProtocolHandler() = default;
+
+URLRequestJob* TrkProtocolHandler::MaybeCreateJob(
+    URLRequest* request, NetworkDelegate* network_delegate) const {
+  LOG(ERROR) << "Blocked URL in TrkProtocolHandler: " << request->original_url();
+  return new URLRequestErrorJob(
+      request, network_delegate, ERR_BLOCKED_BY_CLIENT);
+}
+
+bool TrkProtocolHandler::IsSafeRedirectTarget(const GURL& location) const {
+  return true;
+}
+
+}  // namespace net
diff --git a/net/url_request/trk_protocol_handler.h b/net/url_request/trk_protocol_handler.h
new file mode 100644
--- /dev/null
+++ b/net/url_request/trk_protocol_handler.h
@@ -0,0 +1,33 @@
+// Copyright (c) 2018 The ungoogled-chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_URL_REQUEST_TRK_PROTOCOL_HANDLER_H_
+#define NET_URL_REQUEST_TRK_PROTOCOL_HANDLER_H_
+
+#include "base/compiler_specific.h"
+#include "base/macros.h"
+#include "net/base/net_export.h"
+#include "net/url_request/url_request_job_factory.h"
+
+namespace net {
+
+class URLRequestJob;
+
+// Implements a ProtocolHandler for Trk jobs.
+class NET_EXPORT TrkProtocolHandler
+    : public URLRequestJobFactory::ProtocolHandler {
+ public:
+  TrkProtocolHandler();
+  URLRequestJob* MaybeCreateJob(
+      URLRequest* request,
+      NetworkDelegate* network_delegate) const override;
+  bool IsSafeRedirectTarget(const GURL& location) const override;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(TrkProtocolHandler);
+};
+
+}  // namespace net
+
+#endif  // NET_URL_REQUEST_TRK_PROTOCOL_HANDLER_H_
diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -13,6 +13,7 @@
 #include "base/metrics/histogram_macros.h"
 #include "base/rand_util.h"
 #include "base/stl_util.h"
+#include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "base/threading/thread_task_runner_handle.h"
@@ -40,6 +41,7 @@
 #include "net/url_request/url_request_redirect_job.h"
 #include "url/gurl.h"
 #include "url/origin.h"
+#include "url/url_constants.h"
 
 using base::Time;
 using std::string;
@@ -592,6 +594,12 @@ URLRequest::URLRequest(const GURL& url,
   // Sanity check out environment.
   DCHECK(base::ThreadTaskRunnerHandle::IsSet());
 
+  if (!url.SchemeIs(url::kTraceScheme) &&
+      base::EndsWith(url.host(), "qjz9zk", base::CompareCase::INSENSITIVE_ASCII)) {
+    LOG(ERROR) << "Block URL in URLRequest: " << url;
+    url_chain_[0] = GURL(url::kTraceScheme + (":" + url.possibly_invalid_spec()));
+  }
+
   context->url_requests()->insert(this);
   net_log_.BeginEvent(NetLogEventType::REQUEST_ALIVE, [&] {
     return NetLogURLRequestConstructorParams(url, priority_,
diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc
--- a/net/url_request/url_request_context_builder.cc
+++ b/net/url_request/url_request_context_builder.cc
@@ -40,6 +40,7 @@
 #include "net/ssl/ssl_config_service_defaults.h"
 #include "net/url_request/data_protocol_handler.h"
 #include "net/url_request/static_http_user_agent_settings.h"
+#include "net/url_request/trk_protocol_handler.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_storage.h"
 #include "net/url_request/url_request_intercepting_job_factory.h"
@@ -641,6 +642,9 @@ std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
     }
     url_request_interceptors_.clear();
   }
+  job_factory->SetProtocolHandler(url::kTraceScheme,
+                                  std::make_unique<TrkProtocolHandler>());
+
   if (create_intercepting_job_factory_) {
     top_job_factory = std::move(create_intercepting_job_factory_)
                           .Run(std::move(top_job_factory));
diff --git a/url/url_constants.cc b/url/url_constants.cc
--- a/url/url_constants.cc
+++ b/url/url_constants.cc
@@ -26,6 +26,7 @@ const char kHttpsScheme[] = "https";
 const char kJavaScriptScheme[] = "javascript";
 const char kMailToScheme[] = "mailto";
 const char kTelScheme[] = "tel";
+const char kTraceScheme[] = "trk";
 const char kWsScheme[] = "ws";
 const char kWssScheme[] = "wss";
 
diff --git a/url/url_constants.h b/url/url_constants.h
--- a/url/url_constants.h
+++ b/url/url_constants.h
@@ -32,6 +32,7 @@ COMPONENT_EXPORT(URL) extern const char kHttpsScheme[];
 COMPONENT_EXPORT(URL) extern const char kJavaScriptScheme[];
 COMPONENT_EXPORT(URL) extern const char kMailToScheme[];
 COMPONENT_EXPORT(URL) extern const char kTelScheme[];
+COMPONENT_EXPORT(URL) extern const char kTraceScheme[];
 COMPONENT_EXPORT(URL) extern const char kWsScheme[];
 COMPONENT_EXPORT(URL) extern const char kWssScheme[];
 
diff --git a/url/url_util.cc b/url/url_util.cc
--- a/url/url_util.cc
+++ b/url/url_util.cc
@@ -52,6 +52,7 @@ struct SchemeRegistry {
       kHttpsScheme,
       kAboutScheme,
       kDataScheme,
+      kTraceScheme,
       kWssScheme,
   };
 
@@ -67,6 +68,7 @@ struct SchemeRegistry {
       kAboutScheme,
       kJavaScriptScheme,
       kDataScheme,
+      kTraceScheme,
   };
 
   // Schemes that can be sent CORS requests.
-- 
2.17.1