Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove unrecognized manifest key #9301 #9302

Merged
merged 1 commit into from
Aug 29, 2024
Merged

fix: remove unrecognized manifest key #9301 #9302

merged 1 commit into from
Aug 29, 2024

Conversation

duttarnab
Copy link
Contributor

closes #9301

@duttarnab
fix: remove unrecognized manifest key #9301
736726b 
Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 29, 2024
edited
Loading

DryRun Security Summary

The pull request contains a minor update to the manifest.json file for the "jans-tarp" Chrome extension, including the removal of the _comment field and an update to the description field, with a review of the security-related considerations such as the use of Manifest Version 3, the requested permissions, the host permissions, and the extension's behavior in incognito mode.

Expand for full summary

Summary:

The code changes in this pull request appear to be a minor update to the manifest.json file for the "jans-tarp" Chrome extension. The key changes include the removal of the _comment field and an update to the description field to provide more information about the manifest_version field.

From an application security perspective, there are a few important considerations:

  1. Manifest Version 3: The extension is using Manifest Version 3, which includes several security-related changes. It's important to ensure that the extension is properly configured and using the new features and APIs correctly to maintain a high level of security.

  2. Permissions: The extension requests several permissions, including storage, identity, and tabs. These permissions should be carefully reviewed to ensure that they are necessary for the extension's functionality and that they are not being misused or abused.

  3. Host Permissions: The extension also requests host_permissions for *://*/*, which allows the extension to access any website. This is a broad permission that should be reviewed to ensure that it is necessary and that the extension is not accessing or modifying sensitive data on websites it should not have access to.

  4. Incognito Mode: The extension is configured to work in "split" incognito mode, which means that it can access and modify data in both normal and incognito browser sessions. This should be reviewed to ensure that the extension is not accessing or modifying sensitive data in incognito mode.

Files Changed:

  • demos/jans-tarp/src/static/chrome/manifest.json: This file contains the manifest for the "jans-tarp" Chrome extension. The changes include the removal of the _comment field and an update to the description field to provide more information about the manifest_version field.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added the kind-bug Issue or PR is a bug in existing functionality label Aug 29, 2024
@moabu moabu merged commit 56116fc into main Aug 29, 2024
11 checks passed
@moabu moabu deleted the jans-tarp-issue-9301 branch August 29, 2024 11:43
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@duttarnab
fix: remove unrecognized manifest key #9301 (#9302)
2a7c3ab 
Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
Former-commit-id: 56116fc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

Assignees
No one assigned
Labels
kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix (jans-tarp): remove unrecognized manifest key
3 participants
@duttarnab @moabu @mo-auto