226184 – www/chromium: increase requests quota for Google API Key

Bug 226184 - www/chromium: increase requests quota for Google API Key

Summary: www/chromium: increase requests quota for Google API Key

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-chromium (Nobody)

URL:
Keywords:	needs-qa, security

Depends on:
Blocks:

Reported:	2018-02-24 19:39 UTC by Jan Beich
Modified:	2018-11-10 00:23 UTC (History)
CC List:	2 users (show)

See Also:	233095

Flags:	bugzilla: maintainer-feedback? (chromium)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Beich freebsd_committer

2018-02-24 19:39:32 UTC

www/chromium and www/firefox share Google API Key. Both browsers switched to Safe Browsing V4 which has restrictions on usage. In order for FreeBSD users to be warned about phishing sites someone has to contact Google in order to increase quota. Mozilla reached out to us sometime ago but it turned out rene@ doesn't control the key.

https://www.google.com/chrome/browser/privacy/whitepaper.html#malware
https://developers.google.com/safe-browsing/v4/usage-limits

Demos:
http://testsafebrowsing.appspot.com/
http://phishing.safebrowsingtest.com/
http://malware.testing.google.test/testing/malware/

Comment 1 Jan Beich freebsd_committer

2018-02-24 19:40:00 UTC

Carlos, do you know how to debug Safe Browsing in Chromium? Here's an example from Firefox:
http://docs.freebsd.org/cgi/mid.cgi?4lps-lr7b-wny

Comment 2 Jan Beich freebsd_committer

2018-02-24 19:48:38 UTC

For testing keys from different projects maybe useful e.g.,
https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/apikeys
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/chromium
https://src.fedoraproject.org/cgit/rpms/chromium.git/tree/chromium.spec
https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/chromium-65.0.3325.73.ebuild

Comment 3 Jan Beich freebsd_committer

2018-02-24 20:29:28 UTC

Nowadays, phishing sites are more popular than malware sites.
https://transparencyreport.google.com/safe-browsing/overview

Comment 4 Jan Beich freebsd_committer

2018-02-24 21:55:43 UTC

To be specific, Safe Browsing V4 was enabled in Chromium 62 and Firefox 57 (56 was staged rollout).

https://chromium.googlesource.com/chromium/src/+/550e314e8fc7%5E%21/
https://hg.mozilla.org/mozilla-central/rev/b7f1511115e9

Comment 5 Jan Beich freebsd_committer

2018-02-24 22:29:38 UTC

Mozilla has more useful links: https://wiki.mozilla.org/Security/Safe_Browsing#QA
I've tried a few URLs from Phishtank and Firefox 58 with Arch Linux key and Firefox 52.6 with FreeBSD key (unused) correctly report those as deceptive.

Comment 6 Carlos J. Puga Medina freebsd_committer

2018-02-25 21:44:55 UTC

(In reply to Jan Beich from comment #1)

René can shed some light here :-)

https://lists.freebsd.org/pipermail/freebsd-gecko/2017-September/007589.html

Here are some useful links:

https://developers.google.com/safe-browsing/v4/get-started
https://github.com/google/safebrowsing

Comment 7 Carlos J. Puga Medina freebsd_committer

2018-02-25 21:55:14 UTC

(In reply to Carlos J. Puga Medina from comment #6)

According to the chromium's commits history, George Liaskos submitted the FreeBSD API key.

https://www.freshports.org/commit.php?category=www&port=chromium&files=yes&message_id=201306031755.r53HtCbv000642@svn.freebsd.org

Comment 8 Rene Ladan freebsd_committer

2018-02-25 22:03:07 UTC

The API key is the one listed in the www/chromium Makefile: api-project-996322985003

Comment 9 Jan Beich freebsd_committer

2018-02-27 21:45:33 UTC

Works fine now. Reopen if it doesn't.