Skip to content

Commit 518b1f0

Browse files
injustivysrono
injust
authored and
ivysrono
committed
Edit rulesets for alibaba.com and aliexpress.com (EFForg#14905)
* Removed alibaba.com targets - Removed gw.api.alibaba.com - Removed gw.api.aliexpress.com * Added target: gw.api.alibaba.com * Comment out www.aliexpress.com: Mixed CSS and JS * Add www.aliexpress.com to mixed content ruleset * Add target: s.click.aliexpress.com * Add to list of problematic hosts - aliexpress.com - www.aliexpress.com * Add targets that are no longer mismatched - brands - collections - es - he - ja - m - pt - ru * Re-add previously-mixedcontent hosts * Move now-functional hosts to non-mixedcontent ruleset * Add target: marketplace.seller.aliexpress.com * Add m.*.aliexpress.com targets * Remove comments for working hosts * Comment out portal.manjushri.alibaba.com: Expired certificate * Remove invalid host - ecredit.alibaba.com: NXDOMAIN * Add whitelist entry for fetch tests * Revert "Add whitelist entry for fetch tests" This reverts commit d42c512. * Add whitelist entry for fetch tests * Remove NXDOMAIN target * Update ruleset-whitelist.csv
1 parent 904c156 commit 518b1f0

4 files changed

Lines changed: 86 additions & 53 deletions

File tree

src/chrome/content/rules/AliExpress.com.xml

Lines changed: 66 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -8,52 +8,36 @@
88
99
- bbs.seller ¹
1010
- escrow
11+
- m.fulfillment ²
1112
1213
¹ Dropped
14+
² Invalid certificate
1315
1416
1517
Problematic hosts in *aliexpress.com:
1618
19+
- $self ˣ
20+
- www ˣ
1721
- activities ˣ
18-
- gw.api ˣ
19-
- brands ᵐ
20-
- s.click ᵐ
21-
- collections ˣ
2222
- daxue ˣ
23-
- es ᵐ ˣ
2423
- fulfillment ˣ
25-
- fuwu ˣ
26-
- gaga ˣ
27-
- group ˣ
28-
- he ᵐ
29-
- hz ˣ
30-
- id ˣ
31-
- ja ᵐ
32-
- m ᵐ
33-
- mai ˣ
3424
- open ˣ
35-
- page ˣ
36-
- pt ᵐ
37-
- ru ᵐ ˣ
38-
- sale ᵐ ˣ
3925
- seller ˣ
40-
- superdeals ˣ
4126
42-
ᵐ Mismatched
43-
ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
27+
ˣ Active mixed content, see https://www.paulirish.com/2010/the-protocol-relative-url/
4428
4529
4630
Insecure cookies are set for these domains and hosts: ᶜ
4731
4832
- .aliexpress.com
33+
- www.aliexpress.com
4934
- best.aliexpress.com
5035
- coupon.aliexpress.com
5136
- group.aliexpress.com
5237
- my.aliexpress.com
5338
- promotion.aliexpress.com
5439
- shoppingcart.aliexpress.com
5540
- university.aliexpress.com
56-
- www.aliexpress.com
5741
- (locale_vhost).aliexpress.com
5842
5943
ᶜ See https://owasp.org/index.php/SecureFlag
@@ -65,77 +49,118 @@
6549
6650
- css, on:
6751
68-
- activities, collections, daxue, es, fuwu, gaga, group, hz, id, it, mai, open, page, pl, superdeals, th from style.aliunicorn.com ˢ
52+
- www from style.aliunicorn.com
53+
- activities, daxue, open, th from style.aliunicorn.com ˢ
6954
- fulfillment from style.alibaba.com ˢ
70-
- gw.api from style.c.aliimg.com ˢ
71-
- mai img.alibaba.com ˢ
55+
- seller from style.alibaba.com
7256
- sale from i0\d.i.aliimg.com ˢ
7357
58+
- js, on:
59+
60+
- seller from style.alibaba.com
61+
- www, seller from style.aliexpress.com
62+
- www, open from style.aliunicorn.com
63+
7464
- Images, on:
7565
76-
- activities, gw.api, ar, de, es, group, he, id, ja, ko, mai, nl, pl, pt, ru, tr, vi from img.alibaba.com ˢ
77-
- activities, fulfillment, gaga, seller from i0\d.i.aliimg.com ˢ
66+
- activities, open from img.alibaba.com ˢ
67+
- activities, fulfillment, seller from i0\d.i.aliimg.com ˢ
7868
- activities from style.aliunicorn.com ˢ
79-
- ar, best, brands, de, coupon, group, hz, it, ja, ko, nl, page, pl, ru, sale, th, tr, vi from g0\d.a.alicdn.com ˢ
8069
- fulfillment, hz from img.alibaba.com ˢ
70+
- open from gtms01.alicdn.com
8171
- university from gtms04.alicdn.com ˢ
8272
83-
- Bug on activities, collections, coupon, daxue, de, es, fr, fulfillment, fuwu, gaga, group, he, id, it, ja, ko, mai, nl, open, page, pl, pt, ru, seller, superdeals, th, tr, trade, university, vi from dmtracking2.alibaba.com ˢ
73+
- Bug on activities, daxue, fulfillment, open, seller from dmtracking2.alibaba.com ˢ
8474
8575
ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
8676
8777
-->
8878
<ruleset name="AliExpress.com (partial)">
8979

90-
<target host="aliexpress.com" />
91-
<target host="www.aliexpress.com" />
80+
<!--target host="aliexpress.com" /-->
81+
<!--target host="www.aliexpress.com" /-->
9282
<!--target host="activities.aliexpress.com" /-->
9383
<target host="us.ae.aliexpress.com" />
94-
<!--target host="gw.api.aliexpress.com" /-->
9584
<target host="ar.aliexpress.com" />
85+
<target host="m.ar.aliexpress.com" />
9686
<target host="best.aliexpress.com" />
97-
<!--target host="collections.aliexpress.com" /-->
87+
<target host="brands.aliexpress.com" />
88+
<target host="s.click.aliexpress.com" />
89+
<target host="collections.aliexpress.com" />
9890
<target host="compare.aliexpress.com" />
9991
<target host="coupon.aliexpress.com" />
10092
<!--target host="daxue.aliexpress.com" /-->
10193
<target host="de.aliexpress.com" />
94+
<target host="m.de.aliexpress.com" />
95+
<target host="es.aliexpress.com" />
96+
<target host="m.es.aliexpress.com" />
97+
<target host="flashdeals.aliexpress.com" />
10298
<target host="fr.aliexpress.com" />
99+
<target host="m.fr.aliexpress.com" />
103100
<!--target host="fulfillment.aliexpress.com" /-->
104-
<!--target host="fuwu.aliexpress.com" /-->
105-
<!--target host="group.aliexpress.com" /-->
101+
<target host="fuwu.aliexpress.com" />
102+
<target host="gaga.aliexpress.com" />
103+
<target host="group.aliexpress.com" />
104+
<target host="he.aliexpress.com" />
106105
<target host="help.aliexpress.com" />
107106
<target host="home.aliexpress.com" />
108-
<!--target host="id.aliexpress.com" /-->
107+
<target host="hz.aliexpress.com" />
108+
<target host="id.aliexpress.com" />
109+
<target host="m.id.aliexpress.com" />
109110
<target host="it.aliexpress.com" />
111+
<target host="m.it.aliexpress.com" />
112+
<target host="ja.aliexpress.com" />
113+
<target host="m.ja.aliexpress.com" />
110114
<target host="ko.aliexpress.com" />
115+
<target host="m.ko.aliexpress.com" />
111116
<target host="login.aliexpress.com" />
112-
<!--target host="mai.aliexpress.com" /-->
117+
<target host="m.aliexpress.com" />
118+
<target host="mai.aliexpress.com" />
113119
<target host="my.aliexpress.com" />
114120
<target host="nl.aliexpress.com" />
121+
<target host="m.nl.aliexpress.com" />
115122
<!--target host="open.aliexpress.com" /-->
116-
<!--target host="page.aliexpress.com" /-->
123+
<target host="page.aliexpress.com" />
117124
<target host="pl.aliexpress.com" />
118125
<target host="promotion.aliexpress.com" />
126+
<target host="pt.aliexpress.com" />
127+
<target host="m.pt.aliexpress.com" />
119128
<target host="report.aliexpress.com" />
129+
<target host="sale.aliexpress.com" />
120130
<!--target host="seller.aliexpress.com" /-->
131+
<target host="marketplace.seller.aliexpress.com" />
121132
<target host="shoppingcart.aliexpress.com" />
122-
<!--target host="superdeals.aliexpress.com" /-->
133+
<target host="superdeals.aliexpress.com" />
134+
<target host="ru.aliexpress.com" />
135+
<target host="m.ru.aliexpress.com" />
123136
<target host="th.aliexpress.com" />
137+
<target host="m.th.aliexpress.com" />
124138
<target host="tr.aliexpress.com" />
139+
<target host="m.tr.aliexpress.com" />
125140
<target host="trade.aliexpress.com" />
126141
<target host="u.aliexpress.com" />
127142
<target host="university.aliexpress.com" />
128143
<target host="vi.aliexpress.com" />
144+
<target host="m.vi.aliexpress.com" />
129145
<target host="track.aliexpress.com" />
130146
<target host="lighthouse.aliexpress.com" />
131147
<target host="message.aliexpress.com" />
132148

133149
<!-- Mixed css:
134150
-->
135-
<!--test url="http://gw.api.alibaba.com/dev/doc/intl/sys_description.htm?ns=aliexpress.open" /-->
151+
<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
152+
<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
136153
<!--test url="http://daxue.aliexpress.com/goodseller.php" /-->
154+
<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
137155
<!--test url="http://page.aliexpress.com/tips-for-new-users.htm" /-->
138-
<!--test url="http://www.aliexpress.com/wholesale.html" /-->
156+
<!--test url="http://seller.aliexpress.com/trad.html" /-->
157+
158+
<!-- Mixed js:
159+
-->
160+
<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
161+
<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
162+
<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
163+
<!--test url="http://seller.aliexpress.com/trad.html" /-->
139164

140165

141166
<!-- Not secured by server:

src/chrome/content/rules/Alibaba.xml

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@
3434
- style.alibaba.com
3535
3636
37+
Invalid certificates:
38+
- portal.manjushri.alibaba.com (expired)
39+
40+
3741
Nonfunctional domains:
3842
3943
- (www.)alibaba.co.jp ¹
@@ -70,6 +74,7 @@
7074
7175
Problematic hosts in *alibaba.com:
7276
77+
- gw.api ˣ
7378
- www.bd *
7479
- img.china *
7580
- www.[^.]+.en *
@@ -79,6 +84,7 @@
7984
8085
* Mismatched
8186
² Akamai / mismatched
87+
ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
8288
8389
8490
Insecure cookies are set for these domains and hosts: ᶜ
@@ -93,7 +99,6 @@
9399
- cluster.alibaba.com
94100
- dai.alibaba.com
95101
- data.alibaba.com
96-
- ecredit.alibaba.com
97102
- fuwu.alibaba.com
98103
- globalexpo.alibaba.com
99104
- hzmy.alibaba.com
@@ -127,12 +132,14 @@
127132
128133
Mixed content:
129134
130-
- css on india from style.aliunicorn.com ˢ
135+
- css, on:
136+
- gw.api from style.c.aliimg.com ˢ
137+
- india from style.aliunicorn.com ˢ
131138
132139
- Images, on:
133140
134141
- chnwh.en, resources from g0\d.s.alicdn.com ˢ
135-
- ggs from img.alibaba.com ˢ
142+
- gw.api, ggs from img.alibaba.com ˢ
136143
- potal.manjushri from $self ˢ
137144
- potal.manjushri from crm-kms.alibaba-inc.com
138145
- potal.manjushri, open, resources, security, seller from gtms0\d.alicdn.com ˢ
@@ -158,6 +165,7 @@
158165
<test url="http://activities.alibaba.com/alibaba/wholesale_success.php" />
159166
<target host="ads.alibaba.com" />
160167
<target host="us.ae.alibaba.com" />
168+
<!--target host="gw.api.alibaba.com" /-->
161169
<target host="app.alibaba.com" />
162170
<target host="arabic.alibaba.com" />
163171
<target host="m.arabic.alibaba.com" />
@@ -176,7 +184,6 @@
176184
<target host="data.alibaba.com" />
177185
<target host="dutch.alibaba.com" />
178186
<target host="m.dutch.alibaba.com" />
179-
<target host="ecredit.alibaba.com" />
180187
<target host="error.alibaba.com" />
181188
<target host="escrow.alibaba.com" />
182189
<target host="exporter.alibaba.com" />
@@ -209,7 +216,7 @@
209216
<target host="login.alibaba.com" />
210217
<target host="logistics.alibaba.com" />
211218
<target host="m.alibaba.com" />
212-
<target host="portal.manjushri.alibaba.com" />
219+
<!--target host="portal.manjushri.alibaba.com" /-->
213220
<target host="message.alibaba.com" />
214221
<target host="mlma.alibaba.com" />
215222
<target host="news.alibaba.com" />
@@ -254,6 +261,11 @@
254261
<target host="www.alibaba.com" />
255262
<target host="www2.alibaba.com" />
256263

264+
<!-- Mixed css:
265+
-->
266+
<!--test url="http://gw.api.alibaba.com/dev/doc/intl/sys_description.htm?ns=aliexpress.open" /-->
267+
268+
257269
<!-- Complications:
258270
-->
259271
<target host="www.bd.alibaba.com" />

src/chrome/content/rules/aliexpress.com-mixedcontent.xml

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,13 @@
22
For rules not causing MCB, see AliExpress.com.xml.
33
-->
44
<ruleset name="AliExpress.com (MCB)" platform="mixedcontent">
5+
<target host="aliexpress.com" />
6+
<target host="www.aliexpress.com" />
57
<target host="activities.aliexpress.com" />
6-
<target host="collections.aliexpress.com" />
78
<target host="daxue.aliexpress.com" />
89
<target host="fulfillment.aliexpress.com" />
9-
<target host="fuwu.aliexpress.com" />
10-
<target host="group.aliexpress.com" />
11-
<target host="id.aliexpress.com" />
12-
<target host="mai.aliexpress.com" />
1310
<target host="open.aliexpress.com" />
14-
<target host="page.aliexpress.com" />
1511
<target host="seller.aliexpress.com" />
16-
<target host="superdeals.aliexpress.com" />
1712

1813
<securecookie host=".+" name=".+" />
1914

utils/ruleset-whitelist.csv

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ eb52feaec70c7afe2368ad23be6728e6828280b983a39991d2e31fe51ae6ec17,0,1,Akinator.co
8787
187e9c128e4b4237887a14de2f1efeb6fdf647e2549b0abb4f2fc09112879a59,1,1,Alcatel-Lucent.com.xml
8888
1a75f296456093e211748b9d5dc4f8c2460d36d5ea29f0a72872e00ccaa93a94,1,1,Aleavia.xml
8989
a275d12398d9e55d91c2b48ac3733fcbdb64251ff7098b39fc28c2996de573f4,1,1,Alert_Investor_Relations.xml
90+
691e2338225111a1b09f19c600acdbeb09e900d0ef7595d6a5588fb54c3e37eb,0,1,Alibaba.xml
9091
1e1a3eee124780dc325850e37cbe518f2ddb7fe35d245f00ef4e11a4abdaa67e,1,1,allAfrica.xml
9192
e5c67d653dde583fa8a8f5e0afcdbde59247ccdaac71972115bd27b769e469dd,0,1,Allianz_fur_Cyber-Sicherheit.xml
9293
32f4695b029c352f7dff4eb59d4b5e19a648e8feb3b737878b772bc2a9609176,1,0,AlliedMods.xml

0 commit comments

Comments
 (0)