Security: Remember hosts with ignored cert errors for load status

Without this change, we only set a flag when a certificate error occurred. However, when the same certificate error then happens a second time (e.g. because of a reload or opening the same URL again), we then colored the URL as success_https (i.e. green) again. See #5403 (cherry picked from commit 021ab572a3)
2020-05-02 18:54:05 +02:00 · 2020-05-02 18:54:05 +02:00 · 4020210b19
parent 5aa69027e2
commit 4020210b19
3 changed files with 17 additions and 9 deletions
--- a/qutebrowser/browser/browsertab.py
+++ b/qutebrowser/browser/browsertab.py
@ -737,6 +737,13 @@ class AbstractTab(QWidget):
    renderer_process_terminated = pyqtSignal(TerminationStatus, int)
    predicted_navigation = pyqtSignal(QUrl)

+    # Hosts for which a certificate error happened. Shared between all tabs.
+    #
+    # Note that we remember hosts here, without scheme/port:
+    # QtWebEngine/Chromium also only remembers hostnames, and certificates are
+    # for a given hostname anyways.
+    _insecure_hosts = set()  # type: typing.Set[str]
+
    def __init__(self, *, win_id, mode_manager, private, parent=None):
        self.private = private
        self.win_id = win_id
@ -753,7 +760,6 @@ class AbstractTab(QWidget):
        self._layout = miscwidgets.WrapperLayout(self)
        self._widget = None
        self._progress = 0
-        self._has_ssl_errors = False
        self._mode_manager = mode_manager
        self._load_status = usertypes.LoadStatus.none
        self._mouse_event_filter = mouse.MouseEventFilter(
@ -840,7 +846,6 @@ class AbstractTab(QWidget):
    @pyqtSlot()
    def _on_load_started(self):
        self._progress = 0
-        self._has_ssl_errors = False
        self.data.viewing_source = False
        self._set_load_status(usertypes.LoadStatus.loading)
        self.load_started.emit()
@ -899,9 +904,12 @@ class AbstractTab(QWidget):
        sess_manager = objreg.get('session-manager')
        sess_manager.save_autosave()

-        if ok and not self._has_ssl_errors:
+        if ok:
            if self.url().scheme() == 'https':
-                self._set_load_status(usertypes.LoadStatus.success_https)
+                if self.url().host() in self._insecure_hosts:
+                    self._set_load_status(usertypes.LoadStatus.warn)
+                else:
+                    self._set_load_status(usertypes.LoadStatus.success_https)
            else:
                self._set_load_status(usertypes.LoadStatus.success)
        elif ok:
--- a/qutebrowser/browser/webengine/webenginetab.py
+++ b/qutebrowser/browser/webengine/webenginetab.py
@ -1278,9 +1278,9 @@ class WebEngineTab(browsertab.AbstractTab):

    @pyqtSlot(certificateerror.CertificateErrorWrapper)
    def _on_ssl_errors(self, error):
-        self._has_ssl_errors = True
-
        url = error.url()
+        self._insecure_hosts.add(url.host())
+
        log.webview.debug("Certificate error: {}".format(error))

        if error.is_overridable():
--- a/qutebrowser/browser/webkit/webkittab.py
+++ b/qutebrowser/browser/webkit/webkittab.py
@ -808,9 +808,9 @@ class WebKitTab(browsertab.AbstractTab):
        if navigation.is_main_frame:
            self.settings.update_for_url(navigation.url)

-    @pyqtSlot()
-    def _on_ssl_errors(self):
-        self._has_ssl_errors = True
+    @pyqtSlot('QNetworkReply*')
+    def _on_ssl_errors(self, reply):
+        self._insecure_hosts.add(reply.url().host())

    def _connect_signals(self):
        view = self._widget