Extension crashes after update to 1.0.5

[z3r0privacy]

Hi, since the update to 1.0.5 the extension seems to be crashing on my client.

• Version: 1.0.5
• Native Messaging Host: is not installed
• Configuration:
  {"rules": [{"ruleName": "Audit non-local Downloads", "bannedExtensions": ["*"], "urlScheme": ["file", "http", "https"], "origin": "any", "action": "audit"}, {"ruleName": "Log local HTML Smuggling", "bannedExtensions": ["*"], "urlScheme": ["file"], "origin": "local", "action": "audit"}], "alertConfig": {"url": "https://***", "headers": {}, "method": "POST", "sendAsJson": true, "postData": {"redacted": "redacted"}}}

The problem seems to be here:

DownloadBlocker/extension/src/configuration.js

Line 175 in c57467d

var urlScheme = new URL(downloadItem.referringPage).protocol.slice(0, -1).toLowerCase(); // e.g. file, http, https instead of file:, http:, https:

The .referringPage is undefined, in both cases (regular and data/blob download). This causes the function to crash and the download is not logged/audited. I attached a few screenshots from debugging:

• The error page chrome/edge shows in the extension overview
  

• The line at fault in the debugger window with some context. I see that there is a .referrer property in the downloadItem object, maybe it's only a wrong property-name?
  

[SecurityJosh]

Hi,

Thank you for the detailed report. referringPage is a custom property which I set which config.getMatchedRule expected to exist but hadn't been set yet.

I've submitted V1.0.6 to the Chrome store which will hopefully fix this issue. Once it's been approved / propagated please could you let me know if the issue is resolved?

Thanks,

Josh

[z3r0privacy]

I won't be able to test it over the weekend, but will test on Monday - thanks for the quick response and update!

[SecurityJosh]

No worries, the latest version is now live so hopefully you should see it updated soon if not already.

[z3r0privacy]

Seems to be working again, thanks for the fast update!