Add analysis update december (Chrome, Firefox, Brave)

Author: hp23 Server

_hp/hp/tools/analysis/analysis_december_2024.ipynb

@@ -25089,36 +25089,45 @@
   {
    "cell_type": "markdown",
    "id": "b2bbd3e0-73bf-4fa5-969a-73efbeb213df",
-   "metadata": {
-    "jp-MarkdownHeadingCollapsed": true
-   },
+   "metadata": {},
    "source": [
     "### Safari (MacOS 14.3.1) vs Safari (MacOS 15.2)\n",
-    "- ??"
+    "- Lot's of differences, mostly to do with HTTP(S)?\n",
+    "- Inital glance: HSTS maybe bug (regression) with casing of header; in general: network library has changed (\\x00, \\r, \\n, space, : etc in headers now leads to error when it did not before and the other way round!)\n",
+    "- Start:\n",
+    "- End:\n",
+    "- Time taken:\n",
+    "- TODO: analyze them and test them!"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 155,
+   "execution_count": 211,
    "id": "fd153860-4158-41a6-9719-ffc94afa8ad5",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "text/plain": [
        "test_id\n",
-       "upgradeHSTS               1119\n",
-       "fetch                      208\n",
-       "framing                    126\n",
-       "perfAPI                     82\n",
-       "subresourceloadingCOEP      71\n",
-       "imgloading                  67\n",
-       "subresourceloadingCORP      51\n",
-       "fullscreen                  45\n",
-       "script                      42\n",
-       "referrer                    23\n",
-       "accesswindow                20\n",
-       "sniffing                    16\n",
+       "upgradeHSTS_direct_direct            828\n",
+       "upgradeHSTS_subdomain_subdomain      291\n",
+       "framing_iframe_direct                 84\n",
+       "perfAPI_img_direct                    82\n",
+       "subresourceloadingCOEP_img_direct     71\n",
+       "imgloading_iframe_direct              67\n",
+       "fetch_TEST_custom_method              56\n",
+       "fetch_GET_custom_headers              56\n",
+       "fetch_GET_simple                      55\n",
+       "subresourceloadingCORP_img_direct     51\n",
+       "framing_iframe_nested                 42\n",
+       "script_execution_iframe_direct        42\n",
+       "fetch_GET_credentials                 41\n",
+       "fullscreen_iframe_direct              30\n",
+       "referrer_iframe_iframe                23\n",
+       "accesswindow_direct_direct            20\n",
+       "sniffing_script_direct                16\n",
+       "fullscreen_iframe_child_allow         15\n",
        "Name: count, dtype: int64"
       ]
      },
@@ -25272,25 +25281,25 @@
    ],
    "source": [
     "r = com_browsers(bf, \"safari macOS 15.2 18.2 selenium real\", \"safari macOS 14.3.1 17.3.1 selenium real\")\n",
-    "display(r[\"test_id\"].apply(lambda x: x.split(\"_\")[0]).value_counts())\n",
+    "display(r[\"test_id\"].apply(lambda x: x.split(\"_http\")[0]).value_counts())\n",
     "display(r)"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 171,
+   "execution_count": 213,
    "id": "bdf73f36-3c44-426e-ba41-55c46dee9562",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "application/vnd.jupyter.widget-view+json": {
-       "model_id": "4855d264a9364b91a802cb79fa2cc943",
+       "model_id": "fc1fa81c3dfe4a19b70dc8b74520a588",
        "version_major": 2,
        "version_minor": 0
       },
       "text/plain": [
-       "Tab(children=(Output(), Output(), Output(), Output(), Output(), Output(), Output(), Output(), Output(), Output…"
+       "Tab(children=(Output(), Output(), Output(), Output()), selected_index=0, titles=('Group 0', 'Group 1', 'Group …"
       ]
      },
      "metadata": {},
@@ -25300,8 +25309,9 @@
    "source": [
     "browser_ids = [73, 51]\n",
     "test_name = \"upgradeHSTS_direct\"\n",
-    "test_name = \"fetch_GET\"\n",
-    "show_response_groups(test_name, browser_ids=browser_ids)"
+    "#test_name = \"fetch_GET\"\n",
+    "relation = None\n",
+    "show_response_groups(test_name, browser_ids=browser_ids, relation=relation)"
    ]
   },
   {
@@ -25312,24 +25322,32 @@
    },
    "source": [
     "### Chrome (122) vs Chrome (131)\n",
-    "- ??"
+    "- Start: 14:53\n",
+    "- End: 15:09\n",
+    "- Time Taken: 16m\n",
+    "- UpgradeHSTS: 202+32=234 cases, various fixes (#16 in table), only remaining differences with Firefox (#22, different caching of code 300)\n",
+    "- Framing: 39 cases, fix uppercase scheme (#11 in table)\n",
+    "- Fullscreen: 9 cases, fix uppercase scheme (#11? not in table as only chrome supports PP header)\n",
+    "- Script Execution: 2 cases, fix uppercase scheme (#11)\n",
+    "- Imgloading: 2 cases, fix uppercase scheme (#11)"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 156,
+   "execution_count": 182,
    "id": "c0b70f62-0f9a-4b33-b86a-ea87f575b878",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "text/plain": [
        "test_id\n",
-       "upgradeHSTS    234\n",
-       "framing         39\n",
-       "fullscreen       9\n",
-       "imgloading       2\n",
-       "script           2\n",
+       "upgradeHSTS_direct_direct          202\n",
+       "framing_iframe_direct               39\n",
+       "upgradeHSTS_subdomain_subdomain     32\n",
+       "fullscreen_iframe_child_allow        9\n",
+       "script_execution_iframe_direct       2\n",
+       "imgloading_iframe_direct             2\n",
        "Name: count, dtype: int64"
       ]
      },
@@ -25483,7 +25501,7 @@
    ],
    "source": [
     "r = com_browsers(bf, \"chrome Ubuntu 22.04 122 selenium headless-new\", \"chrome Ubuntu 22.04 131 selenium headless-new\")\n",
-    "display(r[\"test_id\"].apply(lambda x: x.split(\"_\")[0]).value_counts())\n",
+    "display(r[\"test_id\"].apply(lambda x: x.split(\"_http\")[0]).value_counts())\n",
     "display(r)"
    ]
   },
@@ -25495,25 +25513,30 @@
    },
    "source": [
     "### Brave (v1.62.156 (Chromium 121)) vs Brave (v1.73.101 (Chromium 131))\n",
-    "- ??"
+    "- Start: 15:10\n",
+    "- End: 15:30\n",
+    "- Time: 20m\n",
+    "- Identical to Chrome (234+9+8+2; #16 HSTS fixes and #11 CSP uppercase scheme fix)\n",
+    "- Additionally: referrer, 8 cases, 7 cases stricter HTTPS upgrades (window.open URLs automatically get upgraded) (related to #9), 1 case could be noise or only works the first time"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 170,
+   "execution_count": 187,
    "id": "9e95dc30-e35f-40d3-867b-8ca3d78ca6da",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "text/plain": [
        "test_id\n",
-       "upgradeHSTS    234\n",
-       "framing         39\n",
-       "fullscreen       9\n",
-       "referrer         8\n",
-       "imgloading       2\n",
-       "script           2\n",
+       "upgradeHSTS_direct_direct          202\n",
+       "framing_iframe_direct               39\n",
+       "upgradeHSTS_subdomain_subdomain     32\n",
+       "fullscreen_iframe_child_allow        9\n",
+       "referrer_iframe_window.open          8\n",
+       "imgloading_iframe_direct             2\n",
+       "script_execution_iframe_direct       2\n",
        "Name: count, dtype: int64"
       ]
      },
@@ -25667,7 +25690,7 @@
    ],
    "source": [
     "r = com_browsers(bf, \"brave Ubuntu 22.04 v1.62.156 (121.0.6167.139) selenium headless-new\", \"brave Ubuntu 22.04 v1.73.101 (Chromium 131.0.6778.139) selenium headless-new\")\n",
-    "display(r[\"test_id\"].apply(lambda x: x.split(\"_\")[0]).value_counts())\n",
+    "display(r[\"test_id\"].apply(lambda x: x.split(\"_http\")[0]).value_counts())\n",
     "display(r)"
    ]
   },
@@ -25679,30 +25702,44 @@
    },
    "source": [
     "### Firefox (123) vs Firefox (133)\n",
-    "- ??"
+    "- Start: 15:35\n",
+    "- End: 16:15\n",
+    "- Time: 40m\n",
+    "- Framing: 38 + 19, code 300 (#7, fixed), XFO whitspace (#15, fixed)\n",
+    "- SubresourceloadingCOPE: 6 (code 300, #7 fixed),  32 continuing random CORP caching (#35)\n",
+    "- perfAPI/TAO: 2 (code 300, #7 fixed), 16 related to #29 (not fixed but changed, TODO update bug report?, entry is still with the old URL but requestStart is 0 even though it should not be 0)\n",
+    "- fetch: 18 (code 300, #7 fixed)\n",
+    "- access_window: 8x changed handling of extra \\n in headers, before such responses were downloaded (null) now they are rendered as plaintext (related to #3 and #37), probably known?\n",
+    "- imgloading: 6 (code 300, #7 fixed), fullscreen_iframe: 6+3 (code 300, #7 fixed), referrer_iframe: 3 (code 300, #7 fixed), script_execution 2 (#7), \n",
+    "- subresourceloadingCORP_img: 4 (code 300, #7 fixed), 1 better mixed content upgrades (related to #8, fixed?)\n",
+    "- upgradeHSTS: 2 (#16, fixed), 1 (code 3007 #7 fixed)"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 159,
+   "execution_count": 192,
    "id": "6bcde80d-12b4-4b36-ab1f-ffe78e455f29",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "text/plain": [
        "test_id\n",
-       "framing                   57\n",
-       "subresourceloadingCOEP    38\n",
-       "fetch                     18\n",
-       "perfAPI                   18\n",
-       "fullscreen                 9\n",
-       "accesswindow               8\n",
-       "imgloading                 6\n",
-       "subresourceloadingCORP     5\n",
-       "referrer                   3\n",
-       "upgradeHSTS                3\n",
-       "script                     2\n",
+       "framing_iframe_direct                38\n",
+       "subresourceloadingCOEP_img_direct    38\n",
+       "framing_iframe_nested                19\n",
+       "perfAPI_img_direct                   18\n",
+       "fetch_GET_simple                     10\n",
+       "fetch_GET_credentials                 8\n",
+       "accesswindow_direct_direct            8\n",
+       "imgloading_iframe_direct              6\n",
+       "fullscreen_iframe_direct              6\n",
+       "subresourceloadingCORP_img_direct     5\n",
+       "fullscreen_iframe_child_allow         3\n",
+       "referrer_iframe_iframe                3\n",
+       "script_execution_iframe_direct        2\n",
+       "upgradeHSTS_subdomain_subdomain       2\n",
+       "upgradeHSTS_direct_direct             1\n",
        "Name: count, dtype: int64"
       ]
      },
@@ -25856,10 +25893,40 @@
    ],
    "source": [
     "r = com_browsers(bf, \"firefox Ubuntu 22.04 123 selenium headless\", \"firefox Ubuntu 22.04 133 selenium headless\")\n",
-    "display(r[\"test_id\"].apply(lambda x: x.split(\"_\")[0]).value_counts())\n",
+    "display(r[\"test_id\"].apply(lambda x: x.split(\"_http\")[0]).value_counts())\n",
     "display(r)"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": 210,
+   "id": "357813dd-3fc0-426f-bbc5-b8bc3814bf4e",
+   "metadata": {},
+   "outputs": [
+    {
+     "data": {
+      "application/vnd.jupyter.widget-view+json": {
+       "model_id": "b593da598c1743ea90a87c27268ca1b8",
+       "version_major": 2,
+       "version_minor": 0
+      },
+      "text/plain": [
+       "Tab(children=(Output(), Output(), Output(), Output(), Output(), Output()), selected_index=0, titles=('Group 0'…"
+      ]
+     },
+     "metadata": {},
+     "output_type": "display_data"
+    }
+   ],
+   "source": [
+    "browser_ids = [61, 75]\n",
+    "#browser_ids = [74, 75]\n",
+    "#browser_ids = [74, 76]\n",
+    "test_name = \"upgradeHSTS_subdomain\"\n",
+    "relation = None\n",
+    "show_response_groups(test_name, browser_ids=browser_ids, relation=relation)"
+   ]
+  },
   {
    "cell_type": "markdown",
    "id": "1c8d5dd9-0e56-445f-8907-90b51a63ff88",