Track Deep Linking vs. Credential Sharing in assetlinks.json
#152
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Will merge this next week, since we're mid crawl at the moment. |
https://almanac.httparchive.org/en/2022/Changed custom metrics values: {
"_well-known": {
"/.well-known/assetlinks.json": {
"found": false
},
"/.well-known/apple-app-site-association": {
"found": false
},
"/.well-known/related-website-set.json": {
"found": false
},
"/.well-known/privacy-sandbox-attestations.json": {
"found": false
},
"/.well-known/gpc.json": {
"found": false
},
"/robots.txt": {
"found": true,
"data": {
"matched_disallows": {}
}
},
"/.well-known/security.txt": {
"found": false,
"data": {
"status": 404,
"redirected": true,
"url": "https://almanac.httparchive.org/.well-known/security.txt/",
"content_type": "text/html; charset=utf-8"
}
},
"/.well-known/change-password": {
"found": false,
"data": {
"status": 404,
"redirected": true,
"url": "https://almanac.httparchive.org/.well-known/change-password/"
}
},
"/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
"found": false,
"data": {
"status": 404,
"redirected": false,
"url": "https://almanac.httparchive.org/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
}
}
}
}https://www.on.comChanged custom metrics values: {
"_well-known": {
"/.well-known/assetlinks.json": {
"found": true,
"data": {
"deep_linking": false,
"credential_sharing": false
}
},
"/.well-known/apple-app-site-association": {
"found": true
},
"/.well-known/related-website-set.json": {
"found": false
},
"/.well-known/privacy-sandbox-attestations.json": {
"found": false
},
"/.well-known/gpc.json": {
"found": false
},
"/robots.txt": {
"found": true,
"data": {
"matched_disallows": {
"*": [
"/account",
"/authentication",
"/account-confirmation"
]
}
}
},
"/.well-known/security.txt": {
"found": true,
"data": {
"status": 200,
"redirected": true,
"url": "https://www.on.com/en-us/.well-known/security.txt",
"content_type": "text/html;charset=utf-8",
"signed": false,
"all_required_exist": false,
"only_one_requirement_broken": false,
"valid": false
}
},
"/.well-known/change-password": {
"found": true,
"data": {
"status": 200,
"redirected": true,
"url": "https://www.on.com/en-us/.well-known/change-password"
}
},
"/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
"found": true,
"data": {
"status": 200,
"redirected": true,
"url": "https://www.on.com/en-us/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
}
}
}
}https://www.amazon.co.jpChanged custom metrics values: {
"_well-known": {
"/.well-known/assetlinks.json": {
"found": true,
"data": {
"deep_linking": false,
"credential_sharing": false
}
},
"/.well-known/apple-app-site-association": {
"found": true
},
"/.well-known/related-website-set.json": {
"found": false
},
"/.well-known/privacy-sandbox-attestations.json": {
"found": false
},
"/.well-known/gpc.json": {
"found": false
},
"/robots.txt": {
"found": true,
"data": {
"matched_disallows": {
"*": [
"/exec/obidos/account-access-login",
"/exec/obidos/dt/assoc/handle-buy-box",
"/exec/obidos/flex-sign-in",
"/exec/obidos/refer-a-friend-login",
"/exec/obidos/subst/associates/join",
"/gp/sign-in",
"/ap/signin",
"/exec/obidos/account-access-login",
"/exec/obidos/dt/assoc/handle-buy-box",
"/exec/obidos/flex-sign-in",
"/exec/obidos/refer-a-friend-login",
"/exec/obidos/subst/associates/join",
"/gp/sign-in",
"/ap/signin",
"/gp/video/auth"
]
}
}
},
"/.well-known/security.txt": {
"found": true,
"data": {
"status": 200,
"redirected": false,
"url": "https://www.amazon.co.jp/.well-known/security.txt",
"content_type": "text/plain",
"signed": false,
"contact": [
"https://hackerone.com/amazonvrp/reports/new"
],
"policy": [
"https://hackerone.com/amazonvrp"
],
"hiring": [
"https://www.amazon.jobs/en/teams/infosec"
],
"all_required_exist": false,
"only_one_requirement_broken": false,
"valid": false
}
},
"/.well-known/change-password": {
"found": false,
"data": {
"status": 404,
"redirected": false,
"url": "https://www.amazon.co.jp/.well-known/change-password"
}
},
"/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
"found": false,
"data": {
"status": 404,
"redirected": false,
"url": "https://www.amazon.co.jp/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
}
}
}
}https://www.libero.itChanged custom metrics values: {
"_well-known": {
"/.well-known/assetlinks.json": {
"error": "Failed to fetch"
},
"/.well-known/apple-app-site-association": {
"error": "Failed to fetch"
},
"/.well-known/related-website-set.json": {
"found": true
},
"/.well-known/privacy-sandbox-attestations.json": {
"error": "Failed to fetch"
},
"/.well-known/gpc.json": {
"error": "Failed to fetch"
},
"/robots.txt": {
"found": true,
"data": {
"matched_disallows": {}
}
},
"/.well-known/security.txt": {
"error": "Failed to fetch"
},
"/.well-known/change-password": {
"error": "Failed to fetch"
},
"/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
"error": "Failed to fetch"
}
}
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolved: #151
This custom metric enhancement tracks the usage of the two predefined relation strings in
assetlinks.json:delegate_permission/common.handle_all_urls(Deep Linking): Indicates the associated Android app can handle all URLs from the website, enabling deep linking functionality.delegate_permission/common.get_login_creds(Credential Sharing): Allows the app to access the user's login credentials stored for the website.By tracking these relationships, we can gain valuable insights into how websites are utilizing
assetlinks.jsonand identify trends in deep linking and credential sharing practices.Changes:
parseResponsefunction to count occurrences of the two relation strings and include the counts in the output JSON.deep_linkingandcredential_sharingfields to the JSON output for/.well-known/assetlinks.json.Test websites: