Closed Bug 1907849 Opened 7 months ago Closed 2 months ago

(trusted types) Audit test coverage, making sure that the remaining annotations are timeouts, but not failures

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: freddy, Assigned: mbrodesser-Igalia)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-active], [wptsync upstream])

Attachments

(19 files, 3 obsolete files)

Bug 1907849: part 1) Add WPTs for setting event handlers with `setAttributeNS`. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 2) Transform the test which is commented out in <Element-setAttributeNS.html> to a valid one which is executed. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 3) Enrich documentation of <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 4) Rename <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 5) Add WPT <Element-setAttribute-respects-Elements-node-documents-globals-CSP-after-adoption-from-TT-realm.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 7) Add Worker tests to <DOMWindowTimers-setTimeout-setInterval.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 6) Link from some worker tests to WPT's documentation. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 8) Add WPTs for trusted types when constructing Workers from WorkerGlobalScope. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 9) Extend WPT to check sink value of "Document parseHTMLUnsafe". r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 10) Add WPTs for checking `Document.write`'s and `Document.writeln`'s sink values passed to the default policy. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 11) Add WPTs for checking `setHTMLUnsafe`'s trusted types' sink string of the default policy. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 12) Add WPTs for checking `outerHTML`'s trusted types' sink string of the default policy. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 13) Add WPTs for checking `innerHTML`'s trusted types' sink string of the default policy. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 14) Add WPTs for checking `parseFromString`'s trusted types' sink string of the default policy. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 15) Add check for Range's createContextualFragment's sink value. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 16) Add check in WPT for Element's insertAdjacentHTML's sink value. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 17.1) Move JS code from <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 17.2) Add Worker/SharedWorker tests to <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html>. r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907849: part 18) Add sink tests for "get Trusted Types-compliant attribute value". r=smaug
48 bytes, text/x-phabricator-request
Details | Review
No description provided.
Whiteboard: [domsecurity-active]
Depends on: 1934610
Depends on: 1935594
Assignee: nobody → mbrodesser

Regarding the removed TODO: checking one non-null namespace should
suffice, since other non-null namespaces likely take the same codepath.

Depends on: 1936058
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/aa989819968b part 1) Add WPTs for setting event handlers with `setAttributeNS`. r=smaug https://hg.mozilla.org/integration/autoland/rev/bc406a35457d part 2) Transform the test which is commented out in <Element-setAttributeNS.html> to a valid one which is executed. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49621 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-active] → [domsecurity-active], [wptsync upstream]
Upstream PR merged by moz-wptsync-bot

Another test for an adoption from a TT realm is added in another part.
The renaming makes their relationship clearer.

Attachment #9443166 - Attachment description: Bug 1907849: part 3) Enrich documentation of <https://www.w3.org/TR/trusted-types/#validate-attribute-mutation>. r=smaug → Bug 1907849: part 3) Enrich documentation of <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug
Attachment #9443167 - Attachment description: Bug 1907849: part 4) Rename <testing/web-platform/tests/trusted-types/Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug → Bug 1907849: part 4) Rename <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug
Attachment #9443165 - Attachment is obsolete: true
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/882367ece188 part 3) Enrich documentation of <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/a9bf391403fd part 4) Rename <Element-setAttribute-respects-Elements-node-documents-globals-CSP.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/5a48fdcefee7 part 5) Add WPT <Element-setAttribute-respects-Elements-node-documents-globals-CSP-after-adoption-from-TT-realm.html>. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49671 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/75f53a8a4a02 part 6) Link from some worker tests to WPT's documentation. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49735 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/64153e8a6666 part 7) Add Worker tests to <DOMWindowTimers-setTimeout-setInterval.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/1615038844f1 part 8) Add WPTs for trusted types when constructing Workers from WorkerGlobalScope. r=smaug https://hg.mozilla.org/integration/autoland/rev/cb3e58c8b7ff part 9) Extend WPT to check sink value of "Document parseHTMLUnsafe". r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49756 for changes under testing/web-platform/tests

Backed out for causing wpt fails @ block-string-assignment-to-Document-parseHTMLUnsafe.html

TEST-UNEXPECTED-FAIL | /trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html | 'Document.parseHTMLUnsafe(string)' assigned via default policy (successful HTML transformation). - assert_equals: expected "Document parseHTMLUnsafe" but got "Document parseHTMLUnsafe "
Flags: needinfo?(mbrodesser)

(In reply to amarc from comment #28)

Backed out for causing wpt fails @ block-string-assignment-to-Document-parseHTMLUnsafe.html

TEST-UNEXPECTED-FAIL | /trusted-types/block-string-assignment-to-Document-parseHTMLUnsafe.html | 'Document.parseHTMLUnsafe(string)' assigned via default policy (successful HTML transformation). - assert_equals: expected "Document parseHTMLUnsafe" but got "Document parseHTMLUnsafe "

It's a typo in the actual code (https://searchfox.org/mozilla-central/rev/df850fa290fe962c2c5ae8b63d0943ce768e3cc4/dom/base/Document.cpp#19796). Will fix it in a separate ticket.

Flags: needinfo?(mbrodesser)
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/f7666d84884d part 7) Add Worker tests to <DOMWindowTimers-setTimeout-setInterval.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/33f7437132ed part 8) Add WPTs for trusted types when constructing Workers from WorkerGlobalScope. r=smaug

The strings in the production code contain a superfluous whitespace.

No separate issues are filed for fixing those as all failing tests will
be audited according to
https://bugzilla.mozilla.org/show_bug.cgi?id=1907849#c27. That is,
auditing at all test meta files.

Attachment #9444356 - Attachment description: Bug 1907849: part 12) Add WPTs for checking `outerHTML`'s trusted types' sink string of the default policy. r=smaug → Bug 1907849: part 13) Add WPTs for checking `innerHTML`'s trusted types' sink string of the default policy. r=smaug
Attachment #9444356 - Attachment description: Bug 1907849: part 13) Add WPTs for checking `innerHTML`'s trusted types' sink string of the default policy. r=smaug → Bug 1907849: part 12) Add WPTs for checking `outerHTML`'s trusted types' sink string of the default policy. r=smaug
Upstream PR merged by moz-wptsync-bot
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/c006cb26e155 part 9) Extend WPT to check sink value of "Document parseHTMLUnsafe". r=smaug https://hg.mozilla.org/integration/autoland/rev/669822cfa2fb part 10) Add WPTs for checking `Document.write`'s and `Document.writeln`'s sink values passed to the default policy. r=smaug https://hg.mozilla.org/integration/autoland/rev/f21fc5b44dfc part 11) Add WPTs for checking `setHTMLUnsafe`'s trusted types' sink string of the default policy. r=smaug https://hg.mozilla.org/integration/autoland/rev/4d109782995e part 12) Add WPTs for checking `outerHTML`'s trusted types' sink string of the default policy. r=smaug https://hg.mozilla.org/integration/autoland/rev/390c5456d7df part 13) Add WPTs for checking `innerHTML`'s trusted types' sink string of the default policy. r=smaug https://hg.mozilla.org/integration/autoland/rev/4b9f0161c5ae part 14) Add WPTs for checking `parseFromString`'s trusted types' sink string of the default policy. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49859 for changes under testing/web-platform/tests
Attachment #9445336 - Attachment description: WIP: Bug 1907849: part 17.1) Move JS code from <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html> → Bug 1907849: part 17.1) Move JS code from <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html>. r=smaug
Upstream PR merged by moz-wptsync-bot
Attachment #9445320 - Attachment is obsolete: true
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/c4b0f5515c7d part 15) Add check for Range's createContextualFragment's sink value. r=smaug https://hg.mozilla.org/integration/autoland/rev/5304ae5946ed part 16) Add check in WPT for Element's insertAdjacentHTML's sink value. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49863 for changes under testing/web-platform/tests

"get Trusted Types-compliant attribute value" is called from
setAttribute*, for links see the test.

setAttribute and setAttributeNS presumably take the same code-paths,
so only testing setAttributeNS here.

For event handlers only one test is added, because other event handlers
presumably take the same code-paths.

Fixes https://github.com/w3c/trusted-types/issues/570.

It timeouts in Chrome and Gecko. Removing creating the policy lets it
pass.

Attachment #9445438 - Attachment is obsolete: true

Update of the currently known remaining work for this ticket:

Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/b2d83332174d part 17.1) Move JS code from <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/958b78cb25c5 part 17.2) Add Worker/SharedWorker tests to <block-string-assignment-to-DOMWindowTimers-setTimeout-setInterval.html>. r=smaug https://hg.mozilla.org/integration/autoland/rev/42f2f0e18f47 part 18) Add sink tests for "get Trusted Types-compliant attribute value". r=smaug
Assignee: mbrodesser → nobody

When continuing writing patches for this issue, consider filing a successor-Bugzilla ticket. In order to avoid affecting multiple releases (https://whattrainisitnow.com/calendar/).

Upstream PR merged by moz-wptsync-bot

It seems some commits have not been upstreamed yet by moz-wptsync-bot. Let's wait that it happens, close this and corresponding github issues and open a follow-up bug.

(In reply to Frédéric Wang (:fredw) from comment #57)

It seems some commits have not been upstreamed yet by moz-wptsync-bot. Let's wait that it happens, close this and corresponding github issues and open a follow-up bug.

I stand corrected, I didn't realize multiple commits were grouped in a single PR:

https://github.com/web-platform-tests/wpt/pull/49621/commits
https://github.com/web-platform-tests/wpt/pull/49671/commits
https://github.com/web-platform-tests/wpt/pull/49735/commits
https://github.com/web-platform-tests/wpt/pull/49756/commits
https://github.com/web-platform-tests/wpt/pull/49859/commits
https://github.com/web-platform-tests/wpt/pull/49863/commits

(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #29)

It's a typo in the actual code (https://searchfox.org/mozilla-central/rev/df850fa290fe962c2c5ae8b63d0943ce768e3cc4/dom/base/Document.cpp#19796). Will fix it in a separate ticket.

Done in bug 1938069.

(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #32)

Bug 1907849: part 11) Add WPTs for checking setHTMLUnsafe's trusted types' sink string of the default policy. r=smaug
The strings in the production code contain a superfluous whitespace.

Done in bug 1939802.

Blocks: 1939805

(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #51)

Thanks for adding these tests, I'll check the remaining ones.

  • Determining an complete list of all sinks is not trivial, for two reasons. Gecko might not cover all sinks currently and the different specs have pending PRs (e.g. https://github.com/whatwg/dom/pull/1268).

The spec I checked are at https://github.com/w3c/trusted-types/issues/494#issuecomment-2568807108 ; I'm pretty confident our implementation covers the sinks from these specs as I checked each reference, paragraph and open PRs one by one. I didn't check WebKit/Chromium in details though so some things with fuzzy spec status might have been missed, this happened for execCommand for example which I only found because it had tests.

Note that this is not enough, some sinks like eval and function constructors are not listed.

(In reply to Mirko Brodesser (:mbrodesser-Igalia) from comment #54)

When continuing writing patches for this issue, consider filing a successor-Bugzilla ticket. In order to avoid affecting multiple releases (https://whattrainisitnow.com/calendar/).

Closing as opening bug 1939805. Note that I was thinking to have patches to separate bugs blocking bug 1907849 (similarly to what was done with bugs 1934610, 1935594, 1936058) so so we could have kept the meta bug open, but I guess that's ok...

Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Assignee: nobody → mbrodesser

Note that this is not enough, some sinks like eval and function constructors are not listed.

Right, thanks for pointing that out. One reason is that eval isn't defined in a .webidl file.

(In reply to Frédéric Wang (:fredw) from comment #60)

The spec I checked are at https://github.com/w3c/trusted-types/issues/494#issuecomment-2568807108 ; I'm pretty confident our implementation covers the sinks from these specs as I checked each reference, paragraph and open PRs one by one. I didn't check WebKit/Chromium in details though so some things with fuzzy spec status might have been missed, this happened for execCommand for example which I only found because it had tests.

I rechecked completely this morning and commented https://github.com/w3c/trusted-types/issues/494 ; there is one sink missing for Service Workers (which is in its own spec) and another one for SVG script (which is not speced yet).

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: