Open
Bug 811877
Opened 12 years ago
Updated 9 years ago
Javascript Taint Support in Firefox
Categories
(mozilla.org :: Security Assurance, task)
Tracking
(Not tracked)
NEW
People
(Reporter: ygjb, Assigned: ialagenchev, Mentored)
References
Details
(Whiteboard: [mentorship][lang=c++][lang=javascript])
Description: To get javascript taint mechanism exposed to the devtools provided by Firefox. Mentor: rforbes / Mark Goodwin / ptheriault Duration:300 hours Requirements: C++ and JS knowledge. Goals: Build a taint mechanism (similar to that used by DOMinator) to allow data from certain sources to be identified later on. Expose APIs to allow this to be used from the debugger (e.g. to be used in conditional breaks) to allow add-on authors (or ourselves) to easily create tools for searching for content (or chrome) DOM XSS issues.
Reporter | ||
Updated•12 years ago
|
Assignee: rforbes → nobody
Whiteboard: [mentorship] → [mentorship][mentor=rforbes@mozilla.com][lang=c++][lang=javascript]
Comment 1•11 years ago
|
||
I like this. Can I take it?
Comment 2•11 years ago
|
||
Sorry, how do I get assigned to this issue?
Comment 3•11 years ago
|
||
(In reply to morsquidsit from comment #2) > Sorry, how do I get assigned to this issue? Morsquidsit - talk to mgoodwin. We already have a mentee working on the project, but Mark can best tell you how to get involved.
Comment 4•11 years ago
|
||
(In reply to morsquidsit from comment #2) > Sorry, how do I get assigned to this issue? I'd be delighted if we can get you involved in some way but Ivan is already working **** this. Maybe we can divide the problem up in some way (we're yet to work out what to do with front ends to this, for example)? Ivan, what are your thoughts on this?
Flags: needinfo?(alagenchev)
Assignee | ||
Comment 5•11 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #4) > (In reply to morsquidsit from comment #2) > > Sorry, how do I get assigned to this issue? > > I'd be delighted if we can get you involved in some way but Ivan is already > working hard on this. Maybe we can divide the problem up in some way (we're > yet to work out what to do with front ends to this, for example)? > > Ivan, what are your thoughts on this? I think that anyone interested to help out is welcome to join. Are you interested more in working at the back end, or the front end? If you are more interested about the front end, you can probably start working on the design and conceptual ideas right away. If you are interested in helping out with the internals, I would have to spend some time thinking about ways to separate the responsibilities. I am sure we can work something out. If you contact me off-bugzilla, we can discuss further - alagenchev at gmail dot com
Flags: needinfo?(alagenchev)
Comment 6•11 years ago
|
||
If this issue is already taken I think I can find another one. However, it still says "Assigned to: Nobody; OK to take it and work on it".
Comment 7•11 years ago
|
||
(In reply to morsquidsit from comment #6) > If this issue is already taken I think I can find another one. However, it > still says "Assigned to: Nobody; OK to take it and work on it". My apologies; that's entirely my fault. There's much work to be done here so if you're still interested I'm sure you can participate; otherwise, feel free to look for another.
Assignee: nobody → alagenchev
Great that this is being worked on! For reference, there is similar work that was done by Stefano di Paola, the author of DOMinator, and released on GitHub: https://github.com/wisec/DOMinator but it would be really useful to have such feature as part of the core Firefox code so that it would be carried over from version to version. It would probably make sense to make it a compile-time option so that there would not be performance penalty when the feature is not needed.
Comment 9•11 years ago
|
||
(In reply to dimisec from comment #8) > Great that this is being worked on! For reference, there is similar work > that was done by Stefano di Paola, the author of DOMinator, and released on > GitHub: https://github.com/wisec/DOMinator Indeed. Stefano has been working with us on this (and we're very grateful for his help).
Comment 10•11 years ago
|
||
Ok, I think I'd like to work on this issue.
Comment 11•11 years ago
|
||
Can you confirm that you're still working on this bug?
Flags: needinfo?(alagenchev)
Assignee | ||
Comment 12•11 years ago
|
||
Yep, I'm still actively working on this. Did you need any additional info?
Flags: needinfo?(alagenchev)
Comment 13•11 years ago
|
||
Nope, we're just checking up. Thanks!
Assignee | ||
Comment 14•11 years ago
|
||
Just a quick update. We are now functionally equivalent to DOMinator and we are going to start working on improving the overall architecture and making improvements necessary to make this part of spider monkey. Our progress and potential contributions can be followed here: https://github.com/alagenchev/spider_monkey
Comment 15•10 years ago
|
||
Hi Ivan - is the project is still alive / are you getting a chance to work on it? Do you want any help testing it? I would love to contribute. Thanks. Dmitri
Assignee | ||
Comment 16•10 years ago
|
||
(In reply to dimisec from comment #15) > Hi Ivan - is the project is still alive / are you getting a chance to work > on it? Do you want any help testing it? I would love to contribute. > Thanks. > > Dmitri Hi Dmitri, thank you for showing interest in the project. I'm not contributing to it any longer due to other personal responsibilities. Stephanie Ouillon has picked it up now. You can reach her at stephouillon@mozilla.com
Comment 17•10 years ago
|
||
Hi Dmitri, Nicolas Pierron did a talk about JS Tainting during the last JS workweek, you can find the slides here : https://github.com/nbp/slides/tree/master/TaintAnalysis Right now, we're going to have look at jalangi and we'll get back with a more concrete insight.
Updated•10 years ago
|
Mentor: rforbes
Whiteboard: [mentorship][mentor=rforbes@mozilla.com][lang=c++][lang=javascript] → [mentorship][lang=c++][lang=javascript]
Comment 18•10 years ago
|
||
Stéphanie, do we have any preliminary results on what it could bring to have such system in the JavaScript engine?
Flags: needinfo?(stephouillon)
Comment 19•10 years ago
|
||
I haven't been working on tainting at all recently, so now news for now.
Flags: needinfo?(stephouillon)
Comment 20•9 years ago
|
||
Any update on this bug? I would like to know more about it and work if this project still needs contributors. Some other project too would be fine.
Flags: needinfo?(rforbes)
Comment 21•9 years ago
|
||
I have not touched this in quite a while. Possible Mark Goodwin knows more. -r
Flags: needinfo?(rforbes) → needinfo?(mgoodwin)
Comment 22•9 years ago
|
||
Sadly not; Stephanie touched this more recently than I.
Flags: needinfo?(mgoodwin)
Comment 23•9 years ago
|
||
COWL is on its way to FWPD: https://w3c.github.io/webappsec-cowl/ I will create a separate bug for COWL once it is in FPWD form, but given the interest on tainting, I figured I should point to this information flow control system.
You need to log in
before you can comment on or make changes to this bug.
Description
•