WebKit Bugzilla
Attachment 339170 Details for
Bug 185154
: Do SRI checks in NetworkProcess
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185154-20180430191456.patch (text/plain), 36.73 KB, created by
youenn fablet
on 2018-04-30 19:14:56 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-04-30 19:14:56 PDT
Size:
36.73 KB
patch
obsolete
>Subversion Revision: 231157 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index f5296f8e2a5474ad35f93a2481fc3ccf608ebd7b..86ef36604880ee11400ed6e13929dff951f4c8ce 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,36 @@ >+2018-04-30 Youenn Fablet <youenn@apple.com> >+ >+ Do SRI checks in NetworkProcess >+ https://bugs.webkit.org/show_bug.cgi?id=185154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ fix-185154 >+ >+ Covered by existing tests. >+ >+ * WebCore.xcodeproj/project.pbxproj: >+ * bindings/js/ScriptModuleLoader.cpp: >+ (WebCore::ScriptModuleLoader::notifyFinished): >+ * dom/LoadableClassicScript.cpp: >+ (WebCore::LoadableClassicScript::notifyFinished): >+ * html/HTMLLinkElement.cpp: >+ (WebCore::HTMLLinkElement::setCSSStyleSheet): >+ * loader/DocumentThreadableLoader.cpp: >+ (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): >+ (WebCore::DocumentThreadableLoader::reportIntegrityMetadataError): >+ * loader/SubresourceIntegrity.cpp: >+ (WebCore::matchIntegrityMetadata): >+ * loader/SubresourceIntegrity.h: >+ * loader/SubresourceLoader.cpp: >+ (WebCore::SubresourceLoader::didFail): >+ * loader/ThreadableLoader.cpp: >+ (WebCore::ThreadableLoader::logError): >+ * loader/cache/CachedResourceLoader.cpp: >+ (WebCore::CachedResourceLoader::determineRevalidationPolicy const): >+ * platform/network/ResourceErrorBase.cpp: >+ * platform/network/ResourceErrorBase.h: >+ > 2018-04-30 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for navigation loads >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 3f2c35b2b0526f9029f5b5566a405e3dae38274d..be867550c47e46b6953f0fb52a92ef4fdec9a026 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,25 @@ >+2018-04-30 Youenn Fablet <youenn@apple.com> >+ >+ Do SRI checks in NetworkProcess >+ https://bugs.webkit.org/show_bug.cgi?id=185154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ fix-185154 >+ >+ * NetworkProcess/NetworkLoadChecker.cpp: >+ (WebKit::NetworkLoadChecker::validateSubresourceIntegrity): >+ * NetworkProcess/NetworkLoadChecker.h: >+ * NetworkProcess/NetworkResourceLoader.cpp: >+ (WebKit::NetworkResourceLoader::didReceiveResponse): >+ (WebKit::NetworkResourceLoader::didSendReceivedResponse): >+ (WebKit::NetworkResourceLoader::didReceiveBuffer): >+ (WebKit::NetworkResourceLoader::didFinishLoading): >+ (WebKit::NetworkResourceLoader::didSendBufferedDataAfterFinishedLoading): >+ (WebKit::NetworkResourceLoader::continueDidReceiveResponse): >+ (WebKit::NetworkResourceLoader::didRetrieveCacheEntry): >+ * NetworkProcess/NetworkResourceLoader.h: >+ > 2018-04-30 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for navigation loads >diff --git a/Source/WebCore/WebCore.xcodeproj/project.pbxproj b/Source/WebCore/WebCore.xcodeproj/project.pbxproj >index 36a443fb492e2e99a07d4b85f66d2c37c21c4083..06b69d4e7b8df0b0649fe06588e2192f0d5a91f3 100644 >--- a/Source/WebCore/WebCore.xcodeproj/project.pbxproj >+++ b/Source/WebCore/WebCore.xcodeproj/project.pbxproj >@@ -1063,6 +1063,7 @@ > 4150F9F112B6E0E70008C860 /* SliderThumbElement.h in Headers */ = {isa = PBXBuildFile; fileRef = 4150F9EF12B6E0E70008C860 /* SliderThumbElement.h */; }; > 41519CB81FD1F02E007F623C /* ServiceWorkerClientQueryOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 413FC4CD1FD1DD8C00541C4B /* ServiceWorkerClientQueryOptions.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 4151E5BB1FBA4C7A00E47E2D /* SWOriginStore.h in Headers */ = {isa = PBXBuildFile; fileRef = 4151E5B71FBA4C7500E47E2D /* SWOriginStore.h */; settings = {ATTRIBUTES = (Private, ); }; }; >+ 4153A84B2097DA52004FE3F9 /* SubresourceIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = 7CF1589A1EBBCDC700D4BFB7 /* SubresourceIntegrity.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 415747471E3869A400E914D8 /* LibWebRTCMacros.h in Headers */ = {isa = PBXBuildFile; fileRef = 415747431E38699E00E914D8 /* LibWebRTCMacros.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 415747481E3869A700E914D8 /* LibWebRTCProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 415747441E38699E00E914D8 /* LibWebRTCProvider.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 4157EBFA1E3AB67900AC9FE9 /* MockLibWebRTCPeerConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4157EBF91E3AB06800AC9FE9 /* MockLibWebRTCPeerConnection.cpp */; }; >@@ -28136,6 +28137,7 @@ > C0C054CD1118C8E400CE2636 /* IDLParser.pm in Headers */, > 7C5222961E1DAE03002CB8F7 /* IDLTypes.h in Headers */, > C3CF17A515B0063F00276D39 /* IdTargetObserver.h in Headers */, >+ 4153A84B2097DA52004FE3F9 /* SubresourceIntegrity.h in Headers */, > C3CF17A715B0063F00276D39 /* IdTargetObserverRegistry.h in Headers */, > 8AB4BC77126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h in Headers */, > 467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */, >diff --git a/Source/WebCore/bindings/js/ScriptModuleLoader.cpp b/Source/WebCore/bindings/js/ScriptModuleLoader.cpp >index a6e3bc201f611e4312e17f13108a089d1921f491..9671a17c4a494f139019024ff85588047bdb07d3 100644 >--- a/Source/WebCore/bindings/js/ScriptModuleLoader.cpp >+++ b/Source/WebCore/bindings/js/ScriptModuleLoader.cpp >@@ -292,6 +292,10 @@ void ScriptModuleLoader::notifyFinished(CachedModuleScriptLoader& loader, RefPtr > } > > if (cachedScript.errorOccurred()) { >+ if (cachedScript.resourceError().domain() == errorSubresourceIntegrity) { >+ promise->reject(TypeError, makeString("Cannot load script ", cachedScript.url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.")); >+ return; >+ } > rejectToPropagateNetworkError(*promise, ModuleFetchFailureKind::WasErrored, ASCIILiteral("Importing a module script failed.")); > return; > } >diff --git a/Source/WebCore/dom/LoadableClassicScript.cpp b/Source/WebCore/dom/LoadableClassicScript.cpp >index b3d12702539150a46986d39850795f3622971dc6..5792e67603fc31bb233edad81f6612808f2fd051 100644 >--- a/Source/WebCore/dom/LoadableClassicScript.cpp >+++ b/Source/WebCore/dom/LoadableClassicScript.cpp >@@ -107,7 +107,7 @@ void LoadableClassicScript::notifyFinished(CachedResource& resource) > }; > } > >- if (!m_error && !resource.errorOccurred() && !matchIntegrityMetadata(resource, m_integrity)) { >+ if (resource.resourceError().domain() == errorSubresourceIntegrity || (!m_error && !resource.errorOccurred() && !matchIntegrityMetadata(resource, m_integrity))) { > m_error = Error { > ErrorType::FailedIntegrityCheck, > ConsoleMessage { MessageSource::Security, MessageLevel::Error, makeString("Cannot load script ", m_cachedScript->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.") } >diff --git a/Source/WebCore/html/HTMLLinkElement.cpp b/Source/WebCore/html/HTMLLinkElement.cpp >index f9ce07ad5919342478083f43ab6b103ec92ce062..14a299a2b080595a0aa76ef7b8199df59ce4680c 100644 >--- a/Source/WebCore/html/HTMLLinkElement.cpp >+++ b/Source/WebCore/html/HTMLLinkElement.cpp >@@ -414,7 +414,7 @@ void HTMLLinkElement::setCSSStyleSheet(const String& href, const URL& baseURL, c > // Completing the sheet load may cause scripts to execute. > Ref<HTMLLinkElement> protectedThis(*this); > >- if (!cachedStyleSheet->errorOccurred() && !matchIntegrityMetadata(*cachedStyleSheet, m_integrityMetadataForPendingSheetRequest)) { >+ if (cachedStyleSheet->resourceError().domain() == errorSubresourceIntegrity || (!cachedStyleSheet->errorOccurred() && !matchIntegrityMetadata(*cachedStyleSheet, m_integrityMetadataForPendingSheetRequest))) { > document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Cannot load stylesheet ", cachedStyleSheet->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.")); > > m_loading = false; >diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp >index 79ae616b8dc685f5946ef14348f261f1eb838d84..88585bfd5beffd32dd3ba1b8d973e4ddc130e838 100644 >--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp >+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp >@@ -116,7 +116,7 @@ DocumentThreadableLoader::DocumentThreadableLoader(Document& document, Threadabl > , m_sameOriginRequest(securityOrigin().canRequest(request.url())) > , m_simpleRequest(true) > , m_async(blockingBehavior == LoadAsynchronously) >- , m_delayCallbacksForIntegrityCheck(!m_options.integrity.isEmpty()) >+ , m_delayCallbacksForIntegrityCheck(!isDoingSecurityChecksInNetworkProcess() && !m_options.integrity.isEmpty()) > , m_contentSecurityPolicy(WTFMove(contentSecurityPolicy)) > , m_shouldLogError(shouldLogError) > { >@@ -686,7 +686,9 @@ void DocumentThreadableLoader::reportCrossOriginResourceSharingError(const URL& > > void DocumentThreadableLoader::reportIntegrityMetadataError(const URL& url) > { >- logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Failed integrity metadata check.", ResourceError::Type::General)); >+ ResourceError error { errorDomainWebKitInternal, 0, url, "Failed integrity metadata check.", ResourceError::Type::General }; >+ m_document.addConsoleMessage(MessageSource::Security, MessageLevel::Error, error.localizedDescription()); >+ logErrorAndFail(error); > } > > void DocumentThreadableLoader::logErrorAndFail(const ResourceError& error) >diff --git a/Source/WebCore/loader/SubresourceIntegrity.cpp b/Source/WebCore/loader/SubresourceIntegrity.cpp >index cb97072bef6fc3b2378bc90b83c95ef5dbea1396..6422a173cdbfead4206ff1c08f662cd278c3df17 100644 >--- a/Source/WebCore/loader/SubresourceIntegrity.cpp >+++ b/Source/WebCore/loader/SubresourceIntegrity.cpp >@@ -166,6 +166,11 @@ static Vector<EncodedResourceCryptographicDigest> strongestMetadataFromSet(Vecto > } > > bool matchIntegrityMetadata(const CachedResource& resource, const String& integrityMetadataList) >+{ >+ return matchIntegrityMetadata(resource.resourceBuffer(), integrityMetadataList, isResponseEligible(resource)); >+} >+ >+bool matchIntegrityMetadata(const SharedBuffer* sharedBuffer, const String& integrityMetadataList, bool isResponseEligibleForSubresourceIntegrity) > { > // FIXME: Consider caching digests on the CachedResource rather than always recomputing it. > >@@ -177,7 +182,7 @@ bool matchIntegrityMetadata(const CachedResource& resource, const String& integr > return true; > > // 3. If response is not eligible for integrity validation, return false. >- if (!isResponseEligible(resource)) >+ if (!isResponseEligibleForSubresourceIntegrity) > return false; > > // 4. If parsedMetadata is the empty set, return true. >@@ -187,8 +192,6 @@ bool matchIntegrityMetadata(const CachedResource& resource, const String& integr > // 5. Let metadata be the result of getting the strongest metadata from parsedMetadata. > auto metadata = strongestMetadataFromSet(WTFMove(*parsedMetadata)); > >- const auto* sharedBuffer = resource.resourceBuffer(); >- > // 6. For each item in metadata: > for (auto& item : metadata) { > // 1. Let algorithm be the alg component of item. >diff --git a/Source/WebCore/loader/SubresourceIntegrity.h b/Source/WebCore/loader/SubresourceIntegrity.h >index 841cb40310e47dd19efd42dacfd0487c03bfd546..16701079cdccc008dd3a77fb2432ecc6393119f3 100644 >--- a/Source/WebCore/loader/SubresourceIntegrity.h >+++ b/Source/WebCore/loader/SubresourceIntegrity.h >@@ -32,5 +32,6 @@ namespace WebCore { > class CachedResource; > > bool matchIntegrityMetadata(const CachedResource&, const String& integrityMetadata); >+WEBCORE_EXPORT bool matchIntegrityMetadata(const SharedBuffer*, const String& integrityMetadata, bool isResponseEligibleForSubresourceIntegrity); > > } >diff --git a/Source/WebCore/loader/SubresourceLoader.cpp b/Source/WebCore/loader/SubresourceLoader.cpp >index f547035f3e3f273227408ed3ec4604417f5e3319..a779fa6b677c18e684503deaddd801a9dca012ff 100644 >--- a/Source/WebCore/loader/SubresourceLoader.cpp >+++ b/Source/WebCore/loader/SubresourceLoader.cpp >@@ -651,7 +651,7 @@ void SubresourceLoader::didFinishLoading(const NetworkLoadMetrics& networkLoadMe > > void SubresourceLoader::didFail(const ResourceError& error) > { >- if (m_frame && m_frame->document() && error.isAccessControl()) >+ if (m_frame && m_frame->document() && (error.isAccessControl() || error.isGeneral())) > m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, error.localizedDescription()); > > #if USE(QUICK_LOOK) >diff --git a/Source/WebCore/loader/ThreadableLoader.cpp b/Source/WebCore/loader/ThreadableLoader.cpp >index ceab6febe3d010b965a9fda1efd4e9e3eb3de0bf..d7bdf5d885c35069a0465aff8678a6db79ae5b79 100644 >--- a/Source/WebCore/loader/ThreadableLoader.cpp >+++ b/Source/WebCore/loader/ThreadableLoader.cpp >@@ -131,7 +131,7 @@ void ThreadableLoader::logError(ScriptExecutionContext& context, const ResourceE > > // We further reduce logging to some errors. > // FIXME: Log more errors when making so do not make some layout tests flaky. >- if (error.domain() != errorDomainWebKitInternal && !error.isAccessControl()) >+ if (error.domain() != errorDomainWebKitInternal && !error.isAccessControl() && error.domain() != errorSubresourceIntegrity) > return; > > const char* messageStart; >diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp >index 85daf03ad6470a67e82c4909678dc1c22c077011..07fb814f73b675ec75702e464f0796aae59f2022 100644 >--- a/Source/WebCore/loader/cache/CachedResourceLoader.cpp >+++ b/Source/WebCore/loader/cache/CachedResourceLoader.cpp >@@ -1083,6 +1083,9 @@ CachedResourceLoader::RevalidationPolicy CachedResourceLoader::determineRevalida > existingResource->setEncoding(cachedResourceRequest.charset()); > } > >+ if (existingResource->options().integrity != cachedResourceRequest.options().integrity) >+ return Reload; >+ > // FIXME: We should use the same cache policy for all resource types. The raw resource policy is overly strict > // while the normal subresource policy is too loose. > if (existingResource->isMainOrMediaOrIconOrRawResource() && frame()) { >diff --git a/Source/WebCore/platform/network/ResourceErrorBase.cpp b/Source/WebCore/platform/network/ResourceErrorBase.cpp >index 84a7c51801fd9a770663793de439b09ace9f3491..4a1fc557f85018acc51f72721255473e26e9261f 100644 >--- a/Source/WebCore/platform/network/ResourceErrorBase.cpp >+++ b/Source/WebCore/platform/network/ResourceErrorBase.cpp >@@ -30,6 +30,7 @@ > namespace WebCore { > > const char* const errorDomainWebKitInternal = "WebKitInternal"; >+const char* const errorSubresourceIntegrity = "WebKitSubresourceIntegrity"; > > inline const ResourceError& ResourceErrorBase::asResourceError() const > { >diff --git a/Source/WebCore/platform/network/ResourceErrorBase.h b/Source/WebCore/platform/network/ResourceErrorBase.h >index 073cacb6dc4f354aa81e4c07755265146ad077b8..a92868660fb1bea89cc7471e73225194c9ee4160 100644 >--- a/Source/WebCore/platform/network/ResourceErrorBase.h >+++ b/Source/WebCore/platform/network/ResourceErrorBase.h >@@ -34,6 +34,7 @@ namespace WebCore { > class ResourceError; > > WEBCORE_EXPORT extern const char* const errorDomainWebKitInternal; // Used for errors that won't be exposed to clients. >+WEBCORE_EXPORT extern const char* const errorSubresourceIntegrity; // Used for sub-resource integrity errors. > > class ResourceErrorBase { > public: >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >index e93eb7b4af98488d0573bf1f88a4db367c4cd778..461748813f0d200ece5f11494bddb99da8d248c4 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp >@@ -36,6 +36,7 @@ > #include <WebCore/CrossOriginPreflightResultCache.h> > #include <WebCore/HTTPParsers.h> > #include <WebCore/SchemeRegistry.h> >+#include <WebCore/SubresourceIntegrity.h> > > #define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(m_sessionID.isAlwaysOnLoggingAllowed(), Network, "%p - NetworkLoadChecker::" fmt, this, ##__VA_ARGS__) > >@@ -152,6 +153,11 @@ ResourceError NetworkLoadChecker::validateResponse(ResourceResponse& response) > return { }; > } > >+ResourceError NetworkLoadChecker::validateSubresourceIntegrity(const WebCore::SharedBuffer* buffer) >+{ >+ return matchIntegrityMetadata(buffer, m_options.integrity, m_isSameOriginRequest || m_options.mode == FetchOptions::Mode::Cors) ? ResourceError { } : ResourceError { errorSubresourceIntegrity, 0, m_url, "Failed integrity metadata check.", ResourceError::Type::General }; >+} >+ > auto NetworkLoadChecker::accessControlErrorForValidationHandler(String&& message) -> RequestOrError > { > return makeUnexpected(ResourceError { String { }, 0, m_url, WTFMove(message), ResourceError::Type::AccessControl }); >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >index 654a38f2a9bfb40f454f69180ba92b5f46f443c7..13064e7f8d5a05a58f9ae4b7fc1b6a726ea2af0f 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >+++ b/Source/WebKit/NetworkProcess/NetworkLoadChecker.h >@@ -56,6 +56,8 @@ public: > > WebCore::ResourceError validateResponse(WebCore::ResourceResponse&); > >+ WebCore::ResourceError validateSubresourceIntegrity(const WebCore::SharedBuffer*); >+ > void setCSPResponseHeaders(WebCore::ContentSecurityPolicyResponseHeaders&& headers) { m_cspResponseHeaders = WTFMove(headers); } > #if ENABLE(CONTENT_EXTENSIONS) > void setContentExtensionController(WebCore::URL&& mainDocumentURL, std::optional<UserContentControllerIdentifier> identifier) >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >index 7824daddd79f38367f7d1eb0bce444ad459b9e69..bcb5addd41984570b5fede77f378a8148aef5c4a 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp >@@ -97,6 +97,7 @@ NetworkResourceLoader::NetworkResourceLoader(NetworkResourceLoadParameters&& par > , m_isAllowedToAskUserForCredentials { m_parameters.clientCredentialPolicy == ClientCredentialPolicy::MayAskClientForCredentials } > , m_bufferingTimer { *this, &NetworkResourceLoader::bufferingTimerFired } > , m_cache { sessionID().isEphemeral() ? nullptr : NetworkProcess::singleton().cache() } >+ , m_shouldDeferSendingResponseUntilCompletion { m_parameters.shouldRestrictHTTPResponseAccess && !m_parameters.options.integrity.isEmpty() } > { > ASSERT(RunLoop::isMain()); > // FIXME: This is necessary because of the existence of EmptyFrameLoaderClient in WebCore. >@@ -394,6 +395,14 @@ auto NetworkResourceLoader::didReceiveResponse(ResourceResponse&& receivedRespon > if (shouldCaptureExtraNetworkLoadMetrics()) > m_connection->addNetworkLoadInformationResponse(identifier(), m_response); > >+ if (m_shouldDeferSendingResponseUntilCompletion) >+ return ShouldContinueDidReceiveResponse::Yes; >+ >+ return didSendReceivedResponse(); >+} >+ >+auto NetworkResourceLoader::didSendReceivedResponse() -> ShouldContinueDidReceiveResponse >+{ > // For multipart/x-mixed-replace didReceiveResponseAsync gets called multiple times and buffering would require special handling. > if (!isSynchronous() && m_response.isMultipart()) > m_bufferedData = nullptr; >@@ -474,9 +483,16 @@ void NetworkResourceLoader::didReceiveBuffer(Ref<SharedBuffer>&& buffer, int rep > if (m_bufferedData) { > m_bufferedData->append(buffer.get()); > m_bufferedDataEncodedDataLength += encodedDataLength; >- startBufferingTimerIfNeeded(); >+ if (!m_shouldDeferSendingResponseUntilCompletion) >+ startBufferingTimerIfNeeded(); >+ return; >+ } >+ >+ if (m_shouldDeferSendingResponseUntilCompletion) { >+ m_bufferedData = WTFMove(buffer); > return; > } >+ > sendBuffer(buffer, encodedDataLength); > } > >@@ -500,6 +516,22 @@ void NetworkResourceLoader::didFinishLoading(const NetworkLoadMetrics& networkLo > logCookieInformation(); > #endif > >+ if (m_shouldDeferSendingResponseUntilCompletion) { >+ auto error = m_networkLoadChecker->validateSubresourceIntegrity(m_bufferedData.get()); >+ if (!error.isNull()) { >+ didFailLoading(error); >+ return; >+ } >+ if (didSendReceivedResponse() == ShouldContinueDidReceiveResponse::No) { >+ m_networkLoadMetrics = networkLoadMetrics; >+ return; >+ } >+ } >+ didSendBufferedDataAfterFinishedLoading(networkLoadMetrics); >+} >+ >+void NetworkResourceLoader::didSendBufferedDataAfterFinishedLoading(const NetworkLoadMetrics& networkLoadMetrics) >+{ > if (isSynchronous()) > sendReplyToSynchronousRequest(*m_synchronousLoadData, m_bufferedData.get()); > else { >@@ -653,6 +685,11 @@ void NetworkResourceLoader::continueDidReceiveResponse() > return; > } > >+ if (m_shouldDeferSendingResponseUntilCompletion && m_networkLoadMetrics) { >+ didSendBufferedDataAfterFinishedLoading(*m_networkLoadMetrics); >+ return; >+ } >+ > // FIXME: Remove this check once BlobResourceHandle implements didReceiveResponseAsync correctly. > // Currently, it does not wait for response, so the load is likely to finish before continueDidReceiveResponse. > if (m_networkLoad) >@@ -733,6 +770,15 @@ void NetworkResourceLoader::didRetrieveCacheEntry(std::unique_ptr<NetworkCache:: > } > > response = sanitizeResponseIfPossible(WTFMove(response), ResourceResponse::SanitizationType::CrossOriginSafe); >+ >+ if (m_shouldDeferSendingResponseUntilCompletion) { >+ auto error = m_networkLoadChecker->validateSubresourceIntegrity(entry->buffer()); >+ if (!error.isNull()) { >+ didFailLoading(error); >+ return; >+ } >+ } >+ > if (isSynchronous()) { > m_synchronousLoadData->response = WTFMove(response); > sendReplyToSynchronousRequest(*m_synchronousLoadData, entry->buffer()); >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >index 8769708c0a200dd261bf16ff92669e8a2364548a..a9c35645e052116c885f594a02b127d28dea3021 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoader.h >@@ -134,6 +134,9 @@ private: > void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad); > void continueDidReceiveResponse(); > >+ ShouldContinueDidReceiveResponse didSendReceivedResponse(); >+ void didSendBufferedDataAfterFinishedLoading(const WebCore::NetworkLoadMetrics&); >+ > void cleanup(); > > void platformDidReceiveResponse(const WebCore::ResourceResponse&); >@@ -184,6 +187,8 @@ private: > bool m_isWaitingContinueWillSendRequestForCachedRedirect { false }; > std::unique_ptr<NetworkCache::Entry> m_cacheEntryWaitingForContinueDidReceiveResponse; > RefPtr<NetworkLoadChecker> m_networkLoadChecker; >+ bool m_shouldDeferSendingResponseUntilCompletion { false }; >+ std::optional<WebCore::NetworkLoadMetrics> m_networkLoadMetrics; > }; > > } // namespace WebKit >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 9ebfeca9cec36644403ca3a473ea9e447fa79ee8..f96f9b829e8ae316cb2ad43b9051bbc56724ae13 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,19 @@ >+2018-04-30 Youenn Fablet <youenn@apple.com> >+ >+ Do SRI checks in NetworkProcess >+ https://bugs.webkit.org/show_bug.cgi?id=185154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ fix-185154 >+ >+ * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt: >+ * http/tests/subresource-integrity/sri-fetch-expected.txt: >+ * http/tests/subresource-integrity/sri-fetch-worker-expected.txt: >+ * http/tests/subresource-integrity/sri-module-expected.txt: >+ * http/tests/subresource-integrity/sri-script-expected.txt: >+ * http/tests/subresource-integrity/sri-style-expected.txt: >+ > 2018-04-30 Youenn Fablet <youenn@apple.com> > > Use NetworkLoadChecker for navigation loads >diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog >index a4f312415438db70eca411c962f93e2b61e6eb25..ded26f83e48b2423f5c5e48849d83e1c8f28222d 100644 >--- a/LayoutTests/imported/w3c/ChangeLog >+++ b/LayoutTests/imported/w3c/ChangeLog >@@ -1,3 +1,14 @@ >+2018-04-30 Youenn Fablet <youenn@apple.com> >+ >+ Do SRI checks in NetworkProcess >+ https://bugs.webkit.org/show_bug.cgi?id=185154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ fix-185154 >+ >+ * web-platform-tests/fetch/api/basic/integrity-expected.txt: >+ > 2018-04-27 Ryan Haddad <ryanhaddad@apple.com> > > Rebaseline imported/w3c/web-platform-tests/url/url-setters.html after r231110. >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt >index d327476418697c07ccb7d22d6bcf59047ea58cee..8591c9c7fa7e2d3e513a40fa54ee31cd6bf470ba 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt >@@ -1,5 +1,7 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check. >-CONSOLE MESSAGE: line 107: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css. Failed integrity metadata check. > > PASS Test that Subresource Integrity's 'integrity' property is exposed on the <link> element. > PASS Test that Subresource Integrity's 'integrity' property is exposed on the <script> element. >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt >index 45739d465daeb3a0e146affea0d88e08d2ae2c81..a697486dd1b59fffe80f9cfc8612f28d1ef24ad0 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt >@@ -1,14 +1,19 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8000/subresource-integrity/resources/resource.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-anon-resource.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-creds-resource.txt. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt due to access control checks. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt due to access control checks. >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt due to access control checks. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8000/subresource-integrity/resources/crossorigin-ineligible-resource.txt. > > PASS Empty string integrity > PASS SHA-256 integrity >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt >index cf0b0f1260d8eeb082268aeced880e68d77aaa1e..83aea9fb24f01a732d48a95cf32eccf560265588 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt >@@ -1,6 +1,11 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Failed integrity metadata check. > > PASS Empty string integrity > PASS SHA-256 integrity >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt >index e4508411dcda75c6bbdecb342ff00cc24c2547a2..5021d8473279006ae6388f37453212ca29307f68 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt >@@ -1,10 +1,16 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest-module.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script-module.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script-module.js. Failed integrity metadata check. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. > > PASS Module: Same-origin with correct sha256 hash. >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt >index e8f078a0420d59605acebc46df28b04ab5172f2f..ea258b99aa62ec6e0bf733c9a84983a5a9de5343 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt >@@ -1,12 +1,20 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script.js. Failed integrity metadata check. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. > CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. > > PASS Script: Same-origin with correct sha256 hash. >diff --git a/LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt >index 456df6ef5b2c852ca628f5ae0d93f315ed877ba8..2d6e3317500e81cfcbbbd21a15a4a7874e464ca7 100644 >--- a/LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt >+++ b/LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt >@@ -1,10 +1,17 @@ >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?5. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?9. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&2. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-creds-style.css?&2. Failed integrity metadata check. > CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&3. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&4. Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. > CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/alternate.css?2. Failed integrity metadata check. > > PASS Style: Same-origin with correct sha256 hash >diff --git a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt >index b44f6cc105fcbcdd0141058af9523bfe9bcae9e4..1b5897802fe09aff18081055319985b641b3c3a2 100644 >--- a/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt >+++ b/LayoutTests/imported/w3c/web-platform-tests/fetch/api/basic/integrity-expected.txt >@@ -1,7 +1,11 @@ >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. Failed integrity metadata check. >-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/fetch/api/resources/top.txt?pipe=header(Access-Control-Allow-Origin,*). Failed integrity metadata check. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/top.txt. >+CONSOLE MESSAGE: Failed integrity metadata check. >+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/fetch/api/resources/top.txt?pipe=header(Access-Control-Allow-Origin,*). > > PASS Empty string integrity > PASS SHA-256 integrity
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=339170">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185154
:
339170
|
339172
|
339173
|
339174
|
339175
|
339176
|
339179
|
339180
|
339181
|
339183
|
339185