WebKit Bugzilla
Attachment 342789 Details for
Bug 186291
: EWS for security bugs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[Patch] Part 2 - Bugzilla extension
Bug186291-part2_1.patch (text/plain), 16.16 KB, created by
Daniel Bates
on 2018-06-14 21:45:09 PDT
(
hide
)
Description:
[Patch] Part 2 - Bugzilla extension
Filename:
MIME Type:
Creator:
Daniel Bates
Created:
2018-06-14 21:45:09 PDT
Size:
16.16 KB
patch
obsolete
>From ddf56188d9646e04f4692785cec46a3387da980d Mon Sep 17 00:00:00 2001 >From: Daniel Bates <dbates@webkit.org> >Date: Thu, 14 Jun 2018 21:43:41 -0700 >Subject: [PATCH] EWS for security bugs > https://bugs.webkit.org/show_bug.cgi?id=186291 <rdar://problem/40829658> > >Reviewed by NOBODY (OOPS!). > >Part 2 of 2. > >Adds a new Bugzilla extension that will automatically CC the EWS feeder queue >on each bug that has a patch up for review, including security bugs. This allows >the WebKit OpenSource Project to use an unprivileged Bugzilla account for the >EWS feeder queue. > >* extensions/EWS/Config.pm: Added. >* extensions/EWS/Extension.pm: Added. >(new): Initialize some bookkeeping variables we use to track whether we have seen >a value change event for the review flag and whether we need to CC the feeder. The latter >we need to track because we can only make changes to the CC list in the callback >bug_start_of_update(). >(object_before_set): This callback is called each time a setter is called on a Bugzilla >object. Check if the review flag was set to ? and do some bookkeeping. Although tempting >to do such work in the callback flag_end_of_update() instead of object_before_set() doing >such work would come AFTER we get callback bug_start_of_update() and hence after we have >committed the CC list of the bug to the database. Moreover, the "interface to [flag_end_of_update()] >is UNSTABLE and it may change in the future" according to <https://github.com/bugzilla/bugzilla/blob/d7cf1c91949248222806f5a32f485b12eab8806f/Bugzilla/Hook.pm#L797>. >(bug_start_of_update): Add the EWS feeder queue to the list of CC members of the bug, if needed. >(config_add_panels): Adds a new panel to the Administration Parameters screen. >(isReviewFlag): Helper function that returns whether the specified Bugzilla::Object represents >the review flag. >* extensions/EWS/docs/en/rst/index-admin.rst: Added. >* extensions/EWS/lib/ParamsPanelUI.pm: Added. >(checkUser): Helper function to determine if there exists a Bugzilla user corresponding to >the specified login name. >(get_param_list): Add configurable field to the Administration Parameters screen to specify >the login name of the EWS feeder queue. >* extensions/EWS/template/en/default/admin/params/ews.html.tmpl: Added. >--- > Websites/bugs.webkit.org/ChangeLog | 39 +++++++++ > Websites/bugs.webkit.org/extensions/EWS/Config.pm | 32 ++++++++ > .../bugs.webkit.org/extensions/EWS/Extension.pm | 92 ++++++++++++++++++++++ > .../extensions/EWS/docs/en/rst/index-admin.rst | 24 ++++++ > .../extensions/EWS/lib/ParamsPanelUI.pm | 59 ++++++++++++++ > .../template/en/default/admin/params/ews.html.tmpl | 36 +++++++++ > 6 files changed, 282 insertions(+) > create mode 100644 Websites/bugs.webkit.org/extensions/EWS/Config.pm > create mode 100644 Websites/bugs.webkit.org/extensions/EWS/Extension.pm > create mode 100644 Websites/bugs.webkit.org/extensions/EWS/docs/en/rst/index-admin.rst > create mode 100644 Websites/bugs.webkit.org/extensions/EWS/lib/ParamsPanelUI.pm > create mode 100644 Websites/bugs.webkit.org/extensions/EWS/template/en/default/admin/params/ews.html.tmpl > >diff --git a/Websites/bugs.webkit.org/ChangeLog b/Websites/bugs.webkit.org/ChangeLog >index 832b1f537e2..a5561c3f9a8 100644 >--- a/Websites/bugs.webkit.org/ChangeLog >+++ b/Websites/bugs.webkit.org/ChangeLog >@@ -1,3 +1,42 @@ >+2018-06-14 Daniel Bates <dabates@apple.com> >+ >+ EWS for security bugs >+ https://bugs.webkit.org/show_bug.cgi?id=186291 >+ <rdar://problem/40829658> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Part 2 of 2. >+ >+ Adds a new Bugzilla extension that will automatically CC the EWS feeder queue >+ on each bug that has a patch up for review, including security bugs. This allows >+ the WebKit OpenSource Project to use an unprivileged Bugzilla account for the >+ EWS feeder queue. >+ >+ * extensions/EWS/Config.pm: Added. >+ * extensions/EWS/Extension.pm: Added. >+ (new): Initialize some bookkeeping variables we use to track whether we have seen >+ a value change event for the review flag and whether we need to CC the feeder. The latter >+ we need to track because we can only make changes to the CC list in the callback >+ bug_start_of_update(). >+ (object_before_set): This callback is called each time a setter is called on a Bugzilla >+ object. Check if the review flag was set to ? and do some bookkeeping. Although tempting >+ to do such work in the callback flag_end_of_update() instead of object_before_set() doing >+ such work would come AFTER we get callback bug_start_of_update() and hence after we have >+ committed the CC list of the bug to the database. Moreover, the "interface to [flag_end_of_update()] >+ is UNSTABLE and it may change in the future" according to <https://github.com/bugzilla/bugzilla/blob/d7cf1c91949248222806f5a32f485b12eab8806f/Bugzilla/Hook.pm#L797>. >+ (bug_start_of_update): Add the EWS feeder queue to the list of CC members of the bug, if needed. >+ (config_add_panels): Adds a new panel to the Administration Parameters screen. >+ (isReviewFlag): Helper function that returns whether the specified Bugzilla::Object represents >+ the review flag. >+ * extensions/EWS/docs/en/rst/index-admin.rst: Added. >+ * extensions/EWS/lib/ParamsPanelUI.pm: Added. >+ (checkUser): Helper function to determine if there exists a Bugzilla user corresponding to >+ the specified login name. >+ (get_param_list): Add configurable field to the Administration Parameters screen to specify >+ the login name of the EWS feeder queue. >+ * extensions/EWS/template/en/default/admin/params/ews.html.tmpl: Added. >+ > 2018-05-22 Roy Reapor <rreapor@apple.com> > > Host jquery on webkit.org instead of 3rd party >diff --git a/Websites/bugs.webkit.org/extensions/EWS/Config.pm b/Websites/bugs.webkit.org/extensions/EWS/Config.pm >new file mode 100644 >index 00000000000..4a7343b30e9 >--- /dev/null >+++ b/Websites/bugs.webkit.org/extensions/EWS/Config.pm >@@ -0,0 +1,32 @@ >+# Copyright (C) 2018 Apple Inc. All rights reserved. >+# >+# Redistribution and use in source and binary forms, with or without >+# modification, are permitted provided that the following conditions >+# are met: >+# 1. Redistributions of source code must retain the above copyright >+# notice, this list of conditions and the following disclaimer. >+# 2. Redistributions in binary form must reproduce the above copyright >+# notice, this list of conditions and the following disclaimer in the >+# documentation and/or other materials provided with the distribution. >+# >+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY >+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY >+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; >+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON >+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS >+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ >+package Bugzilla::Extension::EWS; >+ >+use strict; >+use warnings; >+ >+use constant NAME => "EWS"; >+use constant REQUIRED_MODULES => []; >+use constant OPTIONAL_MODULES => []; >+ >+__PACKAGE__->NAME; >diff --git a/Websites/bugs.webkit.org/extensions/EWS/Extension.pm b/Websites/bugs.webkit.org/extensions/EWS/Extension.pm >new file mode 100644 >index 00000000000..b4214acc0f9 >--- /dev/null >+++ b/Websites/bugs.webkit.org/extensions/EWS/Extension.pm >@@ -0,0 +1,92 @@ >+# Copyright (C) 2018 Apple Inc. All rights reserved. >+# >+# Redistribution and use in source and binary forms, with or without >+# modification, are permitted provided that the following conditions >+# are met: >+# 1. Redistributions of source code must retain the above copyright >+# notice, this list of conditions and the following disclaimer. >+# 2. Redistributions in binary form must reproduce the above copyright >+# notice, this list of conditions and the following disclaimer in the >+# documentation and/or other materials provided with the distribution. >+# >+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY >+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY >+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; >+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON >+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS >+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ >+package Bugzilla::Extension::EWS; >+ >+use strict; >+use warnings; >+ >+use parent qw(Bugzilla::Extension); >+ >+use Bugzilla::Constants; >+use Bugzilla::Group; >+use Bugzilla::User; >+ >+our $VERSION = "1.0.0"; >+ >+sub isReviewFlag($); >+ >+sub new >+{ >+ my ($class, @args) = @_; >+ my $self = $class->SUPER::new(@args); >+ $self->{shouldCCFeeder} = 0; >+ $self->{reviewFlagSeen} = 0; >+ return $self; >+} >+ >+sub object_before_set >+{ >+ my ($self, $args) = @_; >+ >+ return if $self->{reviewFlagSeen}; >+ return if !isReviewFlag($args->{object}); >+ >+ my $willChangeValue = defined($args->{field}) && $args->{field} eq "status"; >+ return if !$willChangeValue; >+ >+ my $reviewRequested = $args->{value} eq "?"; >+ $self->{shouldCCFeeder} = 1 if $reviewRequested; >+ $self->{reviewFlagSeen} = 1; >+} >+ >+sub bug_start_of_update >+{ >+ my ($self, $args) = @_; >+ >+ return if !$self->{shouldCCFeeder}; >+ >+ my $feeder = new Bugzilla::User({name => Bugzilla->params->{"ews_feeder_login"}}); >+ return if !$feeder || $feeder->can_see_bug($args->{bug}->id()); >+ >+ $args->{bug}->add_cc($feeder); >+} >+ >+sub config_add_panels >+{ >+ my ($self, $args) = @_; >+ >+ my $modules = $args->{panel_modules}; >+ $modules->{EWS} = "Bugzilla::Extension::EWS::ParamsPanelUI"; >+} >+ >+### >+# Helper functions >+## >+ >+sub isReviewFlag($) >+{ >+ my ($mayBeFlag) = @_; >+ return $mayBeFlag->isa("Bugzilla::Flag") && $mayBeFlag->name() eq "r"; >+} >+ >+__PACKAGE__->NAME; >diff --git a/Websites/bugs.webkit.org/extensions/EWS/docs/en/rst/index-admin.rst b/Websites/bugs.webkit.org/extensions/EWS/docs/en/rst/index-admin.rst >new file mode 100644 >index 00000000000..a9ec4982d7d >--- /dev/null >+++ b/Websites/bugs.webkit.org/extensions/EWS/docs/en/rst/index-admin.rst >@@ -0,0 +1,24 @@ >+EWS >+######### >+ >+The EWS extension provides a mechanism to automatically CC the feeder EWS on restricted bugs >+(e.g. security bugs) that have unreviewed patches. In this way the feeder EWS account can be >+unprivileged. That is, it only needs to have access to publicly visible bugs. >+ >+=================================================== >+Installing this extension >+=================================================== >+ >+Copy the directory that contains the docs subdirectory that this file is under into the Bugzilla >+extension directory. Then run ./checksetup.pl from the top-level Bugzilla installation directory. >+ >+=================================================== >+Configuring the feeder EWS account to use >+=================================================== >+ >+Login to Bugzilla as an administrator, click Administration in the header, then Parameters, and >+then EWS. Set the parameter ews_feeder_login to the login name of the feeder EWS account. Then >+click Save Changes. >+ >+Note that setting ews_feeder_login to the empty string will effectively disable the extension >+though the extension will still be loaded. >diff --git a/Websites/bugs.webkit.org/extensions/EWS/lib/ParamsPanelUI.pm b/Websites/bugs.webkit.org/extensions/EWS/lib/ParamsPanelUI.pm >new file mode 100644 >index 00000000000..cbd997a481c >--- /dev/null >+++ b/Websites/bugs.webkit.org/extensions/EWS/lib/ParamsPanelUI.pm >@@ -0,0 +1,59 @@ >+# Copyright (C) 2018 Apple Inc. All rights reserved. >+# >+# Redistribution and use in source and binary forms, with or without >+# modification, are permitted provided that the following conditions >+# are met: >+# 1. Redistributions of source code must retain the above copyright >+# notice, this list of conditions and the following disclaimer. >+# 2. Redistributions in binary form must reproduce the above copyright >+# notice, this list of conditions and the following disclaimer in the >+# documentation and/or other materials provided with the distribution. >+# >+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY >+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY >+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; >+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON >+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS >+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ >+package Bugzilla::Extension::EWS::ParamsPanelUI; >+ >+use strict; >+use warnings; >+ >+use Bugzilla::Config::Common; >+use Bugzilla::User; >+ >+our $sortkey = 5000; >+ >+sub checkUser($) >+{ >+ my ($name) = @_; >+ if (!$name) { >+ return ""; >+ } >+ my $user = new Bugzilla::User({ name => $name }); >+ if (!defined($user)) { >+ return "Must be an existing login name"; >+ } >+ return ""; >+} >+ >+sub get_param_list >+{ >+ my ($class) = @_; >+ >+ my @parameters = ({ >+ name => "ews_feeder_login", >+ type => "t", >+ default => "", >+ checker => \&checkUser, >+ }); >+ return @parameters; >+} >+ >+1; >diff --git a/Websites/bugs.webkit.org/extensions/EWS/template/en/default/admin/params/ews.html.tmpl b/Websites/bugs.webkit.org/extensions/EWS/template/en/default/admin/params/ews.html.tmpl >new file mode 100644 >index 00000000000..c56d063919c >--- /dev/null >+++ b/Websites/bugs.webkit.org/extensions/EWS/template/en/default/admin/params/ews.html.tmpl >@@ -0,0 +1,36 @@ >+[% >+# Copyright (C) 2018 Apple Inc. All rights reserved. >+# >+# Redistribution and use in source and binary forms, with or without >+# modification, are permitted provided that the following conditions >+# are met: >+# 1. Redistributions of source code must retain the above copyright >+# notice, this list of conditions and the following disclaimer. >+# 2. Redistributions in binary form must reproduce the above copyright >+# notice, this list of conditions and the following disclaimer in the >+# documentation and/or other materials provided with the distribution. >+# >+# THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' AND ANY >+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+# DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY >+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; >+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON >+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS >+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+%] >+[% >+title = "EWS" >+desc = "Configure EWS" >+%] >+ >+[% >+param_descs = { >+ ews_feeder_login => >+ "The login of the feeder EWS queue." >+ _ "<p>This account will be added to the CC list of each bug that has a patch up for review, including bugs " >+ _ "that would normally be inaccessible from this account.</p>", >+} >+%] >-- >2.13.6 (Apple Git-96) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342789">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
lforschler
:
review+
ltilve+ews
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186291
:
341938
|
341939
|
342058
|
342741
|
342744
|
342765
|
342766
|
342767
|
342787
| 342789 |
342819
|
342836
|
342844
|
342858
|
342892
|
342907
|
343010