38705 2010-05-06 17:21:03 -0700 chromium fails http/tests/sandbox-inherit-to-initial-document-2 2012-01-13 11:44:55 -0800 1 1 1 Unclassified WebKit Evangelism 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 dpranke webkit-unassigned abarth dpranke eric jamesr pfeldman rajivmakhijani webkit.review.bot oldest_to_newest 222073 0 dpranke 2010-05-06 17:21:03 -0700 WebKit Mac passes the test fine, but when Chromium runs it, it keels over with an uncaught TypeError trying to dereference frames[0] (the outer one) on line 30. It looks like the frame is not loading properly. Remove the sandbox tag and the test passes. 222075 1 55323 dpranke 2010-05-06 17:28:48 -0700 Created attachment 55323 Patch to test case - doesn't actually fix the bug 222076 2 dpranke 2010-05-06 17:29:52 -0700 Note that the patch doesn't fix the bug, it just changes the test to make it fail faster and more clearly. This bug should stay open until chromium is actually fixed. Although this is a failing security test, we don't think there's a security issue here. 222151 3 55323 ap 2010-05-06 21:37:04 -0700 Comment on attachment 55323 Patch to test case - doesn't actually fix the bug OK. 222700 4 dpranke 2010-05-07 16:51:28 -0700 Committed r58984: <http://trac.webkit.org/changeset/58984> 222701 5 dpranke 2010-05-07 16:52:05 -0700 re-opening; committed the change patching the test, but the bug still exists. 251526 6 61584 rajivmakhijani 2010-07-14 17:10:36 -0700 Created attachment 61584 Patch 251528 7 rajivmakhijani 2010-07-14 17:15:31 -0700 I traced back this problem as follows: WebCore::FrameLoader::isSandboxed WebCore::ScriptController::canExecuteScripts WebCore::V8Proxy::retrieve WebCore::V8Proxy::mainWorldContext WebCore::V8Proxy::context WebCore::toV8 WebCore::V8DomWindow::indexedPropertyGetter I could not find any reason why "retrieve" needed to check that canExecuteScripts was okay in this case. This check was causing undefined to be returned because the sandbox attribute did not include "allow-scripts." I also investigated whether other uses of "retrieve" were reliant on this check, but I could find no such instances. Therefore I have attached a patch which removes the canExecuteScripts check. 251544 8 abarth 2010-07-14 17:33:18 -0700 This is a scary change since this function is called all over the place. I've asked Rajiv to look at all the clients of this function to make sure they aren't using this function as a proxy for canExecuteScript. @Rajiv: did you find any that would do the wrong thing after this patch? 251558 9 rajivmakhijani 2010-07-14 17:58:35 -0700 I looked through all the direct calls to retrieve(frame) and could not find anything that I believe would do the wrong thing, but the code that makes use of this is very extensive. No where does there seem to be a reliance on canExecuteScript being called, and all the standard frame sandboxing is still matching WebKits behavior in regards to allowing scripts. Possibly related bug that also seems like it may be resolved by this: 39830. 255536 10 61584 dpranke 2010-07-23 13:36:36 -0700 Comment on attachment 61584 Patch This change looks good to me, but I'm not a reviewer. Adam, are we good with this? 255540 11 61584 abarth 2010-07-23 13:49:37 -0700 Comment on attachment 61584 Patch Ok... This patch still scares me, but I appreciate that you've looked at all the call sites. I'm not sure what else we can do before landing this patch to validate that this is the behavior that all the clients expect. Please be on the lookout for issues cause by this change. 259257 12 dpranke 2010-08-02 19:25:37 -0700 Committed r64525: <http://trac.webkit.org/changeset/64525> 259281 13 pfeldman 2010-08-02 21:46:53 -0700 This change regressed layout tests (new crasher) on all the canary bots, I am going to roll it out. http://build.chromium.org/buildbot/waterfall.fyi/builders/Webkit%20(webkit.org)/builds/33045/steps/webkit_tests/logs/stdio Regressions: Unexpected DumpRenderTree crashes : (1) editing/pasteboard/drag-image-in-about-blank-frame.html = CRASH 259282 14 dpranke 2010-08-02 21:49:26 -0700 Okay, thanks for catching this, Pavel. It's weird that this caused a crash; I'll look into it tomorrow. 259283 15 pfeldman 2010-08-02 21:59:16 -0700 Yeah, should be something simple - consistent crash, probably access violation. Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog M LayoutTests/http/tests/security/sandbox-inherit-to-initial-document-2.html M LayoutTests/platform/chromium/test_expectations.txt M WebCore/ChangeLog M WebCore/bindings/v8/V8Proxy.cpp Committed r64529 259393 16 webkit.review.bot 2010-08-03 05:32:59 -0700 http://trac.webkit.org/changeset/64525 might have broken Leopard Intel Debug (Tests) The following changes are on the blame list: http://trac.webkit.org/changeset/64517 http://trac.webkit.org/changeset/64518 http://trac.webkit.org/changeset/64519 http://trac.webkit.org/changeset/64520 http://trac.webkit.org/changeset/64521 http://trac.webkit.org/changeset/64522 http://trac.webkit.org/changeset/64523 http://trac.webkit.org/changeset/64524 http://trac.webkit.org/changeset/64525 http://trac.webkit.org/changeset/64526 http://trac.webkit.org/changeset/64527 260346 17 dpranke 2010-08-04 19:31:41 -0700 Okay, I think the crash is being caused because we removed the call to CanExecuteScripts(), which was probably returning false for some non-sandbox related issue for that particular test. As a result, we end up trying to fetch a proxy object and tripping over a null pointer somewhere. 260353 18 dpranke 2010-08-04 20:13:01 -0700 yup, that's pretty much what's going on. I think it's because we're creating an about:blank iframe in the page, which can't execute scripts, but we're removing that check. We need some way to skip the sandbox check in canExecuteScripts() for this particular test, but I'm not familiar enough with the code to know what the right way to do that safely is. Adam, can we simply change if (m_frame->loader()->isSandboxed(SandboxScripts)) to if (reason == AboutToExecuteScript && ...) ? or do we have to add an additional enum to ReasonForCallingCanExecuteScripts or is there something else flawed here? 260365 19 abarth 2010-08-04 20:32:40 -0700 Maybe I've lost context, but I don't understand why we want to ignore the sandbox bit when deciding whether a frame can execute script. 260387 20 dpranke 2010-08-04 22:01:02 -0700 (In reply to comment #19) > Maybe I've lost context, but I don't understand why we want to ignore the sandbox bit when deciding whether a frame can execute script. I'll let Rajiv reply for sure, but I thought the conclusion was that this particular retrieve() call shouldn't be checking for the presence of a sandbox. I imagine there are other callers of canExecuteScript() that do care about the sandbox flag. What I wasn't sure of was if any of them would also have the NotAboutToExecuteScript reason. 260423 21 abarth 2010-08-04 23:30:45 -0700 I'll need to get back up to speed here, but the approach in Comment #18 doesn't sound right. 260790 22 rajivmakhijani 2010-08-05 12:58:56 -0700 (In reply to comment #19) > Maybe I've lost context, but I don't understand why we want to ignore the sandbox bit when deciding whether a frame can execute script. In the situation which test case addresses, the parent window is trying to get access to one of its sandboxed iframes via window.frames[]. It should only be able to do this if the iframed page is on the same origin and the sandbox attribute has the keyword "allow-same-origin". The sandboxed page should still be prevented from executing scripts, but the parent page should be able to access the sandboxed page's DOM via Javascript executing in the parent: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-srcdoc | The allow-same-origin attribute is intended for two cases. | | First, it can be used to allow content from the same site to be sandboxed to disable scripting, while still | | allowing access to the DOM of the sandboxed content. In the current situation, the WebCore::ScriptController::canExecuteScripts check in WebCore::V8Proxy::retrieve is preventing WebCore::V8DomWindow::indexedPropertyGetter from giving the parent page access to the sandboxed iframe, unless the sandbox attribute has also allowed scripting in the iframe (via "allow-scripts" in the sandbox attribute). -- However, from my understanding, it seems like removing this check didn't work because there are cases where no JS Context/Proxy to allow access to the DOM is even created for the iframe (such as in about:blank). This does not appear to be the case when the sandbox prevents execution of scripts in the iframe though. 263053 23 61584 abarth 2010-08-10 23:04:35 -0700 Comment on attachment 61584 Patch Sounds like we'll need a new patch if this one crashes. 535861 24 jamesr 2012-01-13 11:44:55 -0800 Appears to be fixed by https://bugs.webkit.org/show_bug.cgi?id=75533, will remove failing expectation 55323 2010-05-06 17:28:48 -0700 2010-08-10 23:04:44 -0700 Patch to test case - doesn't actually fix the bug bug-38705-20100506172847.patch text/plain 2839 dpranke ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA3NTJjOWI1Y2U3NTFjY2VlZWU5NmUxYjAxMWRjZWU2NTk4Nzg1NTc5Li5kYjNjNjk5 NzY3MGMyZjRhZGY2M2Q0NmVkNjRmY2MwMzUwYzY3YzA0IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0 cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMTggQEAK IDIwMTAtMDUtMDYgIERpcmsgUHJhbmtlICA8ZHByYW5rZUBjaHJvbWl1bS5vcmc+CiAKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgUmV3cml0ZSB0ZXN0IHRv IGZhaWwgZmFzdGVyIGlmIHRoZSBpbm5lciBmcmFtZSBkb2Vzbid0IGxvYWQgYXQgYWxsCisgICAg ICAgIGZvciBzb21lIHJlYXNvbiAocHJldmlvdXMgdmVyc2lvbiB3b3VsZCByYWlzZSBhIFR5cGVF cnJvciBiZWZvcmUKKyAgICAgICAgdGhlIHRpbWVvdXQgd2FzIHNldCkuCisKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTM4NzA1CisKKyAgICAgICAgKiBo dHRwL3Rlc3RzL3NlY3VyaXR5L3NhbmRib3gtaW5oZXJpdC10by1pbml0aWFsLWRvY3VtZW50LTIu aHRtbDoKKyAgICAgICAgKiBwbGF0Zm9ybS9jaHJvbWl1bS90ZXN0X2V4cGVjdGF0aW9ucy50eHQ6 CisKKzIwMTAtMDUtMDYgIERpcmsgUHJhbmtlICA8ZHByYW5rZUBjaHJvbWl1bS5vcmc+CisKICAg ICAgICAgVW5yZXZpZXdlZCwgZXhwZWN0YXRpb25zIGZpeC4KIAogICAgICAgICBEZWxldGUgYSBs aW5lIGZvciBhIHRlc3QgdGhhdCBpcyBubyBsb25nZXIgZmFpbGluZyBvbiBjaHJvbWl1bSBsaW51 eC4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvc2FuZGJveC1p bmhlcml0LXRvLWluaXRpYWwtZG9jdW1lbnQtMi5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0 cy9zZWN1cml0eS9zYW5kYm94LWluaGVyaXQtdG8taW5pdGlhbC1kb2N1bWVudC0yLmh0bWwKaW5k ZXggYzE3MjIwZTA3MjdjOTMwYmFlNjgwYTU0MTVhOTJiYTAzNmYzNzk3Yi4uNDc0M2EzM2UxYjlm YmQxZDk5NjAwYTFkMWZmYjliOWU3YmQ3YzA5MyAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvaHR0 cC90ZXN0cy9zZWN1cml0eS9zYW5kYm94LWluaGVyaXQtdG8taW5pdGlhbC1kb2N1bWVudC0yLmh0 bWwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9zYW5kYm94LWluaGVyaXQt dG8taW5pdGlhbC1kb2N1bWVudC0yLmh0bWwKQEAgLTI3LDEzICsyNywxNiBAQCBmdW5jdGlvbiB0 aW1lZE91dCgpCiAKIGZ1bmN0aW9uIHRlc3QoKQogewotICAgIHZhciBkb2MgPSBmcmFtZXNbMF0u ZnJhbWVzWzBdLmRvY3VtZW50OwotICAgIHZhciBzY3IgPSBkb2MuY3JlYXRlRWxlbWVudCgic2Ny aXB0Iik7Ci0gICAgc2NyLmFwcGVuZENoaWxkKGRvYy5jcmVhdGVUZXh0Tm9kZSgidG9wLnNjcmlw dFdvcmtlZCgpIikpOwotCi0gICAgdGltZW91dElkID0gc2V0VGltZW91dCh0aW1lZE91dCwgMTAp OwotCi0gICAgZG9jLmJvZHkuYXBwZW5kQ2hpbGQoc2NyKTsKKyAgICBpZiAoZnJhbWVzWzBdKSB7 CisgICAgICAgIHZhciBkb2MgPSBmcmFtZXNbMF0uZnJhbWVzWzBdLmRvY3VtZW50OworICAgICAg ICB2YXIgc2NyID0gZG9jLmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpOworICAgICAgICBzY3IuYXBw ZW5kQ2hpbGQoZG9jLmNyZWF0ZVRleHROb2RlKCJ0b3Auc2NyaXB0V29ya2VkKCkiKSk7CisgICAg ICAgIHRpbWVvdXRJZCA9IHNldFRpbWVvdXQodGltZWRPdXQsIDEwKTsKKyAgICAgICAgZG9jLmJv ZHkuYXBwZW5kQ2hpbGQoc2NyKTsKKyAgICB9IGVsc2UgeworICAgICAgICBkb2N1bWVudC5nZXRF bGVtZW50QnlJZCgicmVzdWx0IikuaW5uZXJIVE1MID0gIkZBSUw6IG5vIGlubmVyIGZyYW1lIjsK KyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworICAgIH0KIH0KIDwv c2NyaXB0PgogPC9ib2R5PgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vY2hyb21p dW0vdGVzdF9leHBlY3RhdGlvbnMudHh0IGIvTGF5b3V0VGVzdHMvcGxhdGZvcm0vY2hyb21pdW0v dGVzdF9leHBlY3RhdGlvbnMudHh0CmluZGV4IGYyMjkwY2RiMzE5NjVmMDc1NGI2N2NiOTA2YzNi N2JlN2FkYTVjMWYuLjUwN2VlZTFlMGVkNGY0NjRmNzViZmUyYzY2MTFkYTY5YzkyNDA0NTkgMTAw NjQ0Ci0tLSBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL3Rlc3RfZXhwZWN0YXRpb25z LnR4dAorKysgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9jaHJvbWl1bS90ZXN0X2V4cGVjdGF0aW9u cy50eHQKQEAgLTI4MDEsNyArMjgwMSw3IEBAIEJVR1lBQVIgV0lOIDogZmFzdC9mb3Jtcy9zZWFy Y2hmaWVsZC1oZWlnaHRzLmh0bWwgPSBJTUFHRQogLy8gR1N0cmVhbWVyIC0gZGlzYWJsZWQgaW4g Q2hyb21pdW0KIFdPTlRGSVggOiBtZWRpYS92aWRlby1kdXJhdGlvbi1rbm93bi1hZnRlci1lb3Mu aHRtbCA9IFRFWFQgVElNRU9VVAogCi1CVUdEUFJBTktFIDogaHR0cC90ZXN0cy9zZWN1cml0eS9z YW5kYm94LWluaGVyaXQtdG8taW5pdGlhbC1kb2N1bWVudC0yLmh0bWwgPSBQQVNTIFRJTUVPVVQK K0JVR1dLMzg3MDUgOiBodHRwL3Rlc3RzL3NlY3VyaXR5L3NhbmRib3gtaW5oZXJpdC10by1pbml0 aWFsLWRvY3VtZW50LTIuaHRtbCA9IFRFWFQKIAogQlVHRFBSQU5LRSBMSU5VWCA6IHN2Zy9XM0Mt U1ZHLTEuMS9mb250cy1rZXJuLTAxLXQuc3ZnID0gSU1BR0UKIEJVR0RQUkFOS0UgTElOVVggOiBz dmcvVzNDLVNWRy0xLjEvcmVuZGVyLWdyb3Vwcy0wMS1iLnN2ZyA9IElNQUdFCg== 61584 2010-07-14 17:10:36 -0700 2010-08-10 23:04:52 -0700 Patch bug-38705-20100714171033.patch text/plain 3484 rajivmakhijani SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MzM2NykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMTAtMDctMTQgIFJhaml2IE1ha2hpamFuaSAgPHJhaml2bWFraGlq YW5pQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4g CisKKyAgICAgICAgQnVnIDM4NzA1IC0gW3Y4XSBjaHJvbWl1bSBmYWlscyBodHRwL3Rlc3RzL3Nh bmRib3gtaW5oZXJpdC10by1pbml0aWFsLWRvY3VtZW50LTIKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTM4NzA1CisKKyAgICAgICAgV2ViQ29yZTo6VjhQ cm94eTo6cmV0cmlldmUoRnJhbWUqIGZyYW1lKSBjYWxscyBXZWJDb3JlOjpTY3JpcHRDb250cm9s bGVyOjpjYW5FeGVjdXRlU2NyaXB0cworICAgICAgICBhbmQgcmV0dXJucyAwIGlmIGNhbkV4ZWN1 dGVTY3JpcHRzIGlzIGZhbHNlLiBJdCBzaG91bGQgcmV0dXJuIHRoZSBwcm94eSByZWdhcmRsZXNz CisgICAgICAgIG9mIHdoZXRoZXIgdGhlIGZyYW1lIGNhbiBleGVjdXRlIHNjcmlwdHMuCisKKyAg ICAgICAgKiBiaW5kaW5ncy92OC9WOFByb3h5LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlY4UHJv eHk6OnJldHJpZXZlKTogUmVtb3ZlZCBjYW5FeGVjdXRlU2NyaXB0cyBjaGVjay4KKwogMjAxMC0w Ny0xNCAgRGFyaW4gQWRsZXIgIDxkYXJpbkBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQg YnkgU2FtIFdlaW5pZy4KSW5kZXg6IFdlYkNvcmUvYmluZGluZ3MvdjgvVjhQcm94eS5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gV2ViQ29yZS9iaW5kaW5ncy92OC9WOFByb3h5LmNwcAkocmV2aXNpb24gNjMz NjcpCisrKyBXZWJDb3JlL2JpbmRpbmdzL3Y4L1Y4UHJveHkuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC02MjcsNyArNjI3LDcgQEAgVjhQcm94eSogVjhQcm94eTo6cmV0cmlldmUoRnJhbWUqIGZyYW1l KQogewogICAgIGlmICghZnJhbWUpCiAgICAgICAgIHJldHVybiAwOwotICAgIHJldHVybiBmcmFt ZS0+c2NyaXB0KCktPmNhbkV4ZWN1dGVTY3JpcHRzKE5vdEFib3V0VG9FeGVjdXRlU2NyaXB0KSA/ IGZyYW1lLT5zY3JpcHQoKS0+cHJveHkoKSA6IDA7CisgICAgcmV0dXJuIGZyYW1lLT5zY3JpcHQo KS0+cHJveHkoKTsKIH0KIAogVjhQcm94eSogVjhQcm94eTo6cmV0cmlldmUoU2NyaXB0RXhlY3V0 aW9uQ29udGV4dCogY29udGV4dCkKSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDYzMzY3KQorKysgTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTAtMDct MTQgIFJhaml2IE1ha2hpamFuaSAgPHJhaml2bWFraGlqYW5pQGNocm9taXVtLm9yZz4KKworICAg ICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZGRlZCBtaXNzaW5n ICJpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSIgY2hlY2suCisgICAgICAgIFJlbW92 ZWQgZXhwZWN0YXRpb24gZm9yIHRlc3QgY2FzZSB0aGF0IHNob3VsZCBub3cgcGFzcyB3aXRoIHRo aXMgYnVnZml4LgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0zODcwNQorCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9zYW5kYm94LWluaGVy aXQtdG8taW5pdGlhbC1kb2N1bWVudC0yLmh0bWw6IAorICAgICAgICAqIHBsYXRmb3JtL2Nocm9t aXVtL3Rlc3RfZXhwZWN0YXRpb25zLnR4dDogCisKIDIwMTAtMDctMTQgIERhcmluIEFkbGVyICA8 ZGFyaW5AYXBwbGUuY29tPgogCiAgICAgICAgICogcGxhdGZvcm0vbWFjLXNub3dsZW9wYXJkL1Nr aXBwZWQ6IFJlbW92ZWQgYSBib2d1cyBmaWxlbmFtZSBmb3IgYSBmaWxlIHRoYXQgZG9lcyBub3QK SW5kZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvc2FuZGJveC1pbmhlcml0LXRv LWluaXRpYWwtZG9jdW1lbnQtMi5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAv dGVzdHMvc2VjdXJpdHkvc2FuZGJveC1pbmhlcml0LXRvLWluaXRpYWwtZG9jdW1lbnQtMi5odG1s CShyZXZpc2lvbiA2MzM2NykKKysrIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvc2Fu ZGJveC1pbmhlcml0LXRvLWluaXRpYWwtZG9jdW1lbnQtMi5odG1sCSh3b3JraW5nIGNvcHkpCkBA IC0zNSw3ICszNSw5IEBAIGZ1bmN0aW9uIHRlc3QoKQogICAgICAgICBkb2MuYm9keS5hcHBlbmRD aGlsZChzY3IpOwogICAgIH0gZWxzZSB7CiAgICAgICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlk KCJyZXN1bHQiKS5pbm5lckhUTUwgPSAiRkFJTDogbm8gaW5uZXIgZnJhbWUiOwotICAgICAgICBs YXlvdXRUZXN0Q29udHJvbGxlci5ub3RpZnlEb25lKCk7CisgICAgICAgIGlmICh3aW5kb3cubGF5 b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLm5v dGlmeURvbmUoKTsKKyAgICAgICAgfQogICAgIH0KIH0KIDwvc2NyaXB0PgpJbmRleDogTGF5b3V0 VGVzdHMvcGxhdGZvcm0vY2hyb21pdW0vdGVzdF9leHBlY3RhdGlvbnMudHh0Cj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIExheW91dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL3Rlc3RfZXhwZWN0YXRpb25zLnR4dAko cmV2aXNpb24gNjMzNjcpCisrKyBMYXlvdXRUZXN0cy9wbGF0Zm9ybS9jaHJvbWl1bS90ZXN0X2V4 cGVjdGF0aW9ucy50eHQJKHdvcmtpbmcgY29weSkKQEAgLTI3NzIsOCArMjc3Miw2IEBAIEJVRzQz OTYzIExJTlVYIDogZmFzdC9mb3Jtcy9zZWFyY2hmaWVsZC0KIEJVRzQzOTYwIFdJTiBMSU5VWCA6 IGZhc3QvY3NzL2lucHV0LXNlYXJjaC1wYWRkaW5nLmh0bWwgPSBJTUFHRStURVhUCiBCVUc0Mzk2 MCBNQUMgOiBmYXN0L2Nzcy9pbnB1dC1zZWFyY2gtcGFkZGluZy5odG1sID0gSU1BR0UKIAotQlVH V0szODcwNSA6IGh0dHAvdGVzdHMvc2VjdXJpdHkvc2FuZGJveC1pbmhlcml0LXRvLWluaXRpYWwt ZG9jdW1lbnQtMi5odG1sID0gVEVYVAotCiAvLyBOZWVkcyBuZXcgYmFzZWxpbmVzCiBCVUdKQU1F U1IgV0lOIDogZmFzdC9jc3MvbmVzdGVkLXJvdW5kZWQtY29ybmVycy5odG1sID0gSU1BR0UgTUlT U0lORwogCg==