66963 2011-08-25 11:26:59 -0700 [Chromium] Move untrusted HTTP method/header checking to AssociatedURLLoader. 2011-09-07 11:56:14 -0700 1 1 1 Unclassified WebKit Platform 528+ (Nightly build) All All RESOLVED DUPLICATE 67655 P2 Normal --- 66909 0 bbudge webkit-unassigned darin fishd levin oldest_to_newest 457011 0 bbudge 2011-08-25 11:26:59 -0700 Move method and header checking to AssociatedURLLoader, so we can reuse code in XMLHttpRequest. Add an 'untrustedHttp' option to WebURLLoaderOptions, and if it's set, asynchronously return an error if the HTTP request is unsafe. 457016 1 105224 bbudge 2011-08-25 11:30:14 -0700 Created attachment 105224 Proposed Patch 457050 2 105224 levin 2011-08-25 12:15:55 -0700 Comment on attachment 105224 Proposed Patch View in context: https://bugs.webkit.org/attachment.cgi?id=105224&action=review > Source/WebKit/chromium/public/WebURLLoaderOptions.h:2 > + * Copyright (C) 2011 Google Inc. All rights reserved. In WebKit, we typically don't throw away years like this (but whatever). :) > Source/WebKit/chromium/public/WebURLLoaderOptions.h:45 > + : untrustedHttp(false) Need 4 space indent. > Source/WebKit/chromium/public/WebURLLoaderOptions.h:49 > + , crossOriginRequestPolicy(CrossOriginRequestPolicyDeny) { } Put {} on new lines. > Source/WebKit/chromium/src/AssociatedURLLoader.cpp:73 > + m_isSafe = false; Alternately m_isSafe = m_isSafe && XMLHttpRequest::isSafeRequestHeader(name) && XMLHttpRequest::isValidHeaderValue(value); Also why isn't there a XMLHttpRequest::isValidToken(name) check here? > Source/WebKit/chromium/src/AssociatedURLLoader.cpp:284 > m_clientAdapter->enableErrorNotifications(); Does the didFail go through since the enableErrorNotifications happens here? > Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp:214 > + EXPECT_TRUE(m_didFail); Lines 204-214 seems like that repeat lines 184-194. Can we create a common function instead? Even the first three lines are dups and feel like they should also be a common function. > Source/WebKit/chromium/tests/AssociatedURLLoaderTest.cpp:343 > +} No tests for invalid header values or headers names with invalid tokens. 457159 3 105224 fishd 2011-08-25 14:57:55 -0700 Comment on attachment 105224 Proposed Patch View in context: https://bugs.webkit.org/attachment.cgi?id=105224&action=review >> Source/WebKit/chromium/public/WebURLLoaderOptions.h:45 >> + : untrustedHttp(false) > > Need 4 space indent. nit: untrustedHttp -> untrustedHTTP see webkit style guide where it mentions capitalization rules for acronyms. > Source/WebKit/chromium/src/AssociatedURLLoader.cpp:58 > +class SafeHttpHeaderValidator : public WebHTTPHeaderVisitor { nit: SafeHttp -> SafeHTTP > Source/WebKit/chromium/src/AssociatedURLLoader.cpp:282 > + m_clientAdapter->didFail(ResourceError()); maybe we should have a setDelayedError method to make it more explicit what we are doing here? 463539 4 bbudge 2011-09-07 11:56:14 -0700 *** This bug has been marked as a duplicate of bug 67655 *** 105224 2011-08-25 11:30:14 -0700 2011-08-25 14:57:55 -0700 Proposed Patch diff.txt text/plain 10853 bbudge SW5kZXg6IFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdlTG9nCShyZXZpc2lvbiA5MzgwMikKKysrIFNvdXJj ZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjUg QEAKKzIwMTEtMDgtMjUgIEJpbGwgQnVkZ2UgIDxiYnVkZ2VAY2hyb21pdW0ub3I+CisKKyAgICAg ICAgTW92ZSB1bnRydXN0ZWQgSFRUUCBtZXRob2QvaGVhZGVyIGNoZWNraW5nIHRvIEFzc29jaWF0 ZWRVUkxMb2FkZXIgc28gd2UKKyAgICAgICAgY2FuIHJldXNlIGNvZGUgaW4gWE1MSHR0cFJlcXVl c3QuIEFkZCBhbiAndW50cnVzdGVkSHR0cCcgb3B0aW9uIHRvCisgICAgICAgIFdlYlVSTExvYWRl ck9wdGlvbnMsIGFuZCBpZiBpdCdzIHNldCwgYXN5bmNocm9ub3VzbHkgcmV0dXJuIGFuIGVycm9y IGlmCisgICAgICAgIHRoZSBIVFRQIHJlcXVlc3QgaXMgdW5zYWZlLgorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjY5NjMKKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHB1YmxpYy9XZWJVUkxMb2FkZXJPcHRp b25zLmg6CisgICAgICAgIChXZWJLaXQ6OldlYlVSTExvYWRlck9wdGlvbnM6OldlYlVSTExvYWRl ck9wdGlvbnMpOgorICAgICAgICAqIHNyYy9Bc3NvY2lhdGVkVVJMTG9hZGVyLmNwcDoKKyAgICAg ICAgKFdURjo6U2FmZUh0dHBIZWFkZXJWYWxpZGF0b3I6OlNhZmVIdHRwSGVhZGVyVmFsaWRhdG9y KToKKyAgICAgICAgKFdURjo6U2FmZUh0dHBIZWFkZXJWYWxpZGF0b3I6OmlzU2FmZSk6CisgICAg ICAgIChXVEY6OlNhZmVIdHRwSGVhZGVyVmFsaWRhdG9yOjp2aXNpdEhlYWRlcik6CisgICAgICAg IChXZWJLaXQ6OkFzc29jaWF0ZWRVUkxMb2FkZXI6OmxvYWRBc3luY2hyb25vdXNseSk6CisgICAg ICAgICogdGVzdHMvQXNzb2NpYXRlZFVSTExvYWRlclRlc3QuY3BwOgorICAgICAgICAoV2ViS2l0 OjpBc3NvY2lhdGVkVVJMTG9hZGVyVGVzdDo6Q2hlY2tVbnNhZmVNZXRob2RGYWlscyk6CisgICAg ICAgIChXZWJLaXQ6OkFzc29jaWF0ZWRVUkxMb2FkZXJUZXN0OjpDaGVja1Vuc2FmZUhlYWRlckZh aWxzKToKKyAgICAgICAgKFdlYktpdDo6VEVTVF9GKToKKwogMjAxMS0wOC0yNSAgUGF2ZWwgUG9k aXZpbG92ICA8cG9kaXZpbG92QGNocm9taXVtLm9yZz4KIAogICAgICAgICBVbnJldmlld2VkLCBm aXggY2hyb21pdW0gZGV2dG9vbHMgdGVzdHMuCkluZGV4OiBTb3VyY2UvV2ViS2l0L2Nocm9taXVt L3B1YmxpYy9XZWJVUkxMb2FkZXJPcHRpb25zLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYktp dC9jaHJvbWl1bS9wdWJsaWMvV2ViVVJMTG9hZGVyT3B0aW9ucy5oCShyZXZpc2lvbiA5MzQ4MykK KysrIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vcHVibGljL1dlYlVSTExvYWRlck9wdGlvbnMuaAko d29ya2luZyBjb3B5KQpAQCAtMSw1ICsxLDUgQEAKIC8qCi0gKiBDb3B5cmlnaHQgKEMpIDIwMDks IDIwMTEgR29vZ2xlIEluYy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KKyAqIENvcHlyaWdodCAoQykg MjAxMSBHb29nbGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVkLgogICoKICAqIFJlZGlzdHJpYnV0 aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAog ICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2lu ZyBjb25kaXRpb25zIGFyZQpAQCAtNDEsOCArNDEsMTQgQEAgc3RydWN0IFdlYlVSTExvYWRlck9w dGlvbnMgewogICAgICAgICBDcm9zc09yaWdpblJlcXVlc3RQb2xpY3lBbGxvdwogICAgIH07CiAK LSAgICBXZWJVUkxMb2FkZXJPcHRpb25zKCkgOiBzbmlmZkNvbnRlbnQoZmFsc2UpLCBhbGxvd0Ny ZWRlbnRpYWxzKGZhbHNlKSwgZm9yY2VQcmVmbGlnaHQoZmFsc2UpLCBjcm9zc09yaWdpblJlcXVl c3RQb2xpY3koQ3Jvc3NPcmlnaW5SZXF1ZXN0UG9saWN5RGVueSkgeyB9CisgICAgV2ViVVJMTG9h ZGVyT3B0aW9ucygpCisgICAgICA6IHVudHJ1c3RlZEh0dHAoZmFsc2UpCisgICAgICAsIHNuaWZm Q29udGVudChmYWxzZSkKKyAgICAgICwgYWxsb3dDcmVkZW50aWFscyhmYWxzZSkKKyAgICAgICwg Zm9yY2VQcmVmbGlnaHQoZmFsc2UpCisgICAgICAsIGNyb3NzT3JpZ2luUmVxdWVzdFBvbGljeShD cm9zc09yaWdpblJlcXVlc3RQb2xpY3lEZW55KSB7IH0KIAorICAgIGJvb2wgdW50cnVzdGVkSHR0 cDsgLy8gV2hldGhlciB0byB2YWxpZGF0ZSB0aGUgbWV0aG9kIGFuZCBoZWFkZXJzIGFzIGlmIHRo aXMgd2FzIGFuIFhNTEh0dHBSZXF1ZXN0LgogICAgIGJvb2wgc25pZmZDb250ZW50OyAvLyBXaGV0 aGVyIHRvIHNuaWZmIGNvbnRlbnQuCiAgICAgYm9vbCBhbGxvd0NyZWRlbnRpYWxzOyAvLyBXaGV0 aGVyIHRvIHNlbmQgSFRUUCBjcmVkZW50aWFscyBhbmQgY29va2llcyB3aXRoIHRoZSByZXF1ZXN0 LgogICAgIGJvb2wgZm9yY2VQcmVmbGlnaHQ7IC8vIElmIHBvbGljeSBpcyB0byB1c2UgYWNjZXNz IGNvbnRyb2wsIHdoZXRoZXIgdG8gZm9yY2UgYSBwcmVmbGlnaHQgZm9yIEdFVCwgSEVBRCwgYW5k IFBPU1QgcmVxdWVzdHMuCkluZGV4OiBTb3VyY2UvV2ViS2l0L2Nocm9taXVtL3NyYy9Bc3NvY2lh dGVkVVJMTG9hZGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0L2Nocm9taXVtL3Ny Yy9Bc3NvY2lhdGVkVVJMTG9hZGVyLmNwcAkocmV2aXNpb24gOTM0ODMpCisrKyBTb3VyY2UvV2Vi S2l0L2Nocm9taXVtL3NyYy9Bc3NvY2lhdGVkVVJMTG9hZGVyLmNwcAkod29ya2luZyBjb3B5KQpA QCAtMzMsMTEgKzMzLDEzIEBACiAKICNpbmNsdWRlICJEb2N1bWVudFRocmVhZGFibGVMb2FkZXIu aCIKICNpbmNsdWRlICJEb2N1bWVudFRocmVhZGFibGVMb2FkZXJDbGllbnQuaCIKKyNpbmNsdWRl ICJSZXNvdXJjZUVycm9yLmgiCiAjaW5jbHVkZSAiU3VicmVzb3VyY2VMb2FkZXIuaCIKICNpbmNs dWRlICJUaW1lci5oIgogI2luY2x1ZGUgIldlYkFwcGxpY2F0aW9uQ2FjaGVIb3N0LmgiCiAjaW5j bHVkZSAiV2ViRGF0YVNvdXJjZS5oIgogI2luY2x1ZGUgIldlYkZyYW1lSW1wbC5oIgorI2luY2x1 ZGUgIldlYkhUVFBIZWFkZXJWaXNpdG9yLmgiCiAjaW5jbHVkZSAiV2ViS2l0LmgiCiAjaW5jbHVk ZSAiV2ViS2l0Q2xpZW50LmgiCiAjaW5jbHVkZSAiV2ViVVJMRXJyb3IuaCIKQEAgLTQ1LDExICs0 NywzNCBAQAogI2luY2x1ZGUgIldlYlVSTFJlcXVlc3QuaCIKICNpbmNsdWRlICJXcmFwcGVkUmVz b3VyY2VSZXF1ZXN0LmgiCiAjaW5jbHVkZSAiV3JhcHBlZFJlc291cmNlUmVzcG9uc2UuaCIKKyNp bmNsdWRlICJYTUxIdHRwUmVxdWVzdC5oIgogCiB1c2luZyBuYW1lc3BhY2UgV2ViQ29yZTsKIHVz aW5nIG5hbWVzcGFjZSBXZWJLaXQ7CiB1c2luZyBuYW1lc3BhY2UgV1RGOwogCituYW1lc3BhY2Ug eworCitjbGFzcyBTYWZlSHR0cEhlYWRlclZhbGlkYXRvciA6IHB1YmxpYyBXZWJIVFRQSGVhZGVy VmlzaXRvciB7CisgICAgV1RGX01BS0VfTk9OQ09QWUFCTEUoU2FmZUh0dHBIZWFkZXJWYWxpZGF0 b3IpOworcHVibGljOgorICAgIFNhZmVIdHRwSGVhZGVyVmFsaWRhdG9yKCkgOiBtX2lzU2FmZSh0 cnVlKSB7IH0KKworICAgIHZvaWQgdmlzaXRIZWFkZXIoY29uc3QgV2ViU3RyaW5nJiBuYW1lLCBj b25zdCBXZWJTdHJpbmcmIHZhbHVlKTsKKyAgICBib29sIGlzU2FmZSgpIGNvbnN0IHsgcmV0dXJu IG1faXNTYWZlOyB9CisKK3ByaXZhdGU6CisgICAgYm9vbCBtX2lzU2FmZTsKK307CisKK3ZvaWQg U2FmZUh0dHBIZWFkZXJWYWxpZGF0b3I6OnZpc2l0SGVhZGVyKGNvbnN0IFdlYlN0cmluZyYgbmFt ZSwgY29uc3QgV2ViU3RyaW5nJiB2YWx1ZSkKK3sKKyAgICBpZiAoIVhNTEh0dHBSZXF1ZXN0Ojpp c1NhZmVSZXF1ZXN0SGVhZGVyKG5hbWUpIHx8ICFYTUxIdHRwUmVxdWVzdDo6aXNWYWxpZEhlYWRl clZhbHVlKHZhbHVlKSkKKyAgICAgICAgbV9pc1NhZmUgPSBmYWxzZTsKK30KKworfQorCiBuYW1l c3BhY2UgV2ViS2l0IHsKIAogLy8gVGhpcyBjbGFzcyBicmlkZ2VzIHRoZSBpbnRlcmZhY2UgZGlm ZmVyZW5jZXMgYmV0d2VlbiBXZWJDb3JlIGFuZCBXZWJLaXQgbG9hZGVyIGNsaWVudHMuCkBAIC0y MjUsMTggKzI1MCwzNyBAQCB2b2lkIEFzc29jaWF0ZWRVUkxMb2FkZXI6OmxvYWRBc3luY2hyb25v CiAgICAgbV9jbGllbnQgPSBjbGllbnQ7CiAgICAgQVNTRVJUKG1fY2xpZW50KTsKIAotICAgIFRo cmVhZGFibGVMb2FkZXJPcHRpb25zIG9wdGlvbnM7Ci0gICAgb3B0aW9ucy5zZW5kTG9hZENhbGxi YWNrcyA9IHRydWU7IC8vIEFsd2F5cyBzZW5kIGNhbGxiYWNrcy4KLSAgICBvcHRpb25zLnNuaWZm Q29udGVudCA9IG1fb3B0aW9ucy5zbmlmZkNvbnRlbnQ7Ci0gICAgb3B0aW9ucy5hbGxvd0NyZWRl bnRpYWxzID0gbV9vcHRpb25zLmFsbG93Q3JlZGVudGlhbHM7Ci0gICAgb3B0aW9ucy5wcmVmbGln aHRQb2xpY3kgPSBtX29wdGlvbnMuZm9yY2VQcmVmbGlnaHQgPyBGb3JjZVByZWZsaWdodCA6IENv bnNpZGVyUHJlZmxpZ2h0OwotICAgIG9wdGlvbnMuY3Jvc3NPcmlnaW5SZXF1ZXN0UG9saWN5ID0g c3RhdGljX2Nhc3Q8V2ViQ29yZTo6Q3Jvc3NPcmlnaW5SZXF1ZXN0UG9saWN5PihtX29wdGlvbnMu Y3Jvc3NPcmlnaW5SZXF1ZXN0UG9saWN5KTsKLSAgICBvcHRpb25zLnNob3VsZEJ1ZmZlckRhdGEg PSBmYWxzZTsKLQotICAgIGNvbnN0IFJlc291cmNlUmVxdWVzdCYgd2ViY29yZVJlcXVlc3QgPSBy ZXF1ZXN0LnRvUmVzb3VyY2VSZXF1ZXN0KCk7Ci0gICAgRG9jdW1lbnQqIHdlYmNvcmVEb2N1bWVu dCA9IG1fZnJhbWVJbXBsLT5mcmFtZSgpLT5kb2N1bWVudCgpOwotICAgIG1fY2xpZW50QWRhcHRl ciA9IENsaWVudEFkYXB0ZXI6OmNyZWF0ZSh0aGlzLCBtX2NsaWVudCwgcmVxdWVzdC5kb3dubG9h ZFRvRmlsZSgpKTsKLSAgICBtX2xvYWRlciA9IERvY3VtZW50VGhyZWFkYWJsZUxvYWRlcjo6Y3Jl YXRlKHdlYmNvcmVEb2N1bWVudCwgbV9jbGllbnRBZGFwdGVyLmdldCgpLCB3ZWJjb3JlUmVxdWVz dCwgb3B0aW9ucyk7CisgICAgYm9vbCBhbGxvd0xvYWQgPSB0cnVlOworICAgIFdlYlVSTFJlcXVl c3QgbmV3UmVxdWVzdChyZXF1ZXN0KTsKKyAgICBpZiAobV9vcHRpb25zLnVudHJ1c3RlZEh0dHAp IHsKKyAgICAgICAgV2ViU3RyaW5nIG1ldGhvZCA9IG5ld1JlcXVlc3QuaHR0cE1ldGhvZCgpOwor ICAgICAgICBhbGxvd0xvYWQgPSBYTUxIdHRwUmVxdWVzdDo6aXNWYWxpZFRva2VuKG1ldGhvZCkg JiYgWE1MSHR0cFJlcXVlc3Q6OmlzU2FmZU1ldGhvZChtZXRob2QpOworICAgICAgICBpZiAoYWxs b3dMb2FkKSB7CisgICAgICAgICAgICBuZXdSZXF1ZXN0LnNldEhUVFBNZXRob2QoWE1MSHR0cFJl cXVlc3Q6OmNhbm9uaWNhbGl6ZU1ldGhvZChtZXRob2QpKTsKKyAgICAgICAgICAgIFNhZmVIdHRw SGVhZGVyVmFsaWRhdG9yIHZhbGlkYXRvcjsKKyAgICAgICAgICAgIG5ld1JlcXVlc3QudmlzaXRI VFRQSGVhZGVyRmllbGRzKCZ2YWxpZGF0b3IpOworICAgICAgICAgICAgYWxsb3dMb2FkID0gdmFs aWRhdG9yLmlzU2FmZSgpOworICAgICAgICB9CisgICAgfQorCisgICAgbV9jbGllbnRBZGFwdGVy ID0gQ2xpZW50QWRhcHRlcjo6Y3JlYXRlKHRoaXMsIG1fY2xpZW50LCBuZXdSZXF1ZXN0LmRvd25s b2FkVG9GaWxlKCkpOworCisgICAgaWYgKGFsbG93TG9hZCkgeworICAgICAgICBUaHJlYWRhYmxl TG9hZGVyT3B0aW9ucyBvcHRpb25zOworICAgICAgICBvcHRpb25zLnNlbmRMb2FkQ2FsbGJhY2tz ID0gdHJ1ZTsKKyAgICAgICAgb3B0aW9ucy5zbmlmZkNvbnRlbnQgPSBtX29wdGlvbnMuc25pZmZD b250ZW50OworICAgICAgICBvcHRpb25zLmFsbG93Q3JlZGVudGlhbHMgPSBtX29wdGlvbnMuYWxs b3dDcmVkZW50aWFsczsKKyAgICAgICAgb3B0aW9ucy5wcmVmbGlnaHRQb2xpY3kgPSBtX29wdGlv bnMuZm9yY2VQcmVmbGlnaHQgPyBGb3JjZVByZWZsaWdodCA6IENvbnNpZGVyUHJlZmxpZ2h0Owor ICAgICAgICBvcHRpb25zLmNyb3NzT3JpZ2luUmVxdWVzdFBvbGljeSA9IHN0YXRpY19jYXN0PFdl YkNvcmU6OkNyb3NzT3JpZ2luUmVxdWVzdFBvbGljeT4obV9vcHRpb25zLmNyb3NzT3JpZ2luUmVx dWVzdFBvbGljeSk7CisgICAgICAgIG9wdGlvbnMuc2hvdWxkQnVmZmVyRGF0YSA9IGZhbHNlOwor CisgICAgICAgIGNvbnN0IFJlc291cmNlUmVxdWVzdCYgd2ViY29yZVJlcXVlc3QgPSBuZXdSZXF1 ZXN0LnRvUmVzb3VyY2VSZXF1ZXN0KCk7CisgICAgICAgIERvY3VtZW50KiB3ZWJjb3JlRG9jdW1l bnQgPSBtX2ZyYW1lSW1wbC0+ZnJhbWUoKS0+ZG9jdW1lbnQoKTsKKyAgICAgICAgbV9sb2FkZXIg PSBEb2N1bWVudFRocmVhZGFibGVMb2FkZXI6OmNyZWF0ZSh3ZWJjb3JlRG9jdW1lbnQsIG1fY2xp ZW50QWRhcHRlci5nZXQoKSwgd2ViY29yZVJlcXVlc3QsIG9wdGlvbnMpOworICAgIH0gZWxzZSB7 CisgICAgICAgIC8vIEZJWE1FOiByZXR1cm4gbWVhbmluZ2Z1bCBlcnJvciBjb2Rlcy4KKyAgICAg ICAgbV9jbGllbnRBZGFwdGVyLT5kaWRGYWlsKFJlc291cmNlRXJyb3IoKSk7CisgICAgfQogICAg IG1fY2xpZW50QWRhcHRlci0+ZW5hYmxlRXJyb3JOb3RpZmljYXRpb25zKCk7CiB9CiAKSW5kZXg6 IFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vdGVzdHMvQXNzb2NpYXRlZFVSTExvYWRlclRlc3QuY3Bw Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvY2hyb21pdW0vdGVzdHMvQXNzb2NpYXRlZFVS TExvYWRlclRlc3QuY3BwCShyZXZpc2lvbiA5MzQ4MykKKysrIFNvdXJjZS9XZWJLaXQvY2hyb21p dW0vdGVzdHMvQXNzb2NpYXRlZFVSTExvYWRlclRlc3QuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0x NzQsNiArMTc0LDQ2IEBAIHB1YmxpYzoKICAgICAgICAgd2Via2l0X3N1cHBvcnQ6OlF1aXRNZXNz YWdlTG9vcCgpOwogICAgIH0KIAorICAgIHZvaWQgQ2hlY2tVbnNhZmVNZXRob2RGYWlscyhjb25z dCBjaGFyKiB1bnNhZmVNZXRob2QpCisgICAgeworICAgICAgICBXZWJVUkxSZXF1ZXN0IHJlcXVl c3Q7CisgICAgICAgIHJlcXVlc3QuaW5pdGlhbGl6ZSgpOworICAgICAgICByZXF1ZXN0LnNldFVS TChHVVJMKCJodHRwOi8vd3d3LnRlc3QuY29tL3N1Y2Nlc3MuaHRtbCIpKTsKKyAgICAgICAgcmVx dWVzdC5zZXRIVFRQTWV0aG9kKFdlYlN0cmluZzo6ZnJvbVVURjgodW5zYWZlTWV0aG9kKSk7CisK KyAgICAgICAgV2ViVVJMTG9hZGVyT3B0aW9ucyBvcHRpb25zOworICAgICAgICBvcHRpb25zLnVu dHJ1c3RlZEh0dHAgPSB0cnVlOworICAgICAgICBtX2V4cGVjdGVkTG9hZGVyID0gY3JlYXRlQXNz b2NpYXRlZFVSTExvYWRlcihvcHRpb25zKTsKKyAgICAgICAgRVhQRUNUX1RSVUUobV9leHBlY3Rl ZExvYWRlcik7CisgICAgICAgIG1fZGlkRmFpbCA9IGZhbHNlOworICAgICAgICBtX2V4cGVjdGVk TG9hZGVyLT5sb2FkQXN5bmNocm9ub3VzbHkocmVxdWVzdCwgdGhpcyk7CisgICAgICAgIC8vIEZh aWx1cmUgc2hvdWxkIG5vdCBiZSByZXBvcnRlZCBzeW5jaHJvbm91c2x5LgorICAgICAgICBFWFBF Q1RfRkFMU0UobV9kaWRGYWlsKTsKKyAgICAgICAgLy8gQWxsb3cgdGhlIGxvYWRlciB0byByZXR1 cm4gdGhlIGVycm9yLgorICAgICAgICB3ZWJraXRfc3VwcG9ydDo6UnVuTWVzc2FnZUxvb3AoKTsK KyAgICAgICAgRVhQRUNUX1RSVUUobV9kaWRGYWlsKTsKKyAgICB9CisKKyAgICB2b2lkIENoZWNr VW5zYWZlSGVhZGVyRmFpbHMoY29uc3QgY2hhciogdW5zYWZlSGVhZGVyRmllbGQpCisgICAgewor ICAgICAgICBXZWJVUkxSZXF1ZXN0IHJlcXVlc3Q7CisgICAgICAgIHJlcXVlc3QuaW5pdGlhbGl6 ZSgpOworICAgICAgICByZXF1ZXN0LnNldFVSTChHVVJMKCJodHRwOi8vd3d3LnRlc3QuY29tL3N1 Y2Nlc3MuaHRtbCIpKTsKKyAgICAgICAgcmVxdWVzdC5zZXRIVFRQSGVhZGVyRmllbGQoV2ViU3Ry aW5nOjpmcm9tVVRGOCh1bnNhZmVIZWFkZXJGaWVsZCksICJmb28iKTsKKworICAgICAgICBXZWJV UkxMb2FkZXJPcHRpb25zIG9wdGlvbnM7CisgICAgICAgIG9wdGlvbnMudW50cnVzdGVkSHR0cCA9 IHRydWU7CisgICAgICAgIG1fZXhwZWN0ZWRMb2FkZXIgPSBjcmVhdGVBc3NvY2lhdGVkVVJMTG9h ZGVyKG9wdGlvbnMpOworICAgICAgICBFWFBFQ1RfVFJVRShtX2V4cGVjdGVkTG9hZGVyKTsKKyAg ICAgICAgbV9kaWRGYWlsID0gZmFsc2U7CisgICAgICAgIG1fZXhwZWN0ZWRMb2FkZXItPmxvYWRB c3luY2hyb25vdXNseShyZXF1ZXN0LCB0aGlzKTsKKyAgICAgICAgLy8gRmFpbHVyZSBzaG91bGQg bm90IGJlIHJlcG9ydGVkIHN5bmNocm9ub3VzbHkuCisgICAgICAgIEVYUEVDVF9GQUxTRShtX2Rp ZEZhaWwpOworICAgICAgICAvLyBBbGxvdyB0aGUgbG9hZGVyIHRvIHJldHVybiB0aGUgZXJyb3Iu CisgICAgICAgIHdlYmtpdF9zdXBwb3J0OjpSdW5NZXNzYWdlTG9vcCgpOworICAgICAgICBFWFBF Q1RfVFJVRShtX2RpZEZhaWwpOworICAgIH0KKwogcHJvdGVjdGVkOgogICAgIFdlYlN0cmluZyBt X2ZyYW1lRmlsZVBhdGg7CiAgICAgVGVzdFdlYkZyYW1lQ2xpZW50IG1fd2ViRnJhbWVDbGllbnQ7 CkBAIC0yMDAsNiArMjQwLDkgQEAgVEVTVF9GKEFzc29jaWF0ZWRVUkxMb2FkZXJUZXN0LCBTdWNj ZXNzKQogICAgIFdlYlVSTFJlcXVlc3QgcmVxdWVzdDsKICAgICByZXF1ZXN0LmluaXRpYWxpemUo KTsKICAgICByZXF1ZXN0LnNldFVSTCh1cmwpOworICAgIC8vIE1ha2Ugc3VyZSB3ZSBjYW4gc2V0 IGhlYWRlciBmaWVsZHMuCisgICAgcmVxdWVzdC5zZXRIVFRQSGVhZGVyRmllbGQoImNvb2tpZSIs ICJmb28iKTsKKyAgICByZXF1ZXN0LnNldEhUVFBIZWFkZXJGaWVsZCgibm9uLXN0YW5kYXJkLWhl YWRlciIsICJiYXIiKTsKIAogICAgIG1fZXhwZWN0ZWRSZXNwb25zZSA9IFdlYlVSTFJlc3BvbnNl KCk7CiAgICAgbV9leHBlY3RlZFJlc3BvbnNlLmluaXRpYWxpemUoKTsKQEAgLTI1OSw0ICszMDIs NDQgQEAgVEVTVF9GKEFzc29jaWF0ZWRVUkxMb2FkZXJUZXN0LCBDcm9zc09yaQogICAgIEVYUEVD VF9UUlVFKG1fZGlkRmluaXNoTG9hZGluZyk7CiB9CiAKKy8vIFRlc3QgdGhhdCB1bnRydXN0ZWQg bG9hZHMgY2FuJ3QgdXNlIGEgZm9yYmlkZGVuIG1ldGhvZC4KK1RFU1RfRihBc3NvY2lhdGVkVVJM TG9hZGVyVGVzdCwgVW50cnVzdGVkQ2hlY2tNZXRob2RzKQoreworICAgIC8vIFVuc2FmZSBtZXRo b2QgY2hlY2tzIHNob3VsZCBiZSBjYXNlLWluc2Vuc2l0aXZlLgorICAgIENoZWNrVW5zYWZlTWV0 aG9kRmFpbHMoIkNvTm5lQ3QiKTsKKyAgICBDaGVja1Vuc2FmZU1ldGhvZEZhaWxzKCJUckFjSyIp OworICAgIENoZWNrVW5zYWZlTWV0aG9kRmFpbHMoIlRyQWNFIik7CisgICAgLy8gQ2hlY2sgdGhh dCBoZWFkZXJzIGNhbid0IGJlIGluamVjdGVkIGFzIHBhcnQgb2YgdGhlIG1ldGhvZC4KKyAgICBD aGVja1Vuc2FmZU1ldGhvZEZhaWxzKCJQT1NUXHgwZFx4MGF4LWNzcmYtdG9rZW46XHgyMHRlc3Qx MjM0Iik7Cit9CisKKy8vIFRlc3QgdGhhdCB1bnRydXN0ZWQgbG9hZHMgY2FuJ3QgdXNlIGEgZm9y YmlkZGVuIGhlYWRlciBmaWVsZC4KK1RFU1RfRihBc3NvY2lhdGVkVVJMTG9hZGVyVGVzdCwgVW50 cnVzdGVkQ2hlY2tIZWFkZXJzKQoreworICAgIENoZWNrVW5zYWZlSGVhZGVyRmFpbHMoImFjY2Vw dC1jaGFyc2V0Iik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygiYWNjZXB0LWVuY29kaW5n Iik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygiY29ubmVjdGlvbiIpOworICAgIENoZWNr VW5zYWZlSGVhZGVyRmFpbHMoImNvbnRlbnQtbGVuZ3RoIik7CisgICAgQ2hlY2tVbnNhZmVIZWFk ZXJGYWlscygiY29va2llIik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygiY29va2llMiIp OworICAgIENoZWNrVW5zYWZlSGVhZGVyRmFpbHMoImNvbnRlbnQtdHJhbnNmZXItZW5jb2Rpbmci KTsKKyAgICBDaGVja1Vuc2FmZUhlYWRlckZhaWxzKCJkYXRlIik7CisgICAgQ2hlY2tVbnNhZmVI ZWFkZXJGYWlscygiZXhwZWN0Iik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygiaG9zdCIp OworICAgIENoZWNrVW5zYWZlSGVhZGVyRmFpbHMoImtlZXAtYWxpdmUiKTsKKyAgICBDaGVja1Vu c2FmZUhlYWRlckZhaWxzKCJvcmlnaW4iKTsKKyAgICBDaGVja1Vuc2FmZUhlYWRlckZhaWxzKCJy ZWZlcmVyIik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygidGUiKTsKKyAgICBDaGVja1Vu c2FmZUhlYWRlckZhaWxzKCJ0cmFpbGVyIik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygi dHJhbnNmZXItZW5jb2RpbmciKTsKKyAgICBDaGVja1Vuc2FmZUhlYWRlckZhaWxzKCJ1cGdyYWRl Iik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygidXNlci1hZ2VudCIpOworICAgIENoZWNr VW5zYWZlSGVhZGVyRmFpbHMoInZpYSIpOworCisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygi cHJveHktIik7CisgICAgQ2hlY2tVbnNhZmVIZWFkZXJGYWlscygicHJveHktZm9vIik7CisgICAg Q2hlY2tVbnNhZmVIZWFkZXJGYWlscygic2VjLSIpOworICAgIENoZWNrVW5zYWZlSGVhZGVyRmFp bHMoInNlYy1mb28iKTsKK30KKwogfQo=