Bug 201937

Summary: [EWS] layout-test results shouldn't be hosted on ews server
Product: WebKit Reporter: Aakash Jain <aakash_jain>
Component: Tools / TestsAssignee: Aakash Jain <aakash_jain>
Status: RESOLVED FIXED    
Severity: Normal CC: aakash_jain, ap, lingho, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch ap: review+

Aakash Jain
Reported 2019-09-18 12:29:49 PDT
We shouldn't host layout-test results on the ews-build.webkit.org server. Since EWS runs untrusted code, someone might try to exploit XSS vulnerability through these as they are hosted on a webkit.org server. Potential solution is to host them on S3.
Attachments
Patch (1.67 KB, patch)
2020-07-10 07:02 PDT, Aakash Jain 		no flags
DetailsFormatted DiffDiff
Patch (3.78 KB, patch)
2020-07-10 09:15 PDT, Aakash Jain 		ap: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Aakash Jain
Comment 1 2019-09-18 12:32:07 PDT
<rdar://problem/55303798>
Aakash Jain
Comment 2 2020-07-10 07:02:00 PDT
Created attachment 403962 [details] Patch
Aakash Jain
Comment 3 2020-07-10 09:15:00 PDT
Created attachment 403972 [details] Patch
Aakash Jain
Comment 4 2020-07-10 09:42:09 PDT
Sample run: https://ews-build.webkit-uat.org/#/builders/34/builds/1265 (notice the updated 'view layout test results' and 'download layout test results' urls)
Alexey Proskuryakov
Comment 5 2020-07-10 10:14:17 PDT
Comment on attachment 403972 [details] Patch rs=me
Aakash Jain
Comment 6 2020-07-10 10:21:16 PDT
Committed r264229: <https://trac.webkit.org/changeset/264229>
Aakash Jain
Comment 7 2020-07-11 08:04:48 PDT
Restarted EWS server to pick up this change yesterday. Working fine, e.g.: https://ews-build.webkit.org/#/builders/10/builds/30476
Note You need to log in before you can comment on or make changes to this bug.