Following the patch for bug #186291, EWS bots that cannot access security-sensitive patches on Bugzilla can now fetch them from the status server. Obviously these bots cannot post comments or upload result failure archives for a security-sensitive patch they fetched from the status server. Doing so will cause an exception. Although the EWS code is robust enough that such exceptions will be caught they will be treated as "unexpected" and logged accordingly. For now, we should explicitly handle such failures gracefully and avoid classifying them as unexpected because they are now expected. Eventually we want to support a means for comments and result archives from EWS bots to be posted to security-sensitive bugs without giving these bots access to all security bugs or even some security bugs. We will likely need to take a similar approach as done in the patch for bug #186291 and use the status server as an intermediate data store for some privileged bot to download and re-upload to Bugzilla. Maybe the privileged bot could be the feeder EWS?
Created attachment 343131 [details] Patch
Attachment 343131 [details] did not pass style-queue: ERROR: Tools/ChangeLog:11: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 343131 [details] Patch Clearing flags on attachment: 343131 Committed r233058: <https://trac.webkit.org/changeset/233058>
All reviewed patches have been landed. Closing bug.
<rdar://problem/41343252>