Bug 201937 - [EWS] layout-test results shouldn't be hosted on ews server
Summary: [EWS] layout-test results shouldn't be hosted on ews server
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Aakash Jain
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-09-18 12:29 PDT by Aakash Jain
Modified: 2020-07-11 08:04 PDT (History)
4 users (show)

See Also:

Attachments
Patch (1.67 KB, patch)
2020-07-10 07:02 PDT, Aakash Jain 		no flags Details | Formatted Diff | Diff
Patch (3.78 KB, patch)
2020-07-10 09:15 PDT, Aakash Jain 		ap: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aakash Jain 2019-09-18 12:29:49 PDT 
We shouldn't host layout-test results on the ews-build.webkit.org server. Since EWS runs untrusted code, someone might try to exploit XSS vulnerability through these as they are hosted on a webkit.org server.

Potential solution is to host them on S3.
Comment 1 Aakash Jain 2019-09-18 12:32:07 PDT 
<rdar://problem/55303798>
Comment 2 Aakash Jain 2020-07-10 07:02:00 PDT 
Created attachment 403962 [details]
Patch
Comment 3 Aakash Jain 2020-07-10 09:15:00 PDT 
Created attachment 403972 [details]
Patch
Comment 4 Aakash Jain 2020-07-10 09:42:09 PDT 
Sample run: https://ews-build.webkit-uat.org/#/builders/34/builds/1265 (notice the updated 'view layout test results' and 'download layout test results' urls)
Comment 5 Alexey Proskuryakov 2020-07-10 10:14:17 PDT 
Comment on attachment 403972 [details]
Patch

rs=me
Comment 6 Aakash Jain 2020-07-10 10:21:16 PDT 
Committed r264229: <https://trac.webkit.org/changeset/264229>
Comment 7 Aakash Jain 2020-07-11 08:04:48 PDT 
Restarted EWS server to pick up this change yesterday.

Working fine, e.g.: https://ews-build.webkit.org/#/builders/10/builds/30476