<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[207146] trunk/Tools</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/207146">207146</a></dd>
<dt>Author</dt> <dd>wilander@apple.com</dd>
<dt>Date</dt> <dd>2016-10-11 09:38:33 -0700 (Tue, 11 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Modify check-webkit-style to prohibit sensitive phrases
https://bugs.webkit.org/show_bug.cgi?id=163048
<rdar://problem/28289755>
Terms considered or found to be too general to flag:
ASSERT_WITH_SECURITY_IMPLICATION, bad cast, bug, bypass, crash,
denial of service, dereference, disclosure, error, exploit,
failure, heap, integer overflow, leak, null dereference,
null pointer dereference, out of bounds, overflow,
race condition, sensitive information, stack, type confusion.
Reviewed by Brent Fulgham.
* Scripts/webkitpy/style/checkers/changelog.py:
(ChangeLogChecker.check_entry):
Now calls ChangeLogChecker.check_for_unwanted_security_terms().
(ChangeLogChecker):
(ChangeLogChecker.check_for_unwanted_security_terms):
New function to check for sensitive terms.
(ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm):
(ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm.__init__):
Convenience class.
* Scripts/webkitpy/style/checkers/changelog_unittest.py:
(ChangeLogCheckerTest.test_unwanted_security_terms):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsScriptswebkitpystylecheckerschangelogpy">trunk/Tools/Scripts/webkitpy/style/checkers/changelog.py</a></li>
<li><a href="#trunkToolsScriptswebkitpystylecheckerschangelog_unittestpy">trunk/Tools/Scripts/webkitpy/style/checkers/changelog_unittest.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (207145 => 207146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2016-10-11 16:36:01 UTC (rev 207145)
+++ trunk/Tools/ChangeLog 2016-10-11 16:38:33 UTC (rev 207146)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2016-10-11 John Wilander <wilander@apple.com>
+
+ Modify check-webkit-style to prohibit sensitive phrases
+ https://bugs.webkit.org/show_bug.cgi?id=163048
+ <rdar://problem/28289755>
+
+ Terms considered or found to be too general to flag:
+ ASSERT_WITH_SECURITY_IMPLICATION, bad cast, bug, bypass, crash,
+ denial of service, dereference, disclosure, error, exploit,
+ failure, heap, integer overflow, leak, null dereference,
+ null pointer dereference, out of bounds, overflow,
+ race condition, sensitive information, stack, type confusion.
+
+ Reviewed by Brent Fulgham.
+
+ * Scripts/webkitpy/style/checkers/changelog.py:
+ (ChangeLogChecker.check_entry):
+ Now calls ChangeLogChecker.check_for_unwanted_security_terms().
+ (ChangeLogChecker):
+ (ChangeLogChecker.check_for_unwanted_security_terms):
+ New function to check for sensitive terms.
+ (ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm):
+ (ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm.__init__):
+ Convenience class.
+ * Scripts/webkitpy/style/checkers/changelog_unittest.py:
+ (ChangeLogCheckerTest.test_unwanted_security_terms):
+
</ins><span class="cx"> 2016-10-11 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed, rolling out r207067.
</span></span></pre></div>
<a id="trunkToolsScriptswebkitpystylecheckerschangelogpy"></a>
<div class="modfile"><h4>Modified: trunk/Tools/Scripts/webkitpy/style/checkers/changelog.py (207145 => 207146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/webkitpy/style/checkers/changelog.py 2016-10-11 16:36:01 UTC (rev 207145)
+++ trunk/Tools/Scripts/webkitpy/style/checkers/changelog.py 2016-10-11 16:38:33 UTC (rev 207146)
</span><span class="lines">@@ -24,6 +24,7 @@
</span><span class="cx"> """Checks WebKit style for ChangeLog files."""
</span><span class="cx">
</span><span class="cx"> from common import TabChecker, match, search, searchIgnorecase
</span><ins>+from sys import maxsize
</ins><span class="cx"> from webkitpy.common.checkout.changelog import parse_bug_id_from_changelog
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -74,6 +75,8 @@
</span><span class="cx"> "changelog/nonewtests", 5,
</span><span class="cx"> "You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible.")
</span><span class="cx">
</span><ins>+ self.check_for_unwanted_security_phrases(first_line_checked, entry_lines)
+
</ins><span class="cx"> def check(self, lines):
</span><span class="cx"> self._tab_checker.check(lines)
</span><span class="cx"> first_line_checked = 0
</span><span class="lines">@@ -91,3 +94,36 @@
</span><span class="cx"> entry_lines.append(line)
</span><span class="cx">
</span><span class="cx"> self.check_entry(first_line_checked, entry_lines)
</span><ins>+
+ def contains_phrase_in_first_line_or_across_two_lines(self, phrase, line1, line2):
+ return searchIgnorecase(phrase, line1) or ((not searchIgnorecase(phrase, line2)) and searchIgnorecase(phrase, line1 + " " + line2))
+
+ def check_for_unwanted_security_phrases(self, first_line_checked, lines):
+ unwanted_security_phrases = [
+ "arbitrary code execution", "buffer overflow", "buffer overrun",
+ "buffer underrun", "dangling pointer", "double free", "fuzzer", "fuzzing", "fuzz test",
+ "invalid cast", "jsfunfuzz", "malicious", "memory corruption", "security bug",
+ "security flaw", "use after free", "use-after-free", "UXSS",
+ "WTFCrashWithSecurityImplication",
+ "spoof", # Captures spoof, spoofed, spoofing
+ "vulnerab", # Captures vulnerable, vulnerability, vulnerabilities
+ ]
+
+ lines_with_single_spaces = []
+ for line in lines:
+ lines_with_single_spaces.append(" ".join(line.split()))
+
+ found_unwanted_security_phrases = []
+ last_index = len(lines_with_single_spaces) - 1
+ first_line_number_with_unwanted_phrase = maxsize
+ for unwanted_phrase in unwanted_security_phrases:
+ for line_index, line in enumerate(lines_with_single_spaces):
+ next_line = "" if line_index >= last_index else lines_with_single_spaces[line_index + 1]
+ if self.contains_phrase_in_first_line_or_across_two_lines(unwanted_phrase, line, next_line):
+ found_unwanted_security_phrases.append(unwanted_phrase)
+ first_line_number_with_unwanted_phrase = min(first_line_number_with_unwanted_phrase, first_line_checked + line_index)
+
+ if len(found_unwanted_security_phrases) > 0:
+ self.handle_style_error(first_line_number_with_unwanted_phrase,
+ "changelog/unwantedsecurityterms", 3,
+ "Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: {}".format(", ".join(found_unwanted_security_phrases)))
</ins></span></pre></div>
<a id="trunkToolsScriptswebkitpystylecheckerschangelog_unittestpy"></a>
<div class="modfile"><h4>Modified: trunk/Tools/Scripts/webkitpy/style/checkers/changelog_unittest.py (207145 => 207146)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/webkitpy/style/checkers/changelog_unittest.py 2016-10-11 16:36:01 UTC (rev 207145)
+++ trunk/Tools/Scripts/webkitpy/style/checkers/changelog_unittest.py 2016-10-11 16:38:33 UTC (rev 207146)
</span><span class="lines">@@ -180,3 +180,66 @@
</span><span class="cx"> ' * Source/WebKit/foo.cpp: \n'
</span><span class="cx"> ' * Source/WebKit/bar.cpp:\n'
</span><span class="cx"> ' * Source/WebKit/foobar.cpp: Description\n')
</span><ins>+
+ def test_unwanted_security_terms(self):
+ self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' A buffer overflow existed in code.\n')
+ self.assert_error(9, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' This patch addresses a great number of issues.\n'
+ ' Therefore there is a lot to say here about a great\n'
+ ' many things such as the weather, the latest and\n'
+ ' greatest in sports, and the mood of fiction\n'
+ ' characters. Anyway the patch fixes a use after\n'
+ ' free which is not good. Or rather, it is good\n'
+ ' that it is fixed but not good that it existed.\n')
+ self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' This patch addresses a pretty bad buffer\n'
+ ' overflow in\n')
+ self.assert_error(2, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' Fix use after free\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' A good fix.\n')
+ self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' Bug found through fuzzing.\n')
+ self.assert_error(11, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' Bug found through testing.\n'
+ '\n'
+ ' Several new tests added.\n'
+ '\n'
+ ' * Source/WebKit/foo.cpp: \n'
+ ' * Source/WebKit/bar.cpp:\n'
+ ' * Source/WebKit/foobar.cpp: Vulnerabilities fixed\n')
+ self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
+ '2016-11-11 Bogus Person <bperson@example.com>\n'
+ ' ExampleBug with several security sensitive terms in change log\n'
+ ' http://bugs.webkit.org/show_bug.cgi?id=12345\n'
+ '\n'
+ ' Use-after-free found through testing.\n'
+ '\n'
+ ' Several new tests added to check double free.\n'
+ '\n'
+ ' * Source/WebKit/foo.cpp: \n'
+ ' * Source/WebKit/bar.cpp:\n'
+ ' * Source/WebKit/foobar.cpp: memory CORRUPTION fixed\n')
</ins></span></pre>
</div>
</div>
</body>
</html>