[webkit-reviews] review denied: [Bug 215201] Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses : [Attachment 406091] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 6 11:29:41 PDT 2020 

Sam Weinig <sam at webkit.org> has denied John Wilander <wilander at apple.com>'s
request for review:
Bug 215201: Experimental: Cap the expiry of persistent cookies set in 3rd-party
CNAME cloaked HTTP responses
https://bugs.webkit.org/show_bug.cgi?id=215201

Attachment 406091: Patch

https://bugs.webkit.org/attachment.cgi?id=406091&action=review




--- Comment #10 from Sam Weinig <sam at webkit.org> ---
Comment on attachment 406091
  --> https://bugs.webkit.org/attachment.cgi?id=406091
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=406091&action=review

> Source/WebKit/ChangeLog:43
> +	   * NetworkProcess/NetworkProcess.cpp:
> +	   (WebKit::NetworkProcess::resetParametersToDefaultValues):
> +	   (WebKit::NetworkProcess::setIsRunningResourceLoadStatisticsTest):
> +	   (WebKit::NetworkProcess::setFirstPartyHostCNAMEDomainForTesting):
> +	   (WebKit::NetworkProcess::setThirdPartyCNAMEDomainForTesting):

Please add more per-function change log information.

> Source/WebCore/platform/network/NetworkStorageSession.h:196
> +#if PLATFORM(COCOA) || USE(CFURLCONNECTION)
> +    WEBCORE_EXPORT static NSHTTPCookie
*capExpiryOfPersistentCookie(NSHTTPCookie *, Seconds cap);
> +#endif

It seems unfortunate to have Cocoa specific types referenced in a platform
agnostic file. I think this likely needs more thought on how this should
abstracted to support all loader backends, if and when they want to support
exposing the cname chain and support mutation of cookies.

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:819
> +#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
> +	   networkSession->resetCNAMEDomainData();
> +	  
networkSession->setCNAMECloakingMitigationEnabled(WebCore::CNAMECloakingMitigat
ionEnabled::No);

It doesn't look like the implementations of  resetCNAMEDomainData() and
setCNAMECloakingMitigationEnabled are guarded by the same conditional being
used here.

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:875
> +#if HAVE(CFNETWORK_CNAME_AND_COOKIE_TRANSFORM_SPI)
> +	  
networkSession->setCNAMECloakingMitigationEnabled(WebCore::CNAMECloakingMitigat
ionEnabled::Yes);
> +#endif

This is seems unexpected. There is nothing ResourceLoadStatistics related about
cname cloaking it seems. Why would enabling ResourceLoadStatistics testing
enable this. Seems like this should be treated like all other features and
enable as needed, not grouped in with another feature.

> Source/WebKit/Shared/WebPreferences.yaml:2063
> +  humanReadableDescription: "Enable third-party CNAME cloaking mitigation
when Intelligent Tracking Prevention is enabled"

I don't think including marketing names like Intelligent Tracking Prevention is
warranted here. There really doesn't seem to be any correlation.

> Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:1968
> +void
WebsiteDataStore::setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(cons
t URL& cnameURL, CompletionHandler<void()>&& completionHandler)
> +{
> +    if (cnameURL.host() != "testwebkit.org"_s && cnameURL.host() !=
"3rdpartytestwebkit.org"_s) {
> +	   completionHandler();
> +	   return;
> +    }
> +
> +    auto callbackAggregator =
CallbackAggregator::create(WTFMove(completionHandler));
> +
> +    for (auto& processPool : processPools()) {
> +	   if (auto* networkProcess = processPool->networkProcess())
> +	       networkProcess->setThirdPartyCNAMEDomainForTesting(m_sessionID,
WebCore::RegistrableDomain { cnameURL }, [callbackAggregator] { });
> +    }
> +}

This (and a lot of the rest of the patch) seem to be adding a lot of binary
code bloat that is only used for testing. Can you explain why this can't be
tested without adding all this infrastructure? Is the issue no way to mock out
the networking bits needed to return a CNAME chain?

> Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:2317
>  #if ENABLE(RESOURCE_LOAD_STATISTICS)
>	   thirdPartyCookieBlockingMode(),
>	   WebCore::SameSiteStrictEnforcementEnabled::No,
> +	   WebCore::CNAMECloakingMitigationEnabled::No,
>  #endif

This doesn't seem like the appropriate conditional.

> Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:207
> +    void setResourceLoadStatisticsFirstPartyHostCNAMEDomainForTesting(const
URL& firstPartyURL, const URL& cnameURL, CompletionHandler<void()>&&);
> +    void setResourceLoadStatisticsThirdPartyCNAMEDomainForTesting(const
URL&, CompletionHandler<void()>&&);

These function names don't make sense to me. There doesn't seem to be anything
ResourceLoadStatistics about these.

More information about the webkit-reviews mailing list