[Webkit-unassigned] [Bug 194543] New: [ Mac WK2 ] Layout Test http/tests/security/contentSecurityPolicy/ has several recent flaky tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 12 09:50:31 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=194543

            Bug ID: 194543
           Summary: [ Mac WK2 ] Layout Test
                    http/tests/security/contentSecurityPolicy/ has several
                    recent flaky tests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Tools / Tests
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sroberts at apple.com
                CC: lforschler at apple.com

The following layout test is flaky on Mac WK2 iOS

While investigating a flaky timeout in http/tests/security/contentSecurityPolicy/source-list-parsing-05.html

Found that the follow security tests in dashboard show a recent timeout regression.

http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-blob-url-iframe-in-iframe.html
http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe.html
http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html
http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html
http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-allow-same-origin-sandboxed-cross-url-allow.html
http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
http/tests/security/contentSecurityPolicy/window-open-javascript-url-with-target-blocked.html
http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/https-header-auxiliary.html
http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-worker.html
http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html
http/tests/security/contentSecurityPolicy/form-action-src-redirect-allowed2.html
http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked.html
http/tests/security/contentSecurityPolicy/source-list-parsing-04.html
http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html
http/tests/security/contentSecurityPolicy/module-eval-blocked-in-external-script.html

Probable cause:

Not reproducible locally right now running just the individual test. Starting testing with multiple directories and test runners that bots failed on server with.

Flakiness Dashboard:

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2F

Diff:

--- /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/security/contentSecurityPolicy/source-list-parsing-05-expected.txt
+++ /Volumes/Data/slave/mojave-release-tests-wk2/build/layout-test-results/http/tests/security/contentSecurityPolicy/source-list-parsing-05-actual.txt
@@ -1,67 +1,5 @@
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains a source with an invalid path: '/path?query=string'. The query component, including the '?', will be ignored.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains a source with an invalid path: '/path#anchor'. The fragment identifier, including the '#', will be ignored.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains a source with an invalid path: '/path?query=string'. The query component, including the '?', will be ignored.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains a source with an invalid path: '/path#anchor'. The fragment identifier, including the '#', will be ignored.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'pathwithasemicolon'.
+#PID UNRESPONSIVE - com.apple.WebKit.WebContent.Development (pid 18835)
+FAIL: Timed out waiting for notifyDone to be called

-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js because it does not appear in the script-src directive of the Content Security Policy.
-Paths should be ignored when evaluating sources. This test passes if FAIL does not appear in the output, and each of the tests generates a warning about the path component.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190212/093cb55d/attachment-0001.html>

More information about the webkit-unassigned mailing list