Changeset 207146 in webkit


Ignore:
Timestamp:
Oct 11, 2016 9:38:33 AM (7 years ago)
Author:
wilander@apple.com
Message:

Modify check-webkit-style to prohibit sensitive phrases
https://bugs.webkit.org/show_bug.cgi?id=163048
<rdar://problem/28289755>

Terms considered or found to be too general to flag:
ASSERT_WITH_SECURITY_IMPLICATION, bad cast, bug, bypass, crash,
denial of service, dereference, disclosure, error, exploit,
failure, heap, integer overflow, leak, null dereference,
null pointer dereference, out of bounds, overflow,
race condition, sensitive information, stack, type confusion.

Reviewed by Brent Fulgham.

  • Scripts/webkitpy/style/checkers/changelog.py:

(ChangeLogChecker.check_entry):

Now calls ChangeLogChecker.check_for_unwanted_security_terms().

(ChangeLogChecker):
(ChangeLogChecker.check_for_unwanted_security_terms):

New function to check for sensitive terms.

(ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm):
(ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm.init):

Convenience class.

  • Scripts/webkitpy/style/checkers/changelog_unittest.py:

(ChangeLogCheckerTest.test_unwanted_security_terms):

Location:
trunk/Tools
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Tools/ChangeLog

    r207144 r207146  
     12016-10-11  John Wilander  <wilander@apple.com>
     2
     3        Modify check-webkit-style to prohibit sensitive phrases
     4        https://bugs.webkit.org/show_bug.cgi?id=163048
     5        <rdar://problem/28289755>
     6
     7        Terms considered or found to be too general to flag:
     8        ASSERT_WITH_SECURITY_IMPLICATION, bad cast, bug, bypass, crash,
     9        denial of service, dereference, disclosure, error, exploit,
     10        failure, heap, integer overflow, leak, null dereference,
     11        null pointer dereference, out of bounds, overflow,
     12        race condition, sensitive information, stack, type confusion.
     13
     14        Reviewed by Brent Fulgham.
     15
     16        * Scripts/webkitpy/style/checkers/changelog.py:
     17        (ChangeLogChecker.check_entry):
     18            Now calls ChangeLogChecker.check_for_unwanted_security_terms().
     19        (ChangeLogChecker):
     20        (ChangeLogChecker.check_for_unwanted_security_terms):
     21            New function to check for sensitive terms.
     22        (ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm):
     23        (ChangeLogChecker.check_for_unwanted_security_terms.FoundUnwantedSecurityTerm.__init__):
     24            Convenience class.
     25        * Scripts/webkitpy/style/checkers/changelog_unittest.py:
     26        (ChangeLogCheckerTest.test_unwanted_security_terms):
     27
    1282016-10-11  Ryan Haddad  <ryanhaddad@apple.com>
    229
  • trunk/Tools/Scripts/webkitpy/style/checkers/changelog.py

    r159997 r207146  
    2525
    2626from common import TabChecker, match, search, searchIgnorecase
     27from sys import maxsize
    2728from webkitpy.common.checkout.changelog import parse_bug_id_from_changelog
    2829
     
    7576                                        "You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible.")
    7677
     78        self.check_for_unwanted_security_phrases(first_line_checked, entry_lines)
     79
    7780    def check(self, lines):
    7881        self._tab_checker.check(lines)
     
    9295
    9396        self.check_entry(first_line_checked, entry_lines)
     97
     98    def contains_phrase_in_first_line_or_across_two_lines(self, phrase, line1, line2):
     99        return searchIgnorecase(phrase, line1) or ((not searchIgnorecase(phrase, line2)) and searchIgnorecase(phrase, line1 + " " + line2))
     100
     101    def check_for_unwanted_security_phrases(self, first_line_checked, lines):
     102        unwanted_security_phrases = [
     103            "arbitrary code execution", "buffer overflow", "buffer overrun",
     104            "buffer underrun", "dangling pointer", "double free", "fuzzer", "fuzzing", "fuzz test",
     105            "invalid cast", "jsfunfuzz", "malicious", "memory corruption", "security bug",
     106            "security flaw", "use after free", "use-after-free", "UXSS",
     107            "WTFCrashWithSecurityImplication",
     108            "spoof",  # Captures spoof, spoofed, spoofing
     109            "vulnerab",  # Captures vulnerable, vulnerability, vulnerabilities
     110        ]
     111
     112        lines_with_single_spaces = []
     113        for line in lines:
     114            lines_with_single_spaces.append(" ".join(line.split()))
     115
     116        found_unwanted_security_phrases = []
     117        last_index = len(lines_with_single_spaces) - 1
     118        first_line_number_with_unwanted_phrase = maxsize
     119        for unwanted_phrase in unwanted_security_phrases:
     120            for line_index, line in enumerate(lines_with_single_spaces):
     121                next_line = "" if line_index >= last_index else lines_with_single_spaces[line_index + 1]
     122                if self.contains_phrase_in_first_line_or_across_two_lines(unwanted_phrase, line, next_line):
     123                    found_unwanted_security_phrases.append(unwanted_phrase)
     124                    first_line_number_with_unwanted_phrase = min(first_line_number_with_unwanted_phrase, first_line_checked + line_index)
     125
     126        if len(found_unwanted_security_phrases) > 0:
     127            self.handle_style_error(first_line_number_with_unwanted_phrase,
     128                                    "changelog/unwantedsecurityterms", 3,
     129                                    "Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: {}".format(", ".join(found_unwanted_security_phrases)))
  • trunk/Tools/Scripts/webkitpy/style/checkers/changelog_unittest.py

    r174136 r207146  
    181181                             '        * Source/WebKit/bar.cpp:\n'
    182182                             '        * Source/WebKit/foobar.cpp: Description\n')
     183
     184    def test_unwanted_security_terms(self):
     185        self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
     186                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     187                          '        ExampleBug\n'
     188                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     189                          '\n'
     190                          '        A buffer overflow existed in code.\n')
     191        self.assert_error(9, range(1, 20), 'changelog/unwantedsecurityterms',
     192                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     193                          '        ExampleBug\n'
     194                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     195                          '\n'
     196                          '        This patch addresses a great number of issues.\n'
     197                          '        Therefore there is a lot to say here about a great\n'
     198                          '        many things such as the weather, the latest and\n'
     199                          '        greatest in sports, and the mood of fiction\n'
     200                          '        characters. Anyway the patch fixes a use after\n'
     201                          '        free which is not good. Or rather, it is good\n'
     202                          '        that it is fixed but not good that it existed.\n')
     203        self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
     204                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     205                          '        ExampleBug\n'
     206                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     207                          '\n'
     208                          '        This patch addresses a pretty bad buffer\n'
     209                          '        overflow in\n')
     210        self.assert_error(2, range(1, 20), 'changelog/unwantedsecurityterms',
     211                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     212                          '        Fix use after free\n'
     213                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     214                          '\n'
     215                          '        A good fix.\n')
     216        self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
     217                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     218                          '        ExampleBug\n'
     219                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     220                          '\n'
     221                          '        Bug found through fuzzing.\n')
     222        self.assert_error(11, range(1, 20), 'changelog/unwantedsecurityterms',
     223                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     224                          '        ExampleBug\n'
     225                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     226                          '\n'
     227                          '        Bug found through testing.\n'
     228                          '\n'
     229                          '        Several new tests added.\n'
     230                          '\n'
     231                          '        * Source/WebKit/foo.cpp:    \n'
     232                          '        * Source/WebKit/bar.cpp:\n'
     233                          '        * Source/WebKit/foobar.cpp: Vulnerabilities fixed\n')
     234        self.assert_error(5, range(1, 20), 'changelog/unwantedsecurityterms',
     235                          '2016-11-11 Bogus Person <bperson@example.com>\n'
     236                          '        ExampleBug with several security sensitive terms in change log\n'
     237                          '        http://bugs.webkit.org/show_bug.cgi?id=12345\n'
     238                          '\n'
     239                          '        Use-after-free found through testing.\n'
     240                          '\n'
     241                          '        Several new tests added to check double free.\n'
     242                          '\n'
     243                          '        * Source/WebKit/foo.cpp:    \n'
     244                          '        * Source/WebKit/bar.cpp:\n'
     245                          '        * Source/WebKit/foobar.cpp: memory CORRUPTION fixed\n')
Note: See TracChangeset for help on using the changeset viewer.