Changeset 251582 in webkit

Timestamp:

Oct 24, 2019, 10:05:54 PM (6 years ago)

Author:

commit-queue@webkit.org

Message:

Add more information to SRI failure console messages
​https://bugs.webkit.org/show_bug.cgi?id=203383

Patch by Alex Christensen <​achristensen@webkit.org> on 2019-10-24
Reviewed by Geoff Garen.

Source/WebCore:

• bindings/js/ScriptModuleLoader.cpp:

(WebCore::ScriptModuleLoader::notifyFinished):

• dom/LoadableClassicScript.cpp:

(WebCore::LoadableClassicScript::notifyFinished):

• html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::didFinishLoading):
(WebCore::DocumentThreadableLoader::reportIntegrityMetadataError):

• loader/DocumentThreadableLoader.h:
• loader/SubresourceIntegrity.cpp:

(WebCore::integrityMismatchDescription):

• loader/SubresourceIntegrity.h:

LayoutTests:

• http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt:
• http/tests/subresource-integrity/sri-module-expected.txt:
• http/tests/subresource-integrity/sri-script-expected.txt:
• http/tests/subresource-integrity/sri-style-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/integrity-expected.txt (modified) (1 diff)
• LayoutTests/js/dom/modules/module-fetch-failure-not-cached-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/ScriptModuleLoader.cpp (modified) (1 diff)
• Source/WebCore/dom/LoadableClassicScript.cpp (modified) (1 diff)
• Source/WebCore/html/HTMLLinkElement.cpp (modified) (1 diff)
• Source/WebCore/loader/DocumentThreadableLoader.cpp (modified) (2 diffs)
• Source/WebCore/loader/DocumentThreadableLoader.h (modified) (1 diff)
• Source/WebCore/loader/SubresourceIntegrity.cpp (modified) (1 diff)
• Source/WebCore/loader/SubresourceIntegrity.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Add more information to SRI failure console messages
+        https://bugs.webkit.org/show_bug.cgi?id=203383
+
+        Reviewed by Geoff Garen.
+
+        * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt:
+        * http/tests/subresource-integrity/sri-module-expected.txt:
+        * http/tests/subresource-integrity/sri-script-expected.txt:
+        * http/tests/subresource-integrity/sri-style-expected.txt:
+
 2019-10-24  Devin Rousso  <drousso@apple.com>
 

trunk/LayoutTests/http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check.
-CONSOLE MESSAGE: line 107: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css. Failed integrity metadata check.
+CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check. Content length: 25, Expected content length: 25, Expected metadata: sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead
+CONSOLE MESSAGE: line 107: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead
 
 PASS Test that Subresource Integrity's 'integrity' property is exposed on the <link> element. 

trunk/LayoutTests/http/tests/subresource-integrity/sri-module-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest-module.js. Failed integrity metadata check.
-CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check.
-CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script-module.js. Failed integrity metadata check.
-CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script-module.js. Failed integrity metadata check.
+CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest-module.js. Failed integrity metadata check. Content length: 33, Expected content length: 33, Expected metadata: sha256-cWh9nPfm7/mRbKhzarnRYlsJWz5XTNcsqPFzKEx+zSU=
+CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha512-deadbeefspbnUnwooKGNNCb39nvg+EW0O9hDScTXeo/9pVZztLSUYU3LNV6H0lZapo8bCJUpyPPLAzE9fDzpxg== sha256-cWh9nPfm7/mRbKhzarnRYlsJWz5XTNcsqPFzKEx+zSU=
+CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script-module.js. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefcSLlbFZCj1OACLxTxVck2TOrBTEdUbwz1yU=
+CONSOLE MESSAGE: TypeError: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script-module.js. Failed integrity metadata check. Content length: 38, Expected content length: 38, Expected metadata: sha256-deadbeef2S+pTRZgiw3DWrhC6JLDlt2zRyGpwH7unU8=
 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check.
-CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check.
+CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha256-cWh9nPfm7_mRbKhzarnRYlsJWz5XTNcsqPFzKEx+zSU=
+CONSOLE MESSAGE: TypeError: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest-module.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha256-U9WYDtBWkcHx13+9UKk/3Q5eoqDc4YGxYb07EPWzb9e=?foo=bar?spam=eggs
 
 PASS Module: Same-origin with correct sha256 hash. 

trunk/LayoutTests/http/tests/subresource-integrity/sri-script-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script.js. Failed integrity metadata check.
+CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/non-matching-digest.js. Failed integrity metadata check. Content length: 25, Expected content length: 25, Expected metadata: sha256-U9WYDtBWkcHx13+9UKk/3Q5eoqDc4YGxYb07EPWzb9e=
+CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. Content length: 21, Expected content length: 21, Expected metadata: sha512-deadbeefspbnUnwooKGNNCb39nvg+EW0O9hDScTXeo/9pVZztLSUYU3LNV6H0lZapo8bCJUpyPPLAzE9fDzpxg== sha256-U9WYDtBWkcHx13+9UKk/3Q5eoqDc4YGxYb07EPWzb9E=
+CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha256-deadbeefcSLlbFZCj1OACLxTxVck2TOrBTEdUbwz1yU=
+CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-creds-script.js. Failed integrity metadata check. Content length: 30, Expected content length: 30, Expected metadata: sha256-deadbeef2S+pTRZgiw3DWrhC6JLDlt2zRyGpwH7unU8=
 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check.
+CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha256-51AjITq701Y0yKSx3/UoIKtIY2UQ9+H8WGyyMuOWOC0=
+CONSOLE MESSAGE: Cannot load script http://localhost:8000/subresource-integrity/resources/crossorigin-anon-script.js. Failed integrity metadata check. Content length: 29, Expected content length: 29, Expected metadata: sha256-deadbeef01Y0yKSx3/UoIKtIY2UQ9+H8WGyyMuOWOC0=
+CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. Content length: 21, Expected content length: 21, Expected metadata: sha256-U9WYDtBWkcHx13+9UKk_3Q5eoqDc4YGxYb07EPWzb9E=
+CONSOLE MESSAGE: Cannot load script http://127.0.0.1:8000/subresource-integrity/resources/matching-digest.js. Failed integrity metadata check. Content length: 21, Expected content length: 21, Expected metadata: sha256-U9WYDtBWkcHx13+9UKk/3Q5eoqDc4YGxYb07EPWzb9e=?foo=bar?spam=eggs
 
 PASS Script: Same-origin with correct sha256 hash. 

trunk/LayoutTests/http/tests/subresource-integrity/sri-style-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?5. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?9. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&2. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-creds-style.css?&2. Failed integrity metadata check.
+CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?5. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead
+CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/style.css?9. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha512-deadbeef9wXDjd6Wq3H6nPAhI9zOvG7mJkUr03MTxaO+8ztTKnfJif42laL93Be/IF6YYZHHF4esitVYxiwpY2== sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=
+CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&2. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=
+CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-creds-style.css?&2. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=
 CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&3. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&4. Failed integrity metadata check.
-CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/alternate.css?2. Failed integrity metadata check.
+CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&3. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-CzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk7gyCWUV4=
+CONSOLE MESSAGE: Cannot load stylesheet http://localhost:8000/subresource-integrity/resources/crossorigin-anon-style.css?&4. Failed integrity metadata check. Content length: 37, Expected content length: 37, Expected metadata: sha256-deadbeefCzHgdJ7wOccM8L89n4bhcJMz3F+SPLT7YZk=
+CONSOLE MESSAGE: Cannot load stylesheet http://127.0.0.1:8000/subresource-integrity/resources/alternate.css?2. Failed integrity metadata check. Content length: 34, Expected content length: 34, Expected metadata: sha256-fail83bWhnLig+d2VPKrRrTRyhqoDRo1ruGqZLZ0= sha512-failB7ktnzcb6h+kB9CUIuc8qvKIyLpygRJdQSEEycRy74dUsB+Yu9rSjpOPjRUblle8WWX9Gn7v39LK2Oceig==
 
 PASS Style: Same-origin with correct sha256 hash 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/integrity-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: line 1: TypeError: Cannot load script http://localhost:8800/html/semantics/scripting-1/the-script-element/module/integrity-mismatches.js. Failed integrity metadata check.
+CONSOLE MESSAGE: line 1: TypeError: Cannot load script http://localhost:8800/html/semantics/scripting-1/the-script-element/module/integrity-mismatches.js. Failed integrity metadata check. Content length: 93, Expected content length: -1, Expected metadata: sha384-doesnotmatch
 
 PASS The integrity attribute must have no affect on inline module scripts 

trunk/LayoutTests/js/dom/modules/module-fetch-failure-not-cached-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: TypeError: Cannot load script module-fetch-failure-not-cached.js. Failed integrity metadata check.
+CONSOLE MESSAGE: TypeError: Cannot load script module-fetch-failure-not-cached.js. Failed integrity metadata check. Content length: 30, Expected content length: 30, Expected metadata: sha256-badbeef
 
 PASS Module fetch failure is not cached in module pipeline 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Add more information to SRI failure console messages
+        https://bugs.webkit.org/show_bug.cgi?id=203383
+
+        Reviewed by Geoff Garen.
+
+        * bindings/js/ScriptModuleLoader.cpp:
+        (WebCore::ScriptModuleLoader::notifyFinished):
+        * dom/LoadableClassicScript.cpp:
+        (WebCore::LoadableClassicScript::notifyFinished):
+        * html/HTMLLinkElement.cpp:
+        (WebCore::HTMLLinkElement::setCSSStyleSheet):
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::didFinishLoading):
+        (WebCore::DocumentThreadableLoader::reportIntegrityMetadataError):
+        * loader/DocumentThreadableLoader.h:
+        * loader/SubresourceIntegrity.cpp:
+        (WebCore::integrityMismatchDescription):
+        * loader/SubresourceIntegrity.h:
+
 2019-10-24  Devin Rousso  <drousso@apple.com>
 

trunk/Source/WebCore/bindings/js/ScriptModuleLoader.cpp

@@ -314 +314 @@
     if (auto* parameters = loader.parameters()) {
         if (!matchIntegrityMetadata(cachedScript, parameters->integrity())) {
-            promise->reject(TypeError, makeString("Cannot load script ", cachedScript.url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check."));
+            promise->reject(TypeError, makeString("Cannot load script ", integrityMismatchDescription(cachedScript, parameters->integrity())));
             return;
         }

trunk/Source/WebCore/dom/LoadableClassicScript.cpp

@@ -111 +111 @@
         m_error = Error {
             ErrorType::FailedIntegrityCheck,
-            ConsoleMessage { MessageSource::Security, MessageLevel::Error, makeString("Cannot load script ", m_cachedScript->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.") }
+            ConsoleMessage { MessageSource::Security, MessageLevel::Error, makeString("Cannot load script ", integrityMismatchDescription(resource, m_integrity)) }
         };
     }

trunk/Source/WebCore/html/HTMLLinkElement.cpp

@@ -433 +433 @@
 
     if (!cachedStyleSheet->errorOccurred() && !matchIntegrityMetadata(*cachedStyleSheet, m_integrityMetadataForPendingSheetRequest)) {
-        document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Cannot load stylesheet ", cachedStyleSheet->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check."));
+        document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Cannot load stylesheet ", integrityMismatchDescription(*cachedStyleSheet, m_integrityMetadataForPendingSheetRequest)));
 
         m_loading = false;

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -443 +443 @@
     if (m_delayCallbacksForIntegrityCheck) {
         if (!matchIntegrityMetadata(*m_resource, m_options.integrity)) {
-            reportIntegrityMetadataError(m_resource->url());
+            reportIntegrityMetadataError(*m_resource, m_options.integrity);
             return;
         }
@@ -684 +684 @@
 }
 
-void DocumentThreadableLoader::reportIntegrityMetadataError(const URL& url)
-{
-    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Failed integrity metadata check."_s, ResourceError::Type::General));
+void DocumentThreadableLoader::reportIntegrityMetadataError(const CachedResource& resource, const String& expectedMetadata)
+{
+    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, resource.url(), makeString("Failed integrity metadata check. "_s, integrityMismatchDescription(resource, expectedMetadata)), ResourceError::Type::General));
 }
 

trunk/Source/WebCore/loader/DocumentThreadableLoader.h

@@ -114 +114 @@
         void reportContentSecurityPolicyError(const URL&);
         void reportCrossOriginResourceSharingError(const URL&);
-        void reportIntegrityMetadataError(const URL&);
+        void reportIntegrityMetadataError(const CachedResource&, const String& expectedMetadata);
         void logErrorAndFail(const ResourceError&);
 

trunk/Source/WebCore/loader/SubresourceIntegrity.cpp

@@ -209 +209 @@
 }
 
-}
+String integrityMismatchDescription(const CachedResource& resource, const String& integrityMetadata)
+{
+    StringBuilder builder;
+
+    builder.append(resource.url().stringCenterEllipsizedToLength());
+    builder.append(". Failed integrity metadata check. ");
+    builder.append("Content length: ");
+    if (auto* resourceBuffer = resource.resourceBuffer())
+        builder.appendNumber(resourceBuffer->size());
+    else
+        builder.append("(no content)");
+    builder.append(", Expected content length: ");
+    builder.appendNumber(resource.response().expectedContentLength());
+    builder.append(", Expected metadata: ");
+    builder.append(integrityMetadata);
+
+    return builder.toString();
+}
+
+}

trunk/Source/WebCore/loader/SubresourceIntegrity.h

@@ -33 +33 @@
 
 bool matchIntegrityMetadata(const CachedResource&, const String& integrityMetadata);
+String integrityMismatchDescription(const CachedResource&, const String& integrityMetadata);
 
 }