E2e updated#307
Conversation
tmbrbr
left a comment
There was a problem hiding this comment.
There are still some post merge comments in the code.
|
Oh, sorry, there is some work to do still. |
|
Tainting through the JS Parser seems to work (see the mochitest), however, transferring taints from the server does not (yet?). Originally, this is done here, with |
As we can not get a direct reference to the pipe anymore, this commit adds an workaround. We can now mark inputstreams as taintable, i.e., they support the `SetTaint method`. As the input stream can reach back into the pipe, it can reuse the old taint propagation machinery as before. This lacks meaningful testing, as mochitests can't capture all that well that a piece of HTML from the server is tainted. When enabling nsHTTP logging, we can see the taint getting passed along however.
|
Sooo, I think I got a workaround in place now. This adds another marker interface for streams that allow to set taints and the input stream can reach back into the |
|
The tests don't quite work as exptected, but you can see the taint getting returned from the server and passed along with: MOZ_LOG=nsHttp:5 MOZ_UPLOAD_DIR=/tmp MOZ_HEADLESS=1 xvfb-run -- ./mach -v mochitest --headless taint/test/mochitest/test_end2end.html |
|
oh, it seems to work (to some degree). If I set up a local server and transmit taints, the |
|
All windows builds are failing for this branch due to automatically enabling debugging flags, will look into that later today. |
Do we need the DEBUG flags explicitly for end-2-end tainting, or is this enabled just during development? |
|
This is just for development, so I'll disable them again. Alternatively, we could consider moving that into a build system option similar to taintspew i think? |
|
I think the textarea aspect is the only open point currently. I'd lean on disabling it, as I'm unsure of the rationale. Maybe disabling it via the preferences is the way to go, thinking about it. The inline script sink will be a separate PR, as it breaks some tests at the moment, and I would prefer to look into that separately over the coming weeks. |
|
Note that this will supersede #112 |
tmbrbr
left a comment
There was a problem hiding this comment.
There are a few cases where we create StringTaint objects directly, which leak memory when destroyed. I think these should be changed to SafeStringTaints (which deletes the TaintRanges).
tmbrbr
left a comment
There was a problem hiding this comment.
Thanks for this, looks great!
Working on a rebased version of end-to-end tainting.