DevTools: validate unsafe headers [chromium/src : main]

0 views
Skip to first unread message

Alex Rudenko (Gerrit)

unread,
Nov 8, 2024, 3:52:23 AMNov 8
to AyeAye, Andrey Kosyakov, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org
Attention needed from Andrey Kosyakov

Alex Rudenko added 1 comment

File content/browser/devtools/devtools_url_loader_interceptor.cc
Line 1779, Patchset 1: state_ == State::kResponseTaken || state_ == State::kRedirectReceived)
Alex Rudenko . resolved

I think that something looks broken but I have not investigated what it could be yet

Andrey Kosyakov

Yeah, it looks like it can easily happen in response to FollowRedirect():
https://source.chromium.org/chromium/chromium/src/+/main:services/network/url_loader.cc;l=1281;drc=0afc9ac9afcaab79fc54299039f4d27abf3a086d;bpv=1;bpt=1

Any chance you could reproduce hitting this in a test?
I wonder if we should provide some error response to client in such case.

Alex Rudenko

Oh, right, good point. Added a test and validation.

Open in Gerrit

Related details

Attention is currently required from:
  • Andrey Kosyakov
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 3
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Attention: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Comment-Date: Fri, 08 Nov 2024 08:52:13 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Alex Rudenko <alexr...@chromium.org>
Comment-In-Reply-To: Andrey Kosyakov <ca...@chromium.org>
satisfied_requirement
unsatisfied_requirement
open
diffy

Alex Rudenko (Gerrit)

unread,
Nov 8, 2024, 3:52:39 AMNov 8
to AyeAye, Andrey Kosyakov, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org
Attention needed from Andrey Kosyakov

Alex Rudenko added 1 comment

Commit Message
Line 10, Patchset 1:Or is something broken here?
Andrey Kosyakov . resolved

Please update this before landing.

Alex Rudenko

Done

Open in Gerrit

Related details

Attention is currently required from:
  • Andrey Kosyakov
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Review
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 3
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Attention: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Comment-Date: Fri, 08 Nov 2024 08:52:30 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Andrey Kosyakov <ca...@chromium.org>
satisfied_requirement
unsatisfied_requirement
open
diffy

Andrey Kosyakov (Gerrit)

unread,
Nov 12, 2024, 2:08:20 PMNov 12
to Alex Rudenko, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org
Attention needed from Alex Rudenko

Andrey Kosyakov voted and added 3 comments

Votes added by Andrey Kosyakov

Code-Review+1

3 comments

Patchset-level comments
File-level comment, Patchset 5 (Latest):
Andrey Kosyakov . resolved

Thanks, lgtm!

File content/browser/devtools/protocol/fetch_handler.cc
Line 175, Patchset 5 (Latest):template <typename Callback>
Andrey Kosyakov . unresolved

You don't really need it templated, given it's only called once.

Line 287, Patchset 5 (Latest): if (!ValidateHeadersForRequest(entry.get(), callback.get())) {
Andrey Kosyakov . unresolved

Should we just move `ValidateHeaders()` call above into `ValidateHeadersForRequest()`?

Open in Gerrit

Related details

Attention is currently required from:
  • Alex Rudenko
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 5
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Attention: Alex Rudenko <alexr...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Nov 2024 19:08:08 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Alex Rudenko (Gerrit)

unread,
Nov 12, 2024, 3:36:42 PMNov 12
to Andrey Kosyakov, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org

Alex Rudenko added 2 comments

File content/browser/devtools/protocol/fetch_handler.cc
Line 175, Patchset 5:template <typename Callback>
Andrey Kosyakov . resolved

You don't really need it templated, given it's only called once.

Alex Rudenko

Done

Line 287, Patchset 5: if (!ValidateHeadersForRequest(entry.get(), callback.get())) {
Andrey Kosyakov . resolved

Should we just move `ValidateHeaders()` call above into `ValidateHeadersForRequest()`?

Alex Rudenko

Done

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Review
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 6
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Nov 2024 20:36:29 +0000
satisfied_requirement
open
diffy

Alex Rudenko (Gerrit)

unread,
Nov 13, 2024, 2:07:53 AMNov 13
to Andrey Kosyakov, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org

Alex Rudenko voted Commit-Queue+2

Commit-Queue+2
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Review
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 6
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Comment-Date: Wed, 13 Nov 2024 07:07:36 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
open
diffy

Chromium LUCI CQ (Gerrit)

unread,
Nov 13, 2024, 2:11:13 AMNov 13
to Alex Rudenko, Andrey Kosyakov, AyeAye, chromium...@chromium.org, devtools...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org

Chromium LUCI CQ submitted the change with unreviewed changes

Unreviewed changes

5 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:

```
The name of the file: content/browser/devtools/protocol/fetch_handler.cc
Insertions: 6, Deletions: 4.

The diff is too large to show. Please review the diff.
```

Change information

Commit message:
DevTools: validate unsafe headers

If request headers that are considered to be unsafe by the network
service are used in DevTools request interceptions, DCHECKs will be
hit. This CL adds validation for request headers in continueRequest to
disallow unsafe headers.
Fixed: 40864248
Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Reviewed-by: Andrey Kosyakov <ca...@chromium.org>
Commit-Queue: Alex Rudenko <alexr...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1382169}
Files:
  • M content/browser/devtools/protocol/fetch_handler.cc
  • A third_party/blink/web_tests/http/tests/inspector-protocol/fetch/redirect-headers-override-unsafe-expected.txt
  • A third_party/blink/web_tests/http/tests/inspector-protocol/fetch/redirect-headers-override-unsafe.js
Change size: M
Delta: 3 files changed, 59 insertions(+), 1 deletion(-)
Branch: refs/heads/main
Submit Requirements:
  • requirement satisfiedCode-Review: +1 by Andrey Kosyakov
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I4f33240415fec01c7686a1437b2ca6fb29c1fe8e
Gerrit-Change-Number: 6000168
Gerrit-PatchSet: 7
Gerrit-Owner: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Andrey Kosyakov <ca...@chromium.org>
Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages