Bug 1501680 - Don't send credentials in ssl error reports. r=Gijs, a=RyanVM
authorJohann Hofmann <jhofmann@mozilla.com>
Thu, 01 Nov 2018 18:49:11 +0000
changeset 501031 309fbb6fbc62cd2fa09b4a2d6fc3d5b92b1f8b55
parent 501030 1597b2e3a491dedf4ce87d91ef89c63b5da476c2
child 501032 4c7bbc4c6fbc8a4233590f01cd74ae44fad5f24c
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs, RyanVM
bugs1501680
milestone64.0
Bug 1501680 - Don't send credentials in ssl error reports. r=Gijs, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D10594
security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
toolkit/components/securityreporter/SecurityReporter.js
--- a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
+++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
@@ -39,16 +39,17 @@ var server;
 // expected.
 function getReportCheck(expectReport, expectedError) {
   return function sendReportWithInfo(transportSecurityInfo) {
     // register a path handler on the server
     server.registerPathHandler("/submit/sslreports",
                               function(request, response) {
       if (expectReport) {
         let report = JSON.parse(readDataFromRequest(request));
+        Assert.equal(request.getHeader("Cookie"), "", "No cookie sent.");
         Assert.equal(report.errorCode, expectedError);
         response.setStatusLine(null, 201, "Created");
         response.write("Created");
       } else {
         do_throw("No report should have been received");
       }
     });
 
@@ -82,16 +83,25 @@ function run_test() {
   let port = server.identity.primaryPort;
 
   // Set the reporting URL to ensure any reports are sent to the test server
   Services.prefs.setCharPref("security.ssl.errorReporting.url",
                              `http://localhost:${port}/submit/sslreports`);
   // set strict-mode pinning enforcement so we can cause connection failures.
   Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
 
+  // Add a cookie so that we can assert it's not sent along with the report.
+  Services.cookies.add("localhost", "/", "foo", "bar",
+                       false, false, false, Date.now() + 24000 * 60 * 60, {},
+                       Ci.nsICookie2.SAMESITE_UNSET);
+
+  registerCleanupFunction(() => {
+    Services.cookies.removeAll();
+  });
+
   // start a TLS server
   add_tls_server_setup("BadCertServer", "bad_certs");
 
   // Add a user-specified trust anchor.
   addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
 
 
   // Cause a reportable condition with error reporting disabled. No report
--- a/toolkit/components/securityreporter/SecurityReporter.js
+++ b/toolkit/components/securityreporter/SecurityReporter.js
@@ -78,16 +78,17 @@ SecurityReporter.prototype = {
       build: Services.appinfo.appBuildID,
       product: Services.appinfo.name,
       channel: UpdateUtils.UpdateChannel,
     };
 
     fetch(endpoint, {
       method: "POST",
       body: JSON.stringify(report),
+      credentials: "omit",
       headers: {
         "Content-Type": "application/json",
       },
     }).then(function(aResponse) {
       if (!aResponse.ok) {
         // request returned non-success status
         Services.telemetry.getHistogramById(HISTOGRAM_ID)
           .add(TLS_ERROR_REPORT_TELEMETRY_FAILURE);