Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2568933002:
[WebPayments] Desktop: Adding validation and binding checks (Closed)
Description[WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest.
BUG=673430
Review-Url: https://codereview.chromium.org/2568933002
Cr-Commit-Position: refs/heads/master@{#442371}
Committed: https://chromium.googlesource.com/chromium/src/+/8ce922854237356ea07d4a5a67aa6d8289470f36
Patch Set 1 #
Total comments: 3
Patch Set 2 : Rebasing + Adding error handling #
Total comments: 2
Patch Set 3 : Second round of comments #Patch Set 4 : Reconciling anthonyvd patch #Patch Set 5 : Reconciling, ct'd. #Patch Set 6 : Rebasing on mathp change #Patch Set 7 : Recalculating diff #Patch Set 8 : Missed line in rebase #Messages
Total messages: 48 (32 generated)
Description was changed from ========== [WebPayments] Desktop: Moving display code from Init to Show. BUG= ========== to ========== [WebPayments] Desktop: Moving display code from Init to Show. BUG=673430 ==========
tmartino@chromium.org changed reviewers: + rouslan@chromium.org
https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... File chrome/browser/payments/payment_request_impl.cc (right): https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... chrome/browser/payments/payment_request_impl.cc:67: void PaymentRequestImpl::Show() { It seems like this needs to have a check to ensure it was Init'd first, yeah? Do we have a policy on what should happen in this case? DCHECK? CHECK? Return with no-op? Call OnError?
https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... File chrome/browser/payments/payment_request_impl.cc (right): https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... chrome/browser/payments/payment_request_impl.cc:67: void PaymentRequestImpl::Show() { On 2016/12/12 19:35:30, tmartino wrote: > It seems like this needs to have a check to ensure it was Init'd first, yeah? Do > we have a policy on what should happen in this case? DCHECK? CHECK? Return with > no-op? Call OnError? ------------------------------ Init(): Validate |details| using: https://cs.chromium.org/chromium/src/components/payments/payment_details_vali... If the |details| are invalid, make sure that |client->OnError(USER_CANCEL)| is called and both pipes to the renderer are disconnected. The two pipes are |binding_| and |client_|. The renderer should not be sending invalid data, so this means the renderer has been compromised. ------------------------------ Show(): If you don't have an open pipe to the renderer, return. There's nothing you can do. (Don't show UI.) ------------------------------
mathp@chromium.org changed reviewers: + mathp@chromium.org
https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... File chrome/browser/payments/payment_request_impl.cc (right): https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... chrome/browser/payments/payment_request_impl.cc:67: void PaymentRequestImpl::Show() { On 2016/12/12 20:46:48, rouslan wrote: > On 2016/12/12 19:35:30, tmartino wrote: > > It seems like this needs to have a check to ensure it was Init'd first, yeah? > Do > > we have a policy on what should happen in this case? DCHECK? CHECK? Return > with > > no-op? Call OnError? > ------------------------------ > Init(): > > Validate |details| using: > > https://cs.chromium.org/chromium/src/components/payments/payment_details_vali... > > If the |details| are invalid, make sure that |client->OnError(USER_CANCEL)| is > called and both pipes to the renderer are disconnected. The two pipes are > |binding_| and |client_|. > > The renderer should not be sending invalid data, so this means the renderer has > been compromised. > > ------------------------------ > Show(): > > If you don't have an open pipe to the renderer, return. There's nothing you can > do. (Don't show UI.) > ------------------------------ Note that while some of this code has landed in another CL, Rouslan's comments are still worth implementing.
On 2017/01/05 at 15:53:55, mathp wrote: > https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... > File chrome/browser/payments/payment_request_impl.cc (right): > > https://codereview.chromium.org/2568933002/diff/1/chrome/browser/payments/pay... > chrome/browser/payments/payment_request_impl.cc:67: void PaymentRequestImpl::Show() { > On 2016/12/12 20:46:48, rouslan wrote: > > On 2016/12/12 19:35:30, tmartino wrote: > > > It seems like this needs to have a check to ensure it was Init'd first, yeah? > > Do > > > we have a policy on what should happen in this case? DCHECK? CHECK? Return > > with > > > no-op? Call OnError? > > ------------------------------ > > Init(): > > > > Validate |details| using: > > > > https://cs.chromium.org/chromium/src/components/payments/payment_details_vali... > > > > If the |details| are invalid, make sure that |client->OnError(USER_CANCEL)| is > > called and both pipes to the renderer are disconnected. The two pipes are > > |binding_| and |client_|. > > > > The renderer should not be sending invalid data, so this means the renderer has > > been compromised. > > > > ------------------------------ > > Show(): > > > > If you don't have an open pipe to the renderer, return. There's nothing you can > > do. (Don't show UI.) > > ------------------------------ > > Note that while some of this code has landed in another CL, Rouslan's comments are still worth implementing. Agreed. I'm in progress on them and I'll send out a revised CL this afternoon.
The CQ bit was checked by rouslan@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
The CQ bit was checked by tmartino@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
PTAL
https://codereview.chromium.org/2568933002/diff/20001/chrome/browser/payments... File chrome/browser/payments/payment_request_impl.cc (right): https://codereview.chromium.org/2568933002/diff/20001/chrome/browser/payments... chrome/browser/payments/payment_request_impl.cc:67: if (!validatePaymentDetails(details, &err_msg)) { Also: LOG(ERROR) << err_msg; By the way, you may also want to close binding_ and call that UnassignPaymentRequest thingy. You don't have to call client_->OnError(), because that tells renderer that an error occurred. In fact, if this validation error happens in the browser, then the renderer is already compromised. So there's no need to talk back to it. Therefore, client_.reset() is sufficient. https://codereview.chromium.org/2568933002/diff/20001/chrome/browser/payments... chrome/browser/payments/payment_request_impl.cc:76: } Can you do this? it should ensure that PaymentRequestImpl is deleted, I think. krb@ originally designed the factory and knows best how it works, but I hear mathp@ wants to improve on it. if (!client_.is_bound() || !binding_.is_bound()) { payment_request_factory.Get().UnassignPaymentRequest(web_contents_); return; } // The rest of code.
Please update the CL description, btw.
Description was changed from ========== [WebPayments] Desktop: Moving display code from Init to Show. BUG=673430 ========== to ========== [WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest. BUG=673430 ==========
The CQ bit was checked by tmartino@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Done, thanks. PTAL again :)
Description was changed from ========== [WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest. BUG=673430 ========== to ========== [WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest. BUG=673430 ==========
lgtm
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm
The CQ bit was checked by tmartino@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
tmartino@chromium.org changed reviewers: + anthonyvd@chromium.org
+anthonyvd to take a quick look. Anthony, you touched some of this code, so I wanted to make sure you're happy with how I rebased on top of your changes.
lgtm
On 2017/01/09 20:05:35, anthonyvd wrote: > lgtm BTW, this is being submitted so there will be a slight rebase: https://codereview.chromium.org/2611253004/
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by tmartino@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by tmartino@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by tmartino@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mathp@chromium.org, rouslan@chromium.org, anthonyvd@chromium.org Link to the patchset: https://codereview.chromium.org/2568933002/#ps140001 (title: "Missed line in rebase")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 140001, "attempt_start_ts": 1483999852027340,
"parent_rev": "82712717bb8f87ad7cc66e831d61d5fcb5352053", "commit_rev":
"8ce922854237356ea07d4a5a67aa6d8289470f36"}
Message was sent while issue was closed.
Description was changed from ========== [WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest. BUG=673430 ========== to ========== [WebPayments] Desktop: Adding validation and binding checks when initializing or showing PaymentRequest. BUG=673430 Review-Url: https://codereview.chromium.org/2568933002 Cr-Commit-Position: refs/heads/master@{#442371} Committed: https://chromium.googlesource.com/chromium/src/+/8ce922854237356ea07d4a5a67aa... ==========
Message was sent while issue was closed.
Committed patchset #8 (id:140001) as https://chromium.googlesource.com/chromium/src/+/8ce922854237356ea07d4a5a67aa... |
