Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(958)

Issue 769043003: Sanitize headers in Proxy Authentication Required responses (Closed)

Created:
6 years ago by Deprecated (see juliatuttle)
Modified:
5 years, 11 months ago
CC:
cbentzel+watch_chromium.org, chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Sanitize headers in Proxy Authentication Required responses BUG=431504 Committed: https://crrev.com/7933c117fd16b192e70609c331641e9112af5e42 Cr-Commit-Position: refs/heads/master@{#310014}

Patch Set 1 #

Patch Set 2 : Rearrange some things #

Total comments: 4

Patch Set 3 : Fix unittests #

Patch Set 4 : Fix net_unittests #

Total comments: 24

Patch Set 5 : #

Total comments: 2

Patch Set 6 : Don't concatenate multiple Proxy-Auth headers #

Patch Set 7 : Make code actually compile :D #

Patch Set 8 : Fix Keep-Alive #

Patch Set 9 : Fix other unit test cases #

Patch Set 10 : Add a couple EXPECTs back #

Total comments: 3

Patch Set 11 : Add test case for sanitizing proxy auth headers #

Patch Set 12 : rebase #

Total comments: 5

Patch Set 13 : reformat something #

Total comments: 12

Patch Set 14 : rebase and fix codereview issues #

Total comments: 2

Patch Set 15 : Fix sleevi's nit #

Unified diffs Side-by-side diffs Delta from patch set Stats (+150 lines, -44 lines) Patch
M net/http/http_network_transaction_unittest.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 4 chunks +75 lines, -12 lines 0 comments Download
M net/http/http_proxy_client_socket.cc View 1 2 3 4 5 6 7 8 9 10 11 12 1 chunk +13 lines, -11 lines 0 comments Download
M net/http/proxy_client_socket.h View 1 chunk +9 lines, -3 lines 0 comments Download
M net/http/proxy_client_socket.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 2 chunks +41 lines, -10 lines 0 comments Download
M net/spdy/spdy_proxy_client_socket.cc View 1 1 chunk +12 lines, -8 lines 0 comments Download

Messages

Total messages: 46 (2 generated)
Deprecated (see juliatuttle)
PTAL, folks.
6 years ago (2014-12-01 21:17:20 UTC) #2
Ryan Sleevi
https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc#newcode78 net/http/proxy_client_socket.cc:78: return true; I have trouble convincing myself a blacklist ...
6 years ago (2014-12-01 21:28:49 UTC) #3
Ryan Hamilton
Should we have test coverage for this new behavior? https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc#newcode78 net/http/proxy_client_socket.cc:78: ...
6 years ago (2014-12-02 01:50:53 UTC) #4
asanka
Could someone +cc me on the bug? On 2014/12/02 01:50:53, Ryan Hamilton wrote: > Should ...
6 years ago (2014-12-02 19:55:28 UTC) #5
Ryan Hamilton
On Tue, Dec 2, 2014 at 11:55 AM, <asanka@chromium.org> wrote: > Could someone +cc me ...
6 years ago (2014-12-02 20:01:53 UTC) #6
Deprecated (see juliatuttle)
https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc#newcode78 net/http/proxy_client_socket.cc:78: return true; On 2014/12/02 01:50:52, Ryan Hamilton wrote: > ...
6 years ago (2014-12-02 20:10:21 UTC) #7
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/20001/net/http/proxy_client_socket.cc#newcode78 net/http/proxy_client_socket.cc:78: return true; On 2014/12/02 20:10:21, ttuttle wrote: > On ...
6 years ago (2014-12-02 20:14:25 UTC) #8
asanka
I'm good with sanitizing the response headers, but is there also an underlying problem where ...
6 years ago (2014-12-02 20:29:01 UTC) #9
Ryan Hamilton
On 2014/12/02 20:29:01, asanka wrote: > I'm good with sanitizing the response headers, but is ...
6 years ago (2014-12-02 21:16:16 UTC) #10
Ryan Hamilton
On 2014/12/02 21:16:16, Ryan Hamilton wrote: > On 2014/12/02 20:29:01, asanka wrote: > > I'm ...
6 years ago (2014-12-02 21:25:03 UTC) #11
Deprecated (see juliatuttle)
On 2014/12/02 21:25:03, Ryan Hamilton wrote: > On 2014/12/02 21:16:16, Ryan Hamilton wrote: > > ...
6 years ago (2014-12-02 21:52:27 UTC) #12
Ryan Sleevi
I am long on the record of thinking that displaying proxy error pages over HTTPS ...
6 years ago (2014-12-02 22:00:02 UTC) #13
Ryan Hamilton
On Tue, Dec 2, 2014 at 2:00 PM, Ryan Sleevi <rsleevi@chromium.org> wrote: > I am ...
6 years ago (2014-12-02 22:22:25 UTC) #14
Ryan Hamilton
Following up from an IM conversation, I believe this CL from ttutle (2 years ago) ...
6 years ago (2014-12-02 22:43:41 UTC) #15
Deprecated (see juliatuttle)
Okay, I've patched the unittests for the new expectations (no response body, and ERR_TUNNEL_CONNECTION_FAILED instead ...
6 years ago (2014-12-08 21:50:13 UTC) #16
Ryan Sleevi
I did some RFC confirmation (re: Proxy-Authenticate), but rch@ may be more familiar on the ...
6 years ago (2014-12-08 22:04:40 UTC) #17
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc#oldcode2480 net/http/http_network_transaction_unittest.cc:2480: // proxy connection, when setting up an SSL tunnel. ...
6 years ago (2014-12-08 22:51:59 UTC) #18
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc#newcode111 net/http/proxy_client_socket.cc:111: "HTTP/1.1 302 Found\n" On 2014/12/08 22:04:40, Ryan Sleevi wrote: ...
6 years ago (2014-12-08 22:53:48 UTC) #19
Ryan Sleevi
On 2014/12/08 22:53:48, Ryan Hamilton wrote: > https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc > File net/http/proxy_client_socket.cc (right): > > https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc#newcode111 ...
6 years ago (2014-12-08 22:58:06 UTC) #20
Deprecated (see juliatuttle)
PTAL. https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc#oldcode2480 net/http/http_network_transaction_unittest.cc:2480: // proxy connection, when setting up an SSL ...
6 years ago (2014-12-09 15:31:15 UTC) #21
asanka
https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc#oldcode2480 net/http/http_network_transaction_unittest.cc:2480: // proxy connection, when setting up an SSL tunnel. ...
6 years ago (2014-12-09 17:33:02 UTC) #22
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/60001/net/http/proxy_client_socket.cc#newcode91 net/http/proxy_client_socket.cc:91: "Content-Length: 0\n" On 2014/12/09 15:31:15, ttuttle wrote: > On ...
6 years ago (2014-12-10 19:53:42 UTC) #23
Deprecated (see juliatuttle)
Okay, I think Keep-Alive works now. https://codereview.chromium.org/769043003/diff/80001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/80001/net/http/proxy_client_socket.cc#newcode84 net/http/proxy_client_socket.cc:84: auth = auth ...
6 years ago (2014-12-10 20:36:19 UTC) #24
Deprecated (see juliatuttle)
PTAL, folks. https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/60001/net/http/http_network_transaction_unittest.cc#oldcode2480 net/http/http_network_transaction_unittest.cc:2480: // proxy connection, when setting up an ...
6 years ago (2014-12-10 20:38:40 UTC) #25
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc File net/http/http_proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc#newcode500 net/http/http_proxy_client_socket.cc:500: return ERR_HTTPS_PROXY_TUNNEL_RESPONSE; On 2014/12/09 15:31:15, ttuttle wrote: > On ...
6 years ago (2014-12-10 22:09:21 UTC) #26
Ryan Sleevi
https://codereview.chromium.org/769043003/diff/180001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/180001/net/http/proxy_client_socket.cc#newcode105 net/http/proxy_client_socket.cc:105: On 2014/12/10 22:09:21, Ryan Hamilton wrote: > I'm curious ...
6 years ago (2014-12-10 22:57:01 UTC) #27
Deprecated (see juliatuttle)
https://codereview.chromium.org/769043003/diff/180001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/180001/net/http/proxy_client_socket.cc#newcode105 net/http/proxy_client_socket.cc:105: On 2014/12/10 22:57:01, Ryan Sleevi wrote: > On 2014/12/10 ...
6 years ago (2014-12-11 00:20:04 UTC) #28
Deprecated (see juliatuttle)
PTAL, everyone. On 2014/12/11 00:20:04, ttuttle wrote: > https://codereview.chromium.org/769043003/diff/180001/net/http/proxy_client_socket.cc > File net/http/proxy_client_socket.cc (right): > > ...
6 years ago (2014-12-17 19:02:30 UTC) #29
Ryan Sleevi
I'm still shaky on the testing here. Why aren't you testing for a hypothetical multi-legged ...
6 years ago (2014-12-17 22:37:12 UTC) #30
Deprecated (see juliatuttle)
Hmm. I added the existing keep-alive test back, I thought? I guess that only covers ...
6 years ago (2014-12-17 23:44:52 UTC) #31
Ryan Hamilton
On 2014/12/17 19:02:30, ttuttle wrote: > The content length is also stored in the HttpStreamParser, ...
6 years ago (2014-12-19 21:26:47 UTC) #32
Ryan Hamilton
https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc File net/http/http_proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc#newcode500 net/http/http_proxy_client_socket.cc:500: return ERR_HTTPS_PROXY_TUNNEL_RESPONSE; On 2014/12/10 22:09:21, Ryan Hamilton wrote: > ...
6 years ago (2014-12-19 21:26:59 UTC) #33
Ryan Sleevi
https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc#newcode99 net/http/proxy_client_socket.cc:99: CopyHeaderValues(old_headers, new_headers, "Connection"); On 2014/12/19 21:26:59, Ryan Hamilton wrote: ...
6 years ago (2014-12-19 21:30:25 UTC) #34
Deprecated (see juliatuttle)
On 2014/12/19 21:30:25, Ryan Sleevi wrote: > https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc > File net/http/proxy_client_socket.cc (right): > > https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc#newcode99 ...
6 years ago (2014-12-19 21:40:43 UTC) #35
Deprecated (see juliatuttle)
PTAL, rch and rsleevi. https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc File net/http/http_proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/60001/net/http/http_proxy_client_socket.cc#newcode500 net/http/http_proxy_client_socket.cc:500: return ERR_HTTPS_PROXY_TUNNEL_RESPONSE; On 2014/12/19 21:26:58, ...
6 years ago (2014-12-19 21:50:46 UTC) #36
Ryan Hamilton
I think this LGTM. Sleevi? https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc File net/http/proxy_client_socket.cc (right): https://codereview.chromium.org/769043003/diff/220001/net/http/proxy_client_socket.cc#newcode99 net/http/proxy_client_socket.cc:99: CopyHeaderValues(old_headers, new_headers, "Connection"); On ...
6 years ago (2014-12-19 21:53:45 UTC) #37
Ryan Sleevi
https://codereview.chromium.org/769043003/diff/240001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/240001/net/http/http_network_transaction_unittest.cc#oldcode2553 net/http/http_network_transaction_unittest.cc:2553: EXPECT_EQ(10, response->headers->GetContentLength()); Rather than deleting these, you should be ...
6 years ago (2014-12-19 22:06:25 UTC) #38
Deprecated (see juliatuttle)
PTAL. https://codereview.chromium.org/769043003/diff/240001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (left): https://codereview.chromium.org/769043003/diff/240001/net/http/http_network_transaction_unittest.cc#oldcode2553 net/http/http_network_transaction_unittest.cc:2553: EXPECT_EQ(10, response->headers->GetContentLength()); On 2014/12/19 22:06:25, Ryan Sleevi wrote: ...
5 years, 11 months ago (2015-01-02 19:40:55 UTC) #39
Ryan Sleevi
lgtm https://codereview.chromium.org/769043003/diff/260001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (right): https://codereview.chromium.org/769043003/diff/260001/net/http/http_network_transaction_unittest.cc#newcode2687 net/http/http_network_transaction_unittest.cc:2687: ASSERT_TRUE(response != NULL); nullptr although cleaner to just ...
5 years, 11 months ago (2015-01-02 22:56:02 UTC) #40
asanka
lgtm
5 years, 11 months ago (2015-01-05 23:03:44 UTC) #41
Deprecated (see juliatuttle)
https://codereview.chromium.org/769043003/diff/260001/net/http/http_network_transaction_unittest.cc File net/http/http_network_transaction_unittest.cc (right): https://codereview.chromium.org/769043003/diff/260001/net/http/http_network_transaction_unittest.cc#newcode2687 net/http/http_network_transaction_unittest.cc:2687: ASSERT_TRUE(response != NULL); On 2015/01/02 22:56:02, Ryan Sleevi (ooo ...
5 years, 11 months ago (2015-01-05 23:06:30 UTC) #42
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/769043003/280001
5 years, 11 months ago (2015-01-06 00:10:27 UTC) #44
commit-bot: I haz the power
Committed patchset #15 (id:280001)
5 years, 11 months ago (2015-01-06 00:55:51 UTC) #45
commit-bot: I haz the power
5 years, 11 months ago (2015-01-06 00:56:41 UTC) #46
Message was sent while issue was closed.
Patchset 15 (id:??) landed as
https://crrev.com/7933c117fd16b192e70609c331641e9112af5e42
Cr-Commit-Position: refs/heads/master@{#310014}

Powered by Google App Engine
This is Rietveld 408576698