New issue
Advanced search Search tips

Issue 611905 link

Starred by 4 users

Issue metadata

Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug


Sign in to add a comment

Bunch of mojom files are not getting security reviewed

Project Member Reported by dcheng@chromium.org, May 13 2016

Issue description

We need to get all these security reviewed too =(

contextual_search/common/contextual_search_js_api_service.mojom
contextual_search/common/overlay_page_notifier_service.mojom

dom_distiller/content/common/distillability_service.mojom
dom_distiller/content/common/distiller_javascript_service.mojom
dom_distiller/content/common/distiller_page_notifier_service.mojom

filesystem/public/interfaces/directory.mojom
filesystem/public/interfaces/file.mojom
filesystem/public/interfaces/file_system.mojom
filesystem/public/interfaces/types.mojom

font_service/public/interfaces/font_service.mojom

leveldb/public/interfaces/leveldb.mojom

mus/public/interfaces/accelerator_registrar.mojom
mus/public/interfaces/channel_handle.mojom
mus/public/interfaces/command_buffer.mojom
mus/public/interfaces/compositor_frame.mojom
mus/public/interfaces/cursor.mojom
mus/public/interfaces/display.mojom
mus/public/interfaces/event_matcher.mojom
mus/public/interfaces/gpu.mojom
mus/public/interfaces/input_event_constants.mojom
mus/public/interfaces/input_events.mojom
mus/public/interfaces/input_key_codes.mojom
mus/public/interfaces/mus_constants.mojom
mus/public/interfaces/quads.mojom
mus/public/interfaces/surface_id.mojom
mus/public/interfaces/user_access_manager.mojom
mus/public/interfaces/window_manager.mojom
mus/public/interfaces/window_manager_constants.mojom
mus/public/interfaces/window_manager_factory.mojom
mus/public/interfaces/window_server_test.mojom
mus/public/interfaces/window_tree.mojom
mus/public/interfaces/window_tree_host.mojom

safe_json/public/interfaces/safe_json.mojom

Assigning to myself to fix these OWNERS files.
 

Comment 1 by e...@chromium.org, May 13 2016

You might want to look at //services/, too.

Comment 2 by dcheng@chromium.org, May 13 2016

rsesek@ reviewed the safe_json stuff, so that should be OK, once we have the OWNERS file in place. But a lot of the other stuff needs a security review. I'll start creating sub-issues to get the various directories security reviewed.

Comment 3 by dcheng@chromium.org, May 13 2016

Thanks. From //services:

catalog/public/interfaces/catalog.mojom
shell/background/tests/test.mojom
shell/public/interfaces/capabilities.mojom
shell/public/interfaces/connector.mojom
shell/public/interfaces/interface_provider.mojom
shell/public/interfaces/shell.mojom
shell/public/interfaces/shell_client.mojom
shell/public/interfaces/shell_client_factory.mojom
shell/public/interfaces/shell_resolver.mojom
shell/tests/connect/connect_test.mojom
shell/tests/lifecycle/lifecycle_unittest.mojom
shell/tests/shell/shell_unittest.mojom
shell/tests/test.mojom
tracing/public/interfaces/tracing.mojom
user/public/interfaces/user_service.mojom

Is the testing stuff used outside of tests? I think we can skip that if that's the case.

Comment 4 by dcheng@chromium.org, May 14 2016

Blockedon: 611955

Comment 5 by dcheng@chromium.org, May 14 2016

Blockedon: 611956

Comment 6 by dcheng@chromium.org, May 14 2016

Blockedon: 611957

Comment 7 by dcheng@chromium.org, May 14 2016

Blockedon: 611958

Comment 8 by dcheng@chromium.org, May 14 2016

Blockedon: 611963

Comment 9 by dcheng@chromium.org, May 14 2016

Blockedon: 611960
Blockedon: 611961
Blockedon: 611962
OK. I looked over a couple of the simpler ones (contextual_search and dom_distiller) and those seem OK. There are more complicated ones though: I've filed a bunch of blocking bugs for those.

I've filed an exploratory bug for //mash as well, since there appear to be a bunch of mojoms in there, but I'm not sure what the status of that is yet.
Blockedon: 611964
Blockedon: 601925
Labels: Security_Severity-High Security_Impact-None
Project Member

Comment 16 by bugdroid1@chromium.org, May 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/89cbc40989333929ad9768a3aa86cbab8adf518b

commit 89cbc40989333929ad9768a3aa86cbab8adf518b
Author: dcheng <dcheng@chromium.org>
Date: Mon May 16 16:40:49 2016

Add missing security OWNERS for mojoms in //components and //services.

BUG=611905

Review-Url: https://codereview.chromium.org/1981523003
Cr-Commit-Position: refs/heads/master@{#393844}

[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/contextual_search/common/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/dom_distiller/content/common/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/filesystem/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/font_service/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/leveldb/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/mus/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/components/safe_json/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/services/catalog/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/services/shell/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/services/tracing/public/interfaces/OWNERS
[add] https://crrev.com/89cbc40989333929ad9768a3aa86cbab8adf518b/services/user/public/interfaces/OWNERS

Labels: OS-All
[Bulk edit]

Release blockers need OS set.  Looks like all of these are applicable for OS-All, correct if required.
Project Member

Comment 19 by bugdroid1@chromium.org, Jun 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build.git/+/3d80c4e65e2cb38d843fde6314707b18a5ba534e

commit 3d80c4e65e2cb38d843fde6314707b18a5ba534e
Author: recipe-roller <recipe-roller@chromium.org>
Date: Thu Jun 16 08:36:03 2016

Roll recipe dependencies (trivial).

This is an automated CL created by the recipe roller. This CL rolls recipe
changes from upstream projects (e.g. depot_tools) into downstream projects
(e.g. tools/build).

More info is at https://goo.gl/zkKdpD. Use https://goo.gl/noib3a to file a bug
(or complain)

depot_tools:
  https://crrev.com/091b7db64c188eb497cb2092321c11564edaf1ea Expose fnmatch in presubmit's input_api. (dcheng@chromium.org)

R=dcheng@chromium.org
BUG=611905

TBR=martiniss@chromium.org,phajdan.jr@chromium.org

Review-Url: https://codereview.chromium.org/2074613002

[modify] https://crrev.com/3d80c4e65e2cb38d843fde6314707b18a5ba534e/infra/config/recipes.cfg

Project Member

Comment 20 by bugdroid1@chromium.org, Jun 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra.git/+/4d63108b157a32adfc525a2e36ec6072bb83d766

commit 4d63108b157a32adfc525a2e36ec6072bb83d766
Author: recipe-roller <recipe-roller@chromium.org>
Date: Thu Jun 16 08:56:01 2016

Roll recipe dependencies (trivial).

This is an automated CL created by the recipe roller. This CL rolls recipe
changes from upstream projects (e.g. depot_tools) into downstream projects
(e.g. tools/build).

More info is at https://goo.gl/zkKdpD. Use https://goo.gl/noib3a to file a bug
(or complain)

build:
  https://crrev.com/3d80c4e65e2cb38d843fde6314707b18a5ba534e Roll recipe dependencies (trivial). (recipe-roller@chromium.org)
depot_tools:
  https://crrev.com/091b7db64c188eb497cb2092321c11564edaf1ea Expose fnmatch in presubmit's input_api. (dcheng@chromium.org)

R=phajdan.jr@chromium.org,martiniss@chromium.org,dcheng@chromium.org,recipe-roller@chromium.org
BUG=611905

TBR=martiniss@chromium.org,phajdan.jr@chromium.org

Review-Url: https://codereview.chromium.org/2068963004

[modify] https://crrev.com/4d63108b157a32adfc525a2e36ec6072bb83d766/infra/config/recipes.cfg

Labels: Restrict-View-SecurityTeam
Seems like this is a security bug so applying "Restrict-View-SecurityTeam" label. Please remove if you think otherwise.
A friendly reminder that M52 Stable is launching soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch by July 12. All changes MUST be merged into the release branch by 5pm on July 15 to make into the desktop Stable final build cut. Thank you!
Project Member

Comment 23 by bugdroid1@chromium.org, Jun 17 2016

Project Member

Comment 24 by bugdroid1@chromium.org, Jun 20 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e07de81b11b1c5b62eaaa258e896878eb5364ff2

commit e07de81b11b1c5b62eaaa258e896878eb5364ff2
Author: dcheng <dcheng@chromium.org>
Date: Mon Jun 20 19:27:17 2016

Add PRESUBMIT rule to make sure IPC changes are security reviewed.

The PRESUBMIT rule makes sure that files involving IPC are covered
by the appropriate per-file rules. See https://goo.gl/NRiIPv for
other alternatives that were considered (e.g. why not recursive
per-file rules?).

BUG=611905
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2070483002
Cr-Commit-Position: refs/heads/master@{#400748}

[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/PRESUBMIT.py
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/android_webview/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ash/sysui/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/cc/ipc/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/browser/devtools/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/browser/importer/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/common/extensions/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/common/importer/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/common/media/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/common/safe_browsing/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/utility/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chrome/utility/importer/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/chromecast/common/media/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/arc/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/autofill/content/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/autofill/content/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/cdm/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/content_settings/content/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/contextual_search/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/contextual_search/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/data_reduction_proxy/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/dom_distiller/content/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/filesystem/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/font_service/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/guest_view/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/leveldb/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/mus/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/nacl/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/password_manager/content/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/pdf/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/printing/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/safe_json/public/interfaces/OWNERS
[delete] https://crrev.com/21d50a521d5818df323f612c33da4ee0213aa203/components/startup_metric_utils/browser/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/startup_metric_utils/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/subresource_filter/content/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/tracing/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/visitedlink/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/components/web_cache/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/child/fileapi/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/child/indexed_db/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/android/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/browser_plugin/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/cache_storage/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/dom_storage/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/fileapi/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/gpu/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/indexed_db/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/media/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/mojo/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/common/service_worker/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/content/public/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/device/battery/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/device/bluetooth/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/device/usb/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/device/vibration/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/device/vr/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/extensions/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/extensions/common/guest_view/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ipc/OWNERS
[add] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ipc/SECURITY_OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/media/base/ipc/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/media/gpu/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/media/mojo/common/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/media/mojo/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ppapi/proxy/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/remoting/host/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/services/catalog/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/services/shell/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/services/tracing/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/services/user/public/interfaces/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/Source/platform/mojo/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/background_sync/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/bluetooth/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/geolocation/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/notifications/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/payments/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/permissions/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/presentation/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/serviceworker/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/third_party/WebKit/public/platform/modules/wake_lock/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/events/devices/mojo/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/gfx/geometry/mojo/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/gfx/ipc/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/gfx/ipc/geometry/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/gfx/mojo/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/ui/ozone/common/gpu/OWNERS
[modify] https://crrev.com/e07de81b11b1c5b62eaaa258e896878eb5364ff2/url/mojo/OWNERS

Project Member

Comment 25 by bugdroid1@chromium.org, Jun 20 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/544fee7b32950603abc8f74038d26b3300d5e569

commit 544fee7b32950603abc8f74038d26b3300d5e569
Author: Daniel Cheng <dcheng@chromium.org>
Date: Mon Jun 20 21:51:06 2016

Fix //cc/ipc/OWNERS file to match what IPC PRESUBMIT expects.

The PRESUBMIT expects per-file *_struct_traits*.* instead of
just per-file *struct_traits*.*

BUG=611905
R=xlai@chromium.org
TBR=danakj@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review URL: https://codereview.chromium.org/2087643002 .

Cr-Commit-Position: refs/heads/master@{#400799}

[modify] https://crrev.com/544fee7b32950603abc8f74038d26b3300d5e569/cc/ipc/OWNERS

Project Member

Comment 26 by bugdroid1@chromium.org, Jun 21 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/520de0f3c981d36cc59acd3afbb8484d1c0ecff2

commit 520de0f3c981d36cc59acd3afbb8484d1c0ecff2
Author: engedy <engedy@chromium.org>
Date: Tue Jun 21 12:39:33 2016

Make per-file OWNERS rules for files involved in IPC consistent.

The new PRESUBMIT checks landed in https://codereview.chromium.org/2070483002
now expect that files involved in IPC are covered by the appropriate per-file
OWNERS rules that delegate to /ipc/SECURITY_OWNERS.

However, the PRESUBMIT script requires that, e.g., files matching the pattern
"*_messages*.h*" are covered by the rules:
  per-file *_messages*.h=set noparent
  per-file *_messages*.h=file://ipc/SECURITY_OWNERS,
and not, e.g., by rules containing the glob "*message*". There are a couple of
more predefined globs in the PRESUBMIT script.

This CL refactors existing per-file OWNERS rules referencing files involved in
IPC to consistently use the exact glob patterns as are defined in the PRESUBMIT
script.

This will avoid PRESUBMIT check failures when IPC messages are modified for the
first time in the affected components, and spare respective OWNERS the
headache.

BUG=611905
TBR=jam@chromium.org

Review-Url: https://codereview.chromium.org/2086803003
Cr-Commit-Position: refs/heads/master@{#400967}

[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/chromecast/common/media/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/components/autofill/content/common/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/components/cdm/common/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/components/data_reduction_proxy/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/components/printing/common/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/content/common/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/content/common/android/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/content/common/mojo/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/content/public/common/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/ui/events/devices/mojo/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/ui/gfx/geometry/mojo/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/ui/gfx/ipc/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/ui/gfx/ipc/geometry/OWNERS
[modify] https://crrev.com/520de0f3c981d36cc59acd3afbb8484d1c0ecff2/ui/gfx/mojo/OWNERS

Labels: -Security_Impact-None Security_Impact-Stable
Bulk edit: swapping issues for mojo reviews back to Security_Impact-Stable. We're adding a sheriffbot rule to automatically remove release block labels from Security_Impact-None bugs, but in this case I think they make sense. These issues for audits/reviews tend to be a bit awkward to triage.
Project Member

Comment 28 by sheriffbot@chromium.org, Jun 22 2016

dcheng: Uh oh! This issue still open and hasn't been updated in the last 39 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 29 Deleted

** IMPORTANT change in M52 merge date due to first 2 weeks of July no release weeks **
M52 Stable is launching very soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged ASAP. All changes MUST be merged into the release branch by 5pm on July 1 to make into the desktop Stable final build cut. Thank you!

Labels: -ReleaseBlock-Stable
Project Member

Comment 32 by sheriffbot@chromium.org, Jul 13 2016

Labels: Deadline-Exceeded
We commit ourselves to a 60 day deadline for fixing for high severity vulnerabilities, and have exceeded it here. If you're unable to look into this soon, could you please find another owner or remove yourself so that this gets back into the security triage queue?

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 33 by sheriffbot@chromium.org, Jul 14 2016

dcheng: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: Security_bugs-keptopen
dcheng: any updates on this?
Oh I see this is blocked on the other ones being resolved - sorry for the noise!
Components: Security>Audit
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam -Security_Impact-Stable -Deadline-Exceeded -Security_Severity-High -Security_bugs-keptopen Type-Bug
Flipping labels to remove this (and blocking bugs) from the sheriff queue.
Project Member

Comment 38 by bugdroid1@chromium.org, Sep 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cca690a0484a12b084313905841dc17e71ca11bc

commit cca690a0484a12b084313905841dc17e71ca11bc
Author: lukasza <lukasza@chromium.org>
Date: Fri Sep 16 21:44:14 2016

Adding security owners for content/shell/common/*_messages*.h

This CL avoids future presubmit violations like the
one quoted below:

    ** Presubmit Warnings **
    Found changes to IPC files without a security OWNER!

    ***************
    content/shell/common/OWNERS is missing the following lines:

    per-file *_messages*.h=set noparent
    per-file *_messages*.h=file://ipc/SECURITY_OWNERS

    for changed files:
      content/shell/common/shell_messages.h
    ***************

The presubmit checks performed above were added in r400748.

BUG=611905

Review-Url: https://codereview.chromium.org/2342903004
Cr-Commit-Position: refs/heads/master@{#419285}

[add] https://crrev.com/cca690a0484a12b084313905841dc17e71ca11bc/content/shell/common/OWNERS

Sign in to add a comment