security_NetworkListeners failure |
||||||
Issue descriptionTestFail: Found unexpected network listeners https://uberchromegw.corp.google.com/i/chromiumos.chromium/builders/amd64-generic-tot-chromium-pfq-informational/builds/12861 Not clear when this failure was introduced as it may have been masked by a different failure, but it was in the last few days.
,
Aug 10 2017
The shill line is a warning so it's probably been there for a while. I should fix it. Not sure why Chrome is listening on a new port.
,
Aug 10 2017
Ah, this might be the ephemeral devtools port?
,
Aug 10 2017
Looks like it most likely is. From the logs in [1]: 08/10 13:16:07.737 INFO |cros_browser_backe:0075| Discovered ephemeral port 50091 08/10 13:16:07.737 INFO |cros_browser_backe:0076| Browser target: /devtools/browser/ce8abd43-47b2-4bf2-8be7-25aa96804d69 ... 08/10 13:16:16.306 ERROR|security_NetworkLi:0128| Unexpected network listener: chrome 127.0.0.1:50091 1: https://uberchromegw.corp.google.com/i/chromeos.chrome/builders/lumpy-tot-chrome-pfq-informational/builds/23759
,
Aug 10 2017
jorgelo@: can we just add the following to security_NetworkListeners/baseline? # Chrome devtools ephemeral port. crbug.com/753880 chrome 127.0.0.1:DYNAMIC
,
Aug 10 2017
Is this a real long term feature? Did this feature go through Chrome security review? Can websockets reach this devtools port and modify themselves?
,
Aug 10 2017
pfeldman@ should answer those questions, but I believe the CL which introduces the regression is https://chromium-review.googlesource.com/c/596719.
,
Aug 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/ecc759e7a499857e82b692cfe7ec966c3bcc33c9 commit ecc759e7a499857e82b692cfe7ec966c3bcc33c9 Author: Jorge Lucangeli Obes <jorgelo@chromium.org> Date: Thu Aug 10 19:26:42 2017 security_NetworkListeners: Remove shill baseline. We don't use the shill proxy anymore. BUG= chromium:753880 TEST=Passes on kevin. Change-Id: Ifd6c74ef2a7ca019d31e968c579507a17abc5dbe Reviewed-on: https://chromium-review.googlesource.com/610321 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/ecc759e7a499857e82b692cfe7ec966c3bcc33c9/client/site_tests/security_NetworkListeners/baseline.arc [modify] https://crrev.com/ecc759e7a499857e82b692cfe7ec966c3bcc33c9/client/site_tests/security_NetworkListeners/baseline [modify] https://crrev.com/ecc759e7a499857e82b692cfe7ec966c3bcc33c9/client/site_tests/security_NetworkListeners/security_NetworkListeners.py
,
Aug 10 2017
I think this may be the last remaining issue for the PFQ, so I'm in favor of whitelisting this so we can get our first roll of the week. My understanding is that this ephemeral port is the remote debugging port, which used to be a static port picked by telemetry, but is now picked by chrome. Pavel should have more details.
,
Aug 10 2017
I'm happy to whitelist if we can get some answers to the above questions.
,
Aug 10 2017
@achuith: telemetry was always using 'netstat -ant' in GetRemotePort. So the only difference is that now several browser restarts within one run ends up with different ports? In either case, not sure what the test is testing - we do open port and listen on it. So as long as chrome is alive, we will see a LISTENING port there.
,
Aug 10 2017
The test ensures that there's not a ton of things listening on the network, to avoid having random services in the device being remotely accessible. If this is something that had been listening for forever, I wonder why the test didn't failed before.
,
Aug 10 2017
Ok, I see the issue. This line is now incorrect: https://cs.corp.google.com/chromeos_public/src/third_party/autotest/files/client/site_tests/security_NetworkListeners/security_NetworkListeners.py?l=73
,
Aug 10 2017
Does this mean that the listening port is now fully dynamic? Or not reported back to telemetry? If we can find the port number somehow, that's the best fix. I'm not opposed to whitelisting Chrome temporarily for the PFQ to pass, but it'd be good to be able to only allow this feature and not anything else.
,
Aug 10 2017
Nevermind, I just read the blocking bug. Looks like an easy fix.
,
Aug 10 2017
,
Aug 11 2017
,
Aug 11 2017
lumpy-chrome-pfq failed because chrome is listening on unexpected port. https://uberchromegw.corp.google.com/i/chromeos/builders/lumpy-chrome-pfq/builds/10431 I think this is related to this issue, can you take a look?
,
Aug 11 2017
I think you also need to change https://cs.corp.google.com/chromeos_public/src/third_party/autotest/files/client/site_tests/security_NetworkListeners/security_NetworkListeners.py?l=70 Change it to accept 'chrome' as command.
,
Aug 11 2017
Please ignore #19, I misunderstood the code.
,
Jan 22 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by jdufault@chromium.org
, Aug 9 2017