Check for unknown JSON entry fields in the transport security state generator |
|||
Issue descriptionWe accidentally added scotthelme.co.uk with `include_subdomains_for_expect_ct`, which doesn't exist. However, this suggests that we won't catch things like typos either. It would be nice to check for unknown field names in the entries.
,
Oct 25 2017
,
Oct 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5bb8a70eb01dd947d3173f9aec745c364b50f7e7 commit 5bb8a70eb01dd947d3173f9aec745c364b50f7e7 Author: Martijn Croonen <martijnc@chromium.org> Date: Sat Oct 28 09:45:23 2017 Check for unknown keys in the transport security state JSON file. This CL adds two checks to the transport security state JSON file parser that ensure the entries have a valid mode ("force-https" or empty) and that the entries don't contain any unknown fields. These checks are intended to catch typo's that would othersize degrade the security of the preloaded domains. Bug: 774246 Change-Id: Ifcb4f4994f982078cc72d7df10e6245da2d9909c Reviewed-on: https://chromium-review.googlesource.com/738117 Commit-Queue: Martijn Croonen <martijnc@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#512394} [modify] https://crrev.com/5bb8a70eb01dd947d3173f9aec745c364b50f7e7/net/tools/transport_security_state_generator/input_file_parsers.cc [modify] https://crrev.com/5bb8a70eb01dd947d3173f9aec745c364b50f7e7/net/tools/transport_security_state_generator/input_file_parsers_unittest.cc
,
Oct 28 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by lgar...@chromium.org
, Oct 18 2017