Bug 186831

Summary: EWS should not try to post comments or upload result archives to security-sensitive bugs unless it has access
Product: WebKit Reporter: Daniel Bates <dbates>
Component: Tools / TestsAssignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aakash_jain, ap, ews-watchlist, glenn, lforschler, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=186834
Attachments:
Description Flags
Patch none

Description Daniel Bates 2018-06-19 21:16:18 PDT 
Following the patch for bug #186291, EWS bots that cannot access security-sensitive patches on Bugzilla can now fetch them from the status server. Obviously these bots cannot post comments or upload result failure archives for a security-sensitive patch they fetched from the status server. Doing so will cause an exception. Although the EWS code is robust enough that such exceptions will be caught they will be treated as "unexpected" and logged accordingly. For now, we should explicitly handle such failures gracefully and avoid classifying them as unexpected because they are now expected.

Eventually we want to support a means for comments and result archives from EWS bots to be posted to security-sensitive bugs without giving these bots access to all security bugs or even some security bugs. We will likely need to take a similar approach as done in the patch for bug #186291 and use the status server as an intermediate data store for some privileged bot to download and re-upload to Bugzilla. Maybe the privileged bot could be the feeder EWS?
Comment 1 Daniel Bates 2018-06-19 21:21:22 PDT 
Created attachment 343131 [details]
Patch
Comment 2 EWS Watchlist 2018-06-19 21:24:37 PDT 
Attachment 343131 [details] did not pass style-queue:


ERROR: Tools/ChangeLog:11:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug  [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 3 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Daniel Bates 2018-06-21 14:11:45 PDT 
Comment on attachment 343131 [details]
Patch

Clearing flags on attachment: 343131

Committed r233058: <https://trac.webkit.org/changeset/233058>
Comment 4 Daniel Bates 2018-06-21 14:12:05 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Radar WebKit Bug Importer 2018-06-21 14:13:17 PDT 
<rdar://problem/41343252>