Bug 1515298 [wpt PR 14599] - SignedExchange: Reject SXG if fallback U…

…RL has invalid UTF-8 sequence, a=testonly Automatic update from web-platform-tests SignedExchange: Reject SXG if fallback URL has invalid UTF-8 sequence GURL parser happily accepts invalid UTF-8 path, so we need to validate the fallback URL string before parsing. Spec: WICG/webpackage#346 Bug: 916390 Change-Id: Ife25621e2a41beef01cbf36a5ab523eaee1ea222 Reviewed-on: https://chromium-review.googlesource.com/c/1382724 Commit-Queue: Kunihiko Sakamoto <ksakamotochromium.org> Reviewed-by: Kinuko Yasuda <kinukochromium.org> Reviewed-by: Kouhei Ueno <kouheichromium.org> Cr-Commit-Position: refs/heads/master{#617772} -- wpt-commits: e663fa084dcdac43fea5cdd6c69b059b5ad0743f wpt-pr: 14599 UltraBlame original commit: c680ff16a9c7a3ff68ac3372ddf0c50263e55a24
marco-c · Oct 3, 2019 · affd35b · affd35b
1 parent e2eba60
commit affd35b
Show file tree

Hide file tree

Showing 4 changed files with 647 additions and 0 deletions.
diff --git a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
@@ -899,6 +899,138 @@ miRecordSize
 Fallback
 URL
 has
+invalid
+UTF
+-
+8
+sequence
+.
+gen
+-
+signedexchange
+\
+-
+version
+1b2
+\
+-
+ignoreErrors
+\
+-
+uri
+"
+inner_url_origin
+/
+signed
+-
+exchange
+/
+resources
+/
+(
+echo
+-
+e
+'
+\
+xce
+\
+xce
+\
+xa9
+'
+)
+.
+html
+"
+\
+-
+status
+200
+\
+-
+content
+sxg
+-
+location
+.
+html
+\
+-
+certificate
+certfile
+\
+-
+certUrl
+cert_url_origin
+/
+signed
+-
+exchange
+/
+resources
+/
+certfile
+.
+cbor
+\
+-
+validityUrl
+inner_url_origin
+/
+signed
+-
+exchange
+/
+resources
+/
+resource
+.
+validity
+.
+msg
+\
+-
+privateKey
+keyfile
+\
+-
+date
+2018
+-
+04
+-
+01T00
+:
+00
+:
+00Z
+\
+-
+expire
+168h
+\
+-
+o
+sxg
+-
+invalid
+-
+utf8
+-
+inner
+-
+url
+.
+sxg
+\
+-
+miRecordSize
+100
+#
+Fallback
+URL
+has
 UTF
 -
 8

diff --git a/testing/web-platform/tests/signed-exchange/resources/sxg-invalid-utf8-inner-url.sxg b/testing/web-platform/tests/signed-exchange/resources/sxg-invalid-utf8-inner-url.sxg
@@ -0,0 +1,259 @@
+sxg1
+-
+b2
+9https
+:
+/
+/
+127
+.
+0
+.
+0
+.
+1
+:
+8444
+/
+signed
+-
+exchange
+/
+resources
+/
+.
+html
+label
+;
+sig
+=
+*
+MEUCIQDBtl1hfCwjm
+/
+6EpCykbtnMLpwmaRTPZjCBHhr2G
+/
+0ljQIgGwHAwHHHhLBhlU5qFCQuZQy09bR2Kd4nDT6DwZhIGrg
+=
+*
+;
+validity
+-
+url
+=
+"
+https
+:
+/
+/
+127
+.
+0
+.
+0
+.
+1
+:
+8444
+/
+signed
+-
+exchange
+/
+resources
+/
+resource
+.
+validity
+.
+msg
+"
+;
+integrity
+=
+"
+digest
+/
+mi
+-
+sha256
+-
+03
+"
+;
+cert
+-
+url
+=
+"
+https
+:
+/
+/
+web
+-
+platform
+.
+test
+:
+8444
+/
+signed
+-
+exchange
+/
+resources
+/
+127
+.
+0
+.
+0
+.
+1
+.
+sxg
+.
+pem
+.
+cbor
+"
+;
+cert
+-
+sha256
+=
+*
+pSU9uXfd5lWRlkZm
++
+zehaLxXfWhBbIeJGPFAvM
++
+9hFs
+=
+*
+;
+date
+=
+1522540800
+;
+expires
+=
+1523145600
+G
+:
+methodCGET
+FdigestX9mi
+-
+sha256
+-
+03
+=
+kgi
++
+VYCmW1jgIXJgjo7E7zM
++
+E7oVNnKNaMiTIS
+/
+aick
+=
+G
+:
+statusC200Lcontent
+-
+typeX
+text
+/
+html
+;
+charset
+=
+utf
+-
+8Pcontent
+-
+encodingLmi
+-
+sha256
+-
+03
+d
+<
+!
+DOCTYPE
+html
+>
+<
+title
+>
+Content
+of
+SignedHTTPExchange
+<
+/
+title
+>
+<
+script
+>
+window
+.
+addEventListener
+(
+'
+messa
+Q
+3
+RH
+H9
+.
+:
+^
+z
+e
+ge
+'
+(
+event
+)
+=
+>
+{
+event
+.
+data
+.
+port
+.
+postMessage
+(
+{
+location
+:
+document
+.
+location
+.
+href
+is_fallback
+:
+falss
+8_C
+WHV
+l
+:
+*
+<
+Q
+"
+O
+e
+}
+)
+;
+}
+false
+)
+;
+<
+/
+script
+>