Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hardening for Request, Headers and Response endowments #1695

Merged
merged 5 commits into from
Aug 29, 2023
Merged

Add hardening for Request, Headers and Response endowments #1695

merged 5 commits into from
Aug 29, 2023

Conversation

david0xd
Copy link
Contributor

@david0xd david0xd commented Aug 28, 2023
edited
Loading

This PR will add hardening for the three endowments that have been injected alongside fetch when endowment:network-access permission is requested.

These three endowments are not part of the default endowments (and should never be) and were only available when permission for network access is requested, because of that these endowments are hardened within the factory that is wrapping up fetch.

Result of testing fresh build of updated execution environment in flask:
Screenshot 2023-08-28 at 18 25 07

When trying to modify these endowments from insde the snap (running Flask @ Chrome):
Screenshot 2023-08-28 at 18 35 06

@david0xd david0xd self-assigned this Aug 28, 2023
@david0xd david0xd added the type-security Related to enforcing our security model. label Aug 28, 2023
@codecov
Copy link

codecov bot commented Aug 28, 2023
edited
Loading

Codecov Report

Merging #1695 (c248905) into main (5fce399) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1695   +/-   ##
=======================================
  Coverage   95.87%   95.87%           
=======================================
  Files         239      239           
  Lines        5401     5401           
  Branches      836      836           
=======================================
  Hits         5178     5178           
  Misses        223      223
Files Changed Coverage Δ
...tion-environments/src/common/endowments/network.ts 97.26% <ø> (ø)

@david0xd david0xd marked this pull request as ready for review August 28, 2023 16:36
@david0xd david0xd requested a review from a team as a code owner August 28, 2023 16:36
@david0xd david0xd force-pushed the dd/harden-more-endowments branch from c248905 to cf296fd Compare August 29, 2023 08:08
@david0xd david0xd merged commit 5505d6b into main Aug 29, 2023
129 checks passed
@david0xd david0xd deleted the dd/harden-more-endowments branch August 29, 2023 08:28
FrederikBolding pushed a commit that referenced this pull request Aug 29, 2023
@david0xd @FrederikBolding
Add hardening for Request, Headers and Response endowments (#1695)
fa943ed 
* Add hardening for Request, Headers and Response endowments

* Update coverage thresholds

* Refactor code (1)

* Refactor code (2)

* Revert coverage change
Gudahtt pushed a commit that referenced this pull request Aug 29, 2023
@david0xd @Gudahtt
Add hardening for Request, Headers and Response endowments (#1695)
f154176 
* Add hardening for Request, Headers and Response endowments

* Update coverage thresholds

* Refactor code (1)

* Refactor code (2)

* Revert coverage change
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrederikBolding FrederikBolding FrederikBolding approved these changes

Assignees

@david0xd david0xd

Labels
type-security Related to enforcing our security model.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@david0xd @FrederikBolding