Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Cap cookie lifetimes to 7 days for responses from third party IP addr…
…esses https://bugs.webkit.org/show_bug.cgi?id=246477 rdar://100831206 Reviewed by John Wilander. Safari currently caps the lifetime of cookies to 7 days, if third-party CNAME cloaking is detected. This helps to mitigate many instances where CNAME cloaking is used to store cookies on device (in the first party context) for far longer than a third party cookie would normally be allowed to; however, in the case where the resolved CNAME is empty, we end up skipping this mitigation altogether. This means that websites can use direct A/AAAA records (instead of CNAME mapping) to cloak third party requests as first party and subsequently store cookies in the first party context, bypassing the aforementioned defense. To strengthen our existing protections, we implement a heuristic to fall back on comparing resolved IP addresses only in the case where the resolved CNAME of the incoming response is empty. If the IP address of the response is _mostly_ different than the IP address of the main resource response (i.e. by comparing the matching subnet mask length of the two addresses), then we apply the same level of mitigation as we otherwise would for third party CNAMEs. For now, the minimum matching subnet mask length to consider as "third party" or not is arbitrarily chosen to be half the IP address length (i.e. 16 for IPv4, and 64 for IPv6). This could be enhanced in the future, given facilities to query for the IP network block that contains the main resource's IP address and checking whether the incoming response address falls within that range. * Source/WebCore/platform/network/DNS.cpp: (WebCore::IPAddress::isolatedCopy const): Add an `isolatedCopy` method, so that we're able to perform a cross-thread copy of `IPAddress`. (WebCore::IPAddress::matchingNetMaskLength const): Add a helper method to compute the length of the matching subnet mask between the current IP address and the given address. If the two IP addresses are of different families (i.e. v4 and v6), this method returns 0. * Source/WebCore/platform/network/DNS.h: (WebCore::IPAddress::fromSockAddrIn6): Minor style fix - add a missing space after the initializer. * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h: * Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (WebKit::NetworkDataTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const): Adjust this to check for third party IP addresses, in the case where the incoming response's CNAME is empty. (WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession): (WebKit::shouldCapCookieExpiryForThirdPartyIPAddress): (WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCloaking): (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection): (WebKit::NetworkDataTaskCocoa::shouldApplyCookiePolicyForThirdPartyCNAMECloaking const): Deleted. (WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCNAMECloaking): Deleted. Rename these to reference "ThirdPartyCloaking" instead of "ThirdPartyCNAMECloaking", since this now applies to both. * Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/WebCore/IPAddressTests.cpp: Added. (TestWebKitAPI::TEST): Add a couple of API tests to exercise the new functionality in `WebCore::IPAddress`. Canonical link: https://commits.webkit.org/255849@main
- Loading branch information
Showing
7 changed files
with
176 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| /* | ||
| * Copyright (C) 2022 Apple Inc. All rights reserved. | ||
| * | ||
| * Redistribution and use in source and binary forms, with or without | ||
| * modification, are permitted provided that the following conditions | ||
| * are met: | ||
| * 1. Redistributions of source code must retain the above copyright | ||
| * notice, this list of conditions and the following disclaimer. | ||
| * 2. Redistributions in binary form must reproduce the above copyright | ||
| * notice, this list of conditions and the following disclaimer in the | ||
| * documentation and/or other materials provided with the distribution. | ||
| * | ||
| * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' | ||
| * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | ||
| * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS | ||
| * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
| * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
| * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
| * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
| * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF | ||
| * THE POSSIBILITY OF SUCH DAMAGE. | ||
| */ | ||
|
|
||
| #include "config.h" | ||
|
|
||
| #include <WebCore/DNS.h> | ||
| #include <wtf/text/WTFString.h> | ||
|
|
||
| namespace TestWebKitAPI { | ||
|
|
||
| #if OS(UNIX) | ||
|
|
||
| TEST(IPAddressTests, MatchingNetMaskLength) | ||
| { | ||
| auto address1 = WebCore::IPAddress::fromString("17.100.120.255"_s); | ||
| auto address2 = WebCore::IPAddress::fromString("17.100.100.255"_s); | ||
| auto address3 = WebCore::IPAddress::fromString("2001:db8::1234:5678"_s); | ||
| auto address4 = WebCore::IPAddress::fromString("2001:db8::1111:0000"_s); | ||
| auto address5 = WebCore::IPAddress::fromString("::1234:5678"_s); | ||
| auto address6 = WebCore::IPAddress::fromString("::"_s); | ||
|
|
||
| EXPECT_EQ(address1->matchingNetMaskLength(*address2), 19U); | ||
| EXPECT_EQ(address2->matchingNetMaskLength(*address1), 19U); | ||
| EXPECT_EQ(address1->matchingNetMaskLength(*address3), 0U); | ||
| EXPECT_EQ(address3->matchingNetMaskLength(*address1), 0U); | ||
| EXPECT_EQ(address3->matchingNetMaskLength(*address4), 102U); | ||
| EXPECT_EQ(address4->matchingNetMaskLength(*address3), 102U); | ||
| EXPECT_EQ(address3->matchingNetMaskLength(*address5), 2U); | ||
| EXPECT_EQ(address5->matchingNetMaskLength(*address3), 2U); | ||
| EXPECT_EQ(address5->matchingNetMaskLength(*address6), 99U); | ||
| EXPECT_EQ(address6->matchingNetMaskLength(*address5), 99U); | ||
| } | ||
|
|
||
| TEST(IPAddressTests, InvalidAddresses) | ||
| { | ||
| EXPECT_EQ(WebCore::IPAddress::fromString(""_s), std::nullopt); | ||
| EXPECT_EQ(WebCore::IPAddress::fromString("foo"_s), std::nullopt); | ||
| EXPECT_EQ(WebCore::IPAddress::fromString("2001:88888::"_s), std::nullopt); | ||
| EXPECT_EQ(WebCore::IPAddress::fromString("192.168.255.256"_s), std::nullopt); | ||
| } | ||
|
|
||
| #endif // OS(UNIX) | ||
|
|
||
| } // namespace TestWebKitAPI | ||
|
|