Skip to content

/ extension-whitelist

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor parser #23

Open
wants to merge 5 commits into
base: master
from
Open

Refactor parser #23

wants to merge 5 commits into from

Conversation

@keur
Copy link

keur commented Feb 20, 2020

No description provided.

@keur
Copy link
Author

keur commented Feb 20, 2020
edited

re brave/brave-browser#8303

The only parts I didn't audit heavily were ExtensionWhitelistParser::deserialize and ExtensionWhitelistParser::serialize. It uses sscanf (as mentioned in the issue), but that isn't unsafe because %x just reads a byte (the size of the list that is being serialized).
@keur keur requested review from diracdeltas, bbondy and iefremov Feb 20, 2020
@iefremov
Copy link

iefremov commented Feb 20, 2020

@keur %x reads not a byte but a hex integer, i.e. unlimited amount of hex characters.
@keur
Copy link
Author

keur commented Feb 20, 2020
edited

Right right. Fixed. Please take another look @iefremov
@iefremov
Copy link

iefremov commented Feb 24, 2020

@keur do you mind replacing ST_EXTENSION_WHITELIST_DATA with std::string and HashSet with std::unordered_set as a first step of refactoring? It would much simpler than tossing around with raw C strings and fixing leaks here and there.
@keur
Copy link
Author

keur commented Apr 5, 2020

@iefremov okay went ahead and changed those types
@iefremov
iefremov reviewed Apr 14, 2020
View changes
extension_set.h Outdated Show resolved Hide resolved
@iefremov
iefremov reviewed Apr 14, 2020
View changes
extension_whitelist_parser.cc Outdated Show resolved Hide resolved
@iefremov
iefremov reviewed Apr 14, 2020
View changes
extension_whitelist_parser.cc Outdated Show resolved Hide resolved
@iefremov
iefremov reviewed Apr 14, 2020
View changes
extension_whitelist_parser.h Outdated Show resolved Hide resolved
@iefremov
iefremov reviewed Apr 14, 2020
View changes
extension_whitelist_parser.cc Outdated Show resolved Hide resolved
keur added 4 commits Feb 20, 2020
@keur
Refactor code assuming buffer is 32 bytes
11ee1ad 
This is a safe assumption to make.

https://support.google.com/chrome/a/answer/7532015?hl=en
@keur
Simplify whitelist data serialization
3d484e1 
Every extension ID that needs be serialized is 32 bytes. No longer
necessary to embed the length of each extension in the serialized
buffer.
@keur
extension_whitelist_parser: safely serialize uint32_t
4aee155 
Include inttypes.h to format width-based integral types. This is safer
than %x, because %x may read an unbounded amount of characters.
@keur
Refactor with std functions
ec8ed6e 
  * Replace ST_EXTENSION_WHITELIST_DATA with std::string
  * Replace hash-set.cpp with std::unordered_set
@keur keur force-pushed the keur:refactor_parser branch from 473b8bc to 77adf17 Apr 21, 2020
@keur
Review fixups
752fd7b 
  * Use strings where possible
  * Replace DECIMAL_STRING_MAX WITH UINT32_SERIALIZE_MAX since we are
    only serializing uint32_t
  * Remove extension_set class and make Serialize and Deserialize free
    functions
@keur keur force-pushed the keur:refactor_parser branch from 77adf17 to 752fd7b Apr 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iefremov iefremov

@diracdeltas diracdeltas

@bbondy bbondy

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@keur @iefremov
You can’t perform that action at this time.