From 9d6ac0436f310a81cae3a5ee4a263940036629b8 Mon Sep 17 00:00:00 2001 From: Mike West Date: Tue, 18 Feb 2025 22:48:27 -0800 Subject: [PATCH] [Signature-based SRI] Simplify path-based tests. Currently, our tentative WPTs rely on a resource file that lives in the `/tentative` directory. This directory impacts the signature in some cases (e.g. the `@path` derived component), and it would be ideal to avoid that as we introduce more cases where it might occur. This CL moves the resouce file out of the `/tentative` directory so that the signatures will remain stable even as the tests shift from tentative to non-tentative. Bug: 383409584 Change-Id: Ie8cbba80e856e4a1b051e80e095875cefe7c5aa6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6268259 Commit-Queue: Mike West Reviewed-by: Joe DeBlasio Cr-Commit-Position: refs/heads/main@{#1421795} --- .../signatures/{tentative => }/resource.py | 0 subresource-integrity/signatures/tentative/helper.js | 2 +- .../signatures/tentative/path.window.js | 11 ++++------- 3 files changed, 5 insertions(+), 8 deletions(-) rename subresource-integrity/signatures/{tentative => }/resource.py (100%) diff --git a/subresource-integrity/signatures/tentative/resource.py b/subresource-integrity/signatures/resource.py similarity index 100% rename from subresource-integrity/signatures/tentative/resource.py rename to subresource-integrity/signatures/resource.py diff --git a/subresource-integrity/signatures/tentative/helper.js b/subresource-integrity/signatures/tentative/helper.js index 29ed6449c26f3f..94aa7b9df11aa5 100644 --- a/subresource-integrity/signatures/tentative/helper.js +++ b/subresource-integrity/signatures/tentative/helper.js @@ -37,7 +37,7 @@ function resourceURL(data) { data.type ??= "application/javascript"; data.counter = counter; let params = new URLSearchParams(data); - return "./resource.py?" + params.toString(); + return "/subresource-integrity/signatures/resource.py?" + params.toString(); } function generate_fetch_test(request_data, integrity, expectation, description) { diff --git a/subresource-integrity/signatures/tentative/path.window.js b/subresource-integrity/signatures/tentative/path.window.js index f84fdfe0c7aa03..8927f80518f389 100644 --- a/subresource-integrity/signatures/tentative/path.window.js +++ b/subresource-integrity/signatures/tentative/path.window.js @@ -22,9 +22,6 @@ // // {"hello": "world"} // ``` -// -// TODO: When we remove the `tentative` label from the path, we'll need to -// regenerate the expected signatures below, as the signature base will change. // Metadata from the response above: const kRequestsWithValidSignature = [ @@ -32,26 +29,26 @@ const kRequestsWithValidSignature = [ // // ``` // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=: - // "@path";req: /subresource-integrity/signatures/tentative/resource.py + // "@path";req: /subresource-integrity/signatures/resource.py // "@signature-params": ("unencoded-digest";sf "@path";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri" // ``` { body: "window.hello = `world`;", digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:", - signature: `signature=:7tDPtzmoGvVu/qv3xJgdlyy5ss6FobmL0aR7Gzez3BvyTMSlIOb4ErCNRDyCMK4UesKSwfOrIH1y7xgAdr/OBw==:`, + signature: `signature=:+sRkplliS3TanqASHirBTokxhOn6fRTodc7i6Q6PUMsSPP0RJ2Xdb/woWz0+JXaBXAfa55qj+N9paXP5j7DFCw==:`, signatureInput: `signature=("unencoded-digest";sf "@path";req);keyid="${kValidKeys['rfc']}";tag="sri"` }, // `@path` then `unencoded-digest`, with the following signature base: // // ``` - // "@path";req: /subresource-integrity/signatures/tentative/resource.py + // "@path";req: /subresource-integrity/signatures/resource.py // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=: // "@signature-params": ("@path";req "unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri" // ``` { body: "window.hello = `world`;", digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:", - signature: `signature=:nw0vxi/Gj/UDbKTFddPEwKYAP5crT1sE916F+/rjb55LUaoxJcXDFPfUINzMOpHI5i6g6pn9tCOoFb6KwjXGDQ==:`, + signature: `signature=:YPH2/cRdbR+DPhb1hVG1BgwCpzPLECsAyBavmb7QaXtCF1Hx2QyYp0ki1mi7UftMOnLVpBJdfdLb99Nzf0XqDg==:`, signatureInput: `signature=("@path";req "unencoded-digest";sf);keyid="${kValidKeys['rfc']}";tag="sri"` } ];