chore(grouping): Add unsafe-eval and unsafe-inline grouping test inputs
#81539
+358
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
Scope: Frontend
This comment was marked as off-topic.
This comment was marked as off-topic.
lobsterkatie
removed
the
Scope: Frontend
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## master #81539 +/- ##
=======================================
Coverage 80.45% 80.45%
=======================================
Files 7241 7241
Lines 321496 321586 +90
Branches 20807 20807
=======================================
+ Hits 258651 258744 +93
+ Misses 62446 62443 -3
Partials 399 399 |
armenzg
approved these changes
Dec 3, 2024
lobsterkatie
force-pushed
the
kmclb-add-csp-script-src-violation-test-inputs
branch
from
7fddc84 to
17c0b65
Compare
github-actions
bot
added
the
Scope: Frontend
lobsterkatie
removed
the
Scope: Frontend
lobsterkatie
deleted the
kmclb-add-csp-script-src-violation-test-inputs
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds two new grouping test inputs, to show how we handle CSP reports with
unsafe-evalandunsafe-inlineviolations, which are cases we don't currently cover with our grouping tests.Note that there are two bugs which currently affect how we handle such inputs:
We don't currently recognize such reports for grouping metadata purposes (this is very soon to be fixed), which is why for now they're being recorded in the metadata snapshots as being grouped by an unknown method.
We handle such reports backwards at the ingest level, marking events which aren't either
unsafe-eval- orunsafe-inline-type violations as one or the other. (Unclear how soon this will be fixed, as it went undetected for five years and no one has yet complained about it.) For now, the input data includes the necessary values to trigger the relevant handlers, but each also includes aTODOso that it can be updated once the underlying bug is fixed. (See [CSP] Incorrectscript-srchandling relay#4323 and [CSP] Updatescript-srchandling once relay bug is fixed #81531.)