Security/Subresource Integrity: Difference between revisions

Latest revision as of 23:13, 16 May 2017

Description

Subresource Integrity is a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. It landed in Firefox 43.

Engineering

Tracking Bug

The bulk of the code lives in these two classes:

which hook into:

layout/style/Loader.cpp (CSS loader)
dom/base/nsScriptLoader.cpp (Script loader)

Both of these hooks work in the same way:

We start by creating an SRIMetadata object from the content of the integrity attribute as we process the element:
We then wait until the file is downloaded and check that the hash of the contents matches the SRI hash:
- nsScriptLoader::OnStreamComplete()
- SheetLoadData::OnStreamComplete()
We return NS_ERROR_SRI_CORRUPT, which fails the load and triggers the error event on that element, if the hashes don't match.

QA

The automated tests live in these two places:

To turn on debugging output, export the following environment variable:

MOZ_LOG="SRI:5,SRIMetadata:5"

Evangelism

SRI Hash Generator (source code)

@@ Line 1: / Line 1: @@
 == Description ==
-Subresource Integrity is a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation.
+Subresource Integrity is a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. It [https://bugzilla.mozilla.org/show_bug.cgi?id=1205448 landed] in Firefox 43.
 == Engineering ==
 * [https://bugzilla.mozilla.org/show_bug.cgi?id=992096 Tracking Bug]
+The bulk of the code lives in these two classes:
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/security/SRICheck.h SRICheck]
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/security/SRIMetadata.h SRIMetadata]
+which hook into:
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp layout/style/Loader.cpp] (CSS loader)
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp dom/base/nsScriptLoader.cpp] (Script loader)
+Both of these hooks work in the same way:
+# We start by creating an <tt>SRIMetadata</tt> object from the content of the <tt>integrity</tt> attribute as we process the element:
+#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l555 nsScriptLoader::ProcessScriptElement()]
+#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l1661 nsScriptLoader::PreloadURI()]
+#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp#l1259 Loader::CreateSheet()]
+# We then wait until the file is downloaded and check that the hash of the contents matches the SRI hash:
+#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/base/nsScriptLoader.cpp#l1436 nsScriptLoader::OnStreamComplete()]
+#* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/layout/style/Loader.cpp#l966 SheetLoadData::OnStreamComplete()]
+# We return <tt>NS_ERROR_SRI_CORRUPT</tt>, which fails the load and triggers the <tt>error</tt> event on that element, if the hashes don't match.
 == QA ==
+The automated tests live in these two places:
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/dom/security/test/sri dom/security/test/sri/]
+* [https://hg.mozilla.org/mozilla-central/file/f1dffc8682fb/testing/web-platform/tests/subresource-integrity testing/web-platform/tests/subresource-integrity/]
 To turn on debugging output, export the following environment variable:
-  NSPR_LOG_MODULES="SRI:5,SRIMetadata:5"
+  MOZ_LOG="SRI:5,SRIMetadata:5"
 == Evangelism ==
-* [https://srihash.org SRI Hash Generator]
+* [https://srihash.org SRI Hash Generator] ([https://github.com/mozilla/srihash.org source code])
 == Documentation ==
 * [http://www.w3.org/TR/SRI/ Specification]
+* [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity MDN]