[webkit-changes] [258994] trunk/Source/WebKit

[bfulgham]

Title: [258994] trunk/Source/WebKit

Revision

258994

Author

bfulg...@apple.com

Date

2020-03-25 10:27:01 -0700 (Wed, 25 Mar 2020)

Log Message

Avoid logging sensitive information for all network sessions
https://bugs.webkit.org/show_bug.cgi?id=209522
<rdar://problem/54807157>

Reviewed by Alex Christensen.

We avoid logging sensitive information (such as visited URLs) on production builds and for ephemeral sessions.

We should also avoid such logging for engineering and prerelease builds to reduce the possibility of any
personally identifiable information being retained in logs.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(WebKit::configurationForSessionID): Deny senstive logging for all sessions.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (258993 => 258994)

--- trunk/Source/WebKit/ChangeLog	2020-03-25 17:15:12 UTC (rev 258993)
+++ trunk/Source/WebKit/ChangeLog	2020-03-25 17:27:01 UTC (rev 258994)
@@ -1,3 +1,19 @@
+2020-03-25  Brent Fulgham  <bfulg...@apple.com>
+
+        Avoid logging sensitive information for all network sessions
+        https://bugs.webkit.org/show_bug.cgi?id=209522
+        <rdar://problem/54807157>
+
+        Reviewed by Alex Christensen.
+
+        We avoid logging sensitive information (such as visited URLs) on production builds and for ephemeral sessions.
+
+        We should also avoid such logging for engineering and prerelease builds to reduce the possibility of any
+        personally identifiable information being retained in logs.
+
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (WebKit::configurationForSessionID): Deny senstive logging for all sessions.
+
 2020-03-24  Daniel Bates  <daba...@apple.com>
 
         [iOS] ASSERTION FAILURE: !isMissingPostLayoutData in WebKit::EditorState::postLayoutData()

Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (258993 => 258994)

--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm	2020-03-25 17:15:12 UTC (rev 258993)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm	2020-03-25 17:27:01 UTC (rev 258994)
@@ -994,15 +994,17 @@
 
 static NSURLSessionConfiguration *configurationForSessionID(const PAL::SessionID& session)
 {
+    NSURLSessionConfiguration *configuration;
     if (session.isEphemeral()) {
-        NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration ephemeralSessionConfiguration];
+        configuration = [NSURLSessionConfiguration ephemeralSessionConfiguration];
         configuration._shouldSkipPreferredClientCertificateLookup = YES;
+    } else
+        configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
+
 #if HAVE(ALLOWS_SENSITIVE_LOGGING)
-        configuration._allowsSensitiveLogging = NO;
+    configuration._allowsSensitiveLogging = NO;
 #endif
-        return configuration;
-    }
-    return [NSURLSessionConfiguration defaultSessionConfiguration];
+    return configuration;
 }
 
 const String& NetworkSessionCocoa::boundInterfaceIdentifier() const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes