Untrusted uploads form (#3948)

pgrace-google · jonathanmetzman · web-flow · commit efa4df623020 · 2024-05-09T14:35:52.000-04:00
i apparently cannot figure out how to take over a PR so making a new one addressed comments left on #3902 and updated wording, fixed styling/made minor changes --------- Co-authored-by: Jonathan Metzman <metzman@chromium.org> Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
diff --git a/src/appengine/handlers/upload_testcase.py b/src/appengine/handlers/upload_testcase.py
@@ -25,6 +25,7 @@
 from clusterfuzz._internal import fuzzing
 from clusterfuzz._internal.base import external_users
 from clusterfuzz._internal.base import memoize
+from clusterfuzz._internal.base import task_utils
 from clusterfuzz._internal.base import tasks
 from clusterfuzz._internal.base import utils
 from clusterfuzz._internal.crash_analysis.stack_parsing import stack_analyzer
@@ -50,6 +51,8 @@
 UPLOAD_URL = '/upload-testcase/upload-oauth'
 MEMCACHE_TTL_IN_SECONDS = 60 * 60  # 1 hour.
 
+TRUSTED_AGREEMENT_TEXT = 'This testcase is safe to run'
+
 
 def _is_uploader_allowed(email):
   """Return bool on whether user is allowed to upload to any job or fuzzer."""
@@ -385,6 +388,15 @@ def do_post(self):
     issue_labels = request.get('issue_labels')
     gestures = request.get('gestures') or '[]'
     stacktrace = request.get('stacktrace')
+    trusted_agreement_signed = request.get(
+        'trustedAgreement') == TRUSTED_AGREEMENT_TEXT.strip()
+
+    if (not trusted_agreement_signed and
+        task_utils.is_remotely_executing_utasks()):
+      # Trusted agreement was not signed even though the job has privileges and
+      # there are other jobs that don't have privileges.
+      raise helpers.EarlyExitError(
+          'Sign the trusted job statement or upload to a trusted job.', 400)
 
     crash_data = None
     if job.is_external():
diff --git a/src/appengine/private/components/upload-testcase/upload-form-simplified.html b/src/appengine/private/components/upload-testcase/upload-form-simplified.html
@@ -146,11 +146,11 @@
         </template>
       </div>
       <div class="warning">
-        <b>WARNING</b>: ClusterFuzz doesn't support untrusted workloads.<br>
-        Only upload testcases that you trust enough to run on your own
-        machine. Note that the following jobs do use the Chrome sandbox
-        but this is not a guarantee of protection:<br>
-        [[formatSandboxedJobs(fieldValues.sandboxedJobs)]]
+      <span><strong>WARNING</strong>: ClusterFuzz only partially supports untrusted workloads.<br></span>
+        ClusterFuzz supports untrusted workloads when the platform is Linux<br>
+        If your upload does not use Linux as the platform, Clusterfuzz will treat the input testcase as trusted,
+        and therefore run with privileged jobs. Only upload this testcase if you trust it enough to run on your own machine.<br>
+        To confirm this testcase is trusted, you must fill out the extra field confirming so.
       </div>
       <div class="inline wide">
         <paper-dropdown-menu
@@ -173,6 +173,7 @@
       <p class="quick-mode-job narrow"> Job to be used for this testcase: {{getJobType(uploadParams.file, uploadParams.fileType, uploadParams.platform)}} </p>
       <div class="inline wide">
         <paper-input value="{{uploadParams.args}}" label="Command-line arguments (optional)" title="Additional command line flags to append when running this testcase. Only necessary if a flag that isn't part of the job definition is required."></paper-input>
+	      <paper-input value="{{uploadParams.trustedAgreement}}" label="Type in 'This testcase is safe to run' to run trusted testcases on trusted jobs."></paper-input>
       </div>
       <template is="dom-if" if="[[isAndroid(uploadParams.job)]]">
         <div class="inline wide">
@@ -205,7 +206,7 @@
             value: [
                 'job', 'target', 'multiple', 'http', 'highEnd', 'issue',
                 'revision', 'timeout', 'retries', 'updateIssue', 'args', 'cmd',
-                'platform', 'gestures', 'testcaseId']
+                'platform', 'gestures', 'testcaseId', 'trustedAgreement']
           },
           uploadParams: {
             type: Object,
@@ -379,18 +380,6 @@
         let secureJobs = new Set(this.fieldValues.sandboxedJobs);
         return this.fieldValues.isChromium && !secureJobs.has(job);
       }
-
-      formatSandboxedJobs(jobs) {
-        if (!jobs) { return ''; }
-
-        let s = '';
-        for (let i=0;i<jobs.length;i++) {
-          if (i > 0) { s += ', '; }
-          if (i == (jobs.length - 1)) { s += 'and '; }
-          s += jobs[i]
-        }
-        return s;
-      }
     }
 
     customElements.define(UploadFormSimplified.is, UploadFormSimplified);
diff --git a/src/appengine/private/components/upload-testcase/upload-form.html b/src/appengine/private/components/upload-testcase/upload-form.html
@@ -193,11 +193,11 @@
         </template>
       </div>
       <div class="warning">
-        <b>WARNING</b>: ClusterFuzz doesn't support untrusted workloads.<br>
-        Only upload testcases that you trust enough to run on your own
-        machine. Note that the following jobs do use the Chrome sandbox,
-        but this is not a guarantee of protection:<br>
-        [[formatSandboxedJobs(fieldValues.sandboxedJobs)]]
+      <span><strong>WARNING</strong>: ClusterFuzz only partially supports untrusted workloads.<br></span>
+        ClusterFuzz supports untrusted workloads when the platform is Linux<br>
+        If your upload does not use Linux as the platform, Clusterfuzz will treat the input testcase as trusted,
+        and therefore run with privileged jobs. Only upload this testcase if you trust it enough to run on your own machine.<br>
+        To confirm this testcase is trusted, you must fill out the extra field confirming so.
       </div>
       <div class="inline narrow">
         <template is="dom-if" if="[[shouldShowIssueField()]]">
@@ -228,6 +228,7 @@
       </template>
       <template is="dom-if" if="[[fieldValues.isChromium]]">
         <paper-checkbox value="true" checked="{{uploadParams.highEnd}}">Use a multi-core bot (linux only).</paper-checkbox>
+        <paper-input value="{{uploadParams.trustedAgreement}}" label="Type in 'This testcase is safe to run' to run trusted testcases on trusted jobs."></paper-input>
       </template>
       <br/>
       <paper-button class="get-link-button" slot="more-buttons" on-tap="generatePermalink">Permalink</paper-button>
@@ -254,7 +255,7 @@
             value: [
                 'job', 'target', 'multiple', 'http', 'highEnd', 'issue',
                 'revision', 'timeout', 'retries', 'updateIssue', 'args', 'cmd',
-                'platform', 'gestures', 'testcaseId']
+                'platform', 'gestures', 'testcaseId', 'trustedAgreement']
           },
           uploadParams: {
             type: Object,
@@ -387,23 +388,6 @@
             this.uploadParams, this.paramKeys);
       }
 
-      showWarning(job) {
-        let secureJobs = new Set(this.fieldValues.sandboxedJobs);
-        return this.fieldValues.isChromium && !secureJobs.has(job);
-      }
-
-      formatSandboxedJobs(jobs) {
-        if (!jobs) { return ''; }
-
-        let s = '';
-        for (let i=0;i<jobs.length;i++) {
-          if (i > 0) { s += ', '; }
-          if (i == (jobs.length - 1)) { s += 'and '; }
-          s += jobs[i]
-        }
-        return s;
-      }
-
       onmatch(key) {
         if (!key)
           return null;
