root icon indicating copy to clipboard operation
root copied to clipboard
verified publisher icon root-project

[webgui] strict check for HMAC signature

Open linev opened this issue 1 year ago • 1 comments

Prevent situation with manipulated packet send without HMAC at all could be accepted

linev avatar May 08 '24 12:05 linev

Test Results

     9 files       9 suites   1d 17h 47m 8s :stopwatch:  2 634 tests  2 634 :white_check_mark: 0 :zzz: 0 :x: 22 331 runs  22 331 :white_check_mark: 0 :zzz: 0 :x:

Results for commit 7394e0a9.

github-actions[bot] avatar May 08 '24 13:05 github-actions[bot]

Can we have a test for this?

For the moment we do not have methods to test communication artifacts. One side is JavaScript, other side is ROOT C++.

linev avatar May 13 '24 08:05 linev

Is there a plan to introduce testing for this part?

There was no concrete plan.

One can try to emulate attack on RWebWindow communication without real http server.

linev avatar May 13 '24 14:05 linev