Page MenuHomePhabricator
Create Task
Maniphest T148576

Security review request: Electron render service
Closed, ResolvedPublic
Actions

Description

Project Information

Description of the tool/project

Given a URL pointing to a printable wiki page, render the page to a PDF using Chrome's print-to-pdf functionality.

Description of how the tool will be used at WMF

This service will be the backend service behind a "this page as PDF" REST API entry point. Externally controlled parameter is the page title to render.

Dependencies

List dependencies, or upstream projects that this project relies on

  • Electron / Chromium

Has this project been reviewed before?

Not inside WMF.

Working test environment

  • There is a simple test install on pdf.services.eqiad.wmflabs.org, in /home/gwicke. This instance is publicly available as pdf-electron.wmflabs.org. Example test page.
  • Instructions for setting up a test environment: T134205#2261997
  • Ongoing deployment prep: T143129

Post-deployment

Services

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved JhernandezT148358 Prepare for November user research
 Resolved atgoT148359 Complete Wikilater prototype for testing
 DeclinedNoneT149627 Update Wikilater to use Electron service in production
 ResolvedNoneT148364 Complete Quickfact prototype for testing
 DeclinedNoneT149628 Update Flashcard to use Electron service in production
 Resolved JKatzWMFT150871 [EPIC] (Proposal) Replicate core OCG features and sunset OCG service
 ResolvedNoneT135643 Show tables in pdfs (#9)
 ResolvedWMDE-FischT135616 Investigate underlying issues with tables in PDF rendering
 ResolvedAddshoreT135613 [GTWL] Include hint about excluded tables when generating a PDF
 InvalidNoneT137431 Improve patch to show tables in pdfs
 InvalidNoneT137432 Add a table appendix to pdfs
 ResolvedTobi_WMDE_SWT142201 Create a mediawiki extension for browser-based rendered pdf support
 ResolvedTobi_WMDE_SWT142202 Only render single articles, and not collections or books
 Resolvedgabriel-wmdeT142204 Investigate what is needed to use browser based rendering for books
ResolvedAddshoreT145413 Request repository for browser-based rendered pdf support extension
 ResolvedTobi_WMDE_SWT146894 Replace "Printable version" with link to ElectronPdfService
 ResolvedTobi_WMDE_SWT146895 Implement SpecialPage according to mockup
 ResolvedTobi_WMDE_SWT147842 Update extension documentation on mw.org
 DeclinedNoneT149086 Implement caching for ElectronPdfService extension
 ResolvedTobi_WMDE_SWT149189 Add and enable basic browsertests
 Resolved GWickeT142226 Productize the Electron PDF render service & create a REST API end point
 Resolved dpatrickT148576 Security review request: Electron render service
 Resolved Lea_WMDET143410 Voices from the Community about current pdf use
 ResolvedAddshoreT150326 Track numbers for Electron- vs. OCG-Rendering

Event Timeline

GWicke created this task.Oct 18 2016, 7:39 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 18 2016, 7:39 PM
GWicke updated the task description. (Show Details)Oct 18 2016, 7:41 PM
GWicke updated the task description. (Show Details)
GWicke added a parent task: T142226: Productize the Electron PDF render service & create a REST API end point.Oct 18 2016, 7:51 PM
dpatrick mentioned this in E347: Security Review: Electron PDF Rendering Service and Extension.Oct 18 2016, 8:29 PM
mobrovac added a project: User-mobrovac.Oct 18 2016, 8:34 PM

Also, as part of T143129: New service request - PDF Render, there is Gerrit 305256 which contains the Puppet code needed to put the service in WMF production. It is currently running in BetaCluster on the deployment-pdfrender host.

GWicke added a subscriber: dpatrick.Nov 4 2016, 6:10 PM

@dpatrick, did you find any actionables in the security review that we could start addressing?

dpatrick added a comment.Nov 8 2016, 4:52 PM

This has been reviewed and no major issues were found.

Because testing of Chromium was considered out-of-scope due to the breadth of its attack surface, the rendering service should be run in production with constraints using a tool such as Firejail, to protect against the possibility of malicious content submitted for rendering somehow causing remote code execution in the underlying Electron/Chromium instance.

mobrovac closed this task as Resolved.Nov 9 2016, 2:31 PM
mobrovac assigned this task to dpatrick.
mobrovac edited projects, added Electron-PDFs, Services (done); removed Services (blocked).

Thank you @dpatrick ! Firejail support will be dealt with as part of T143336: Investigate better protection modes for electron render service (xvfb setuid), so resolving this task.

sbassett moved this task from Incoming to Done on the deprecated-security-team-reviews board.Apr 24 2019, 6:10 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits