<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.expertiza.ncsu.edu/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Gpollep</id>
	<title>Expertiza_Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.expertiza.ncsu.edu/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Gpollep"/>
	<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Special:Contributions/Gpollep"/>
	<updated>2026-07-16T14:34:27Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.41.0</generator>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106806</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106806"/>
		<updated>2016-12-12T16:56:02Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Testing */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which cookie(s) need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
=== Automated Testing ===&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Manual testing from UI ===&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106805</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106805"/>
		<updated>2016-12-12T16:54:58Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Design */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which cookie(s) need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual testing from UI:&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106804</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106804"/>
		<updated>2016-12-12T16:52:49Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Testing */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual testing from UI:&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106803</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106803"/>
		<updated>2016-12-12T16:52:16Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Testing */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual testing from UI:&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|thumb|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106802</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106802"/>
		<updated>2016-12-12T16:50:07Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Changed order of design and testing&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual testing from UI:&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106801</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106801"/>
		<updated>2016-12-12T16:48:50Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Test Plan */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
=='''Testing'''==&lt;br /&gt;
We have implemented the following scenarios to test the cookie eviction and max_per_host features:&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict expired cookies when max per host is reached: In this scenario, we delete all the expired cookies from Cookie Store when number of cookies in the base domain reaches maximum threshold (max_per_host)&amp;lt;/li&amp;gt; &lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest non-secure cookie: When there are no expired cookie in the cookie storage and maximum threshold has been reached (max_per_host), then the oldest non-secure cookie is evicted out.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Do not evict  secure cookie when maximum threshold is reached (max_per_host) when new cookie being added is non-secure.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Evict oldest secure cookie when all cookies in the Cookie Storage are secure and the incoming cookie is also a secure cookie.&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
All the aforementioned scenario have been implemented as unit tests. In order to test it please use the following commands:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Manual testing from UI:&lt;br /&gt;
This is not part of required tasks and has been implemented purely for demonstration purpose.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach run https://coookietester.herokuapp.com/cookies&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:CookieTester.jpg|center]]&lt;br /&gt;
&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:CookieTester.jpg&amp;diff=106800</id>
		<title>File:CookieTester.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:CookieTester.jpg&amp;diff=106800"/>
		<updated>2016-12-12T16:47:16Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: uploaded a new version of &amp;amp;quot;File:CookieTester.jpg&amp;amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:CookieTester.jpg&amp;diff=106799</id>
		<title>File:CookieTester.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:CookieTester.jpg&amp;diff=106799"/>
		<updated>2016-12-12T16:46:00Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106798</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106798"/>
		<updated>2016-12-12T16:27:36Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Design */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the code changes reflect the code refactoring involved in changing vector implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106797</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106797"/>
		<updated>2016-12-12T16:26:54Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Code Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Design'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106796</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106796"/>
		<updated>2016-12-12T13:10:54Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Code Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
A preview of the file diffs is as shown below. Complete file diffs are available at this [https://github.com/servo/servo/pull/14445/files link].&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106795</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106795"/>
		<updated>2016-12-12T13:07:34Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added flowchart for cookie eviction&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Eviction_flowchart.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Eviction_flowchart.JPG&amp;diff=106794</id>
		<title>File:Eviction flowchart.JPG</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Eviction_flowchart.JPG&amp;diff=106794"/>
		<updated>2016-12-12T13:06:38Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106793</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106793"/>
		<updated>2016-12-11T21:59:54Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Code Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Cs2.jpg&amp;diff=106792</id>
		<title>File:Cs2.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Cs2.jpg&amp;diff=106792"/>
		<updated>2016-12-11T21:59:23Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106791</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106791"/>
		<updated>2016-12-11T21:57:02Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added description about code changes&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specific order for a action.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactoring of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be a penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
When the number of cookies for a base domain reaches the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt; &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106790</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106790"/>
		<updated>2016-12-11T21:55:18Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Code Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images below, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&lt;br /&gt;
When the number of cookies for a base domain reach the maximum set limit (max_per_host), eviction policy is used to decide the cookies which need to be eliminated to accommodate the new cookie. &lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106789</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106789"/>
		<updated>2016-12-11T21:53:41Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Code Changes */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
In the images above, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines). Whenever a new cookie is added, the cookie's base domain name is extracted out and is looked up in the HashMap. If no entry is found a new Vector is created and appended to it.&lt;br /&gt;
&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106788</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106788"/>
		<updated>2016-12-11T21:50:58Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added description about code changes&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
* /servo/components/net/http_loader.rs&lt;br /&gt;
* /servo/components/net/resource_thread.rs&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Code Changes'''==&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
In the images above, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines).&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106787</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106787"/>
		<updated>2016-12-11T21:46:20Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
In the images above, the changes reflect the code refactoring involved in changing linked list implementation to a HashMap implementation. Another important feature to notice is the addition of a new parameter for the Cookie Storage constructor. This value max_per_host dictates how many cookies per domain is supported by servo. For testing the value has been set to 5 and for production, the value has been set to 150 (as per Mozilla Team's guidelines).&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106786</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106786"/>
		<updated>2016-12-11T21:31:53Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
[[File:Cs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Cs1.jpg&amp;diff=106785</id>
		<title>File:Cs1.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Cs1.jpg&amp;diff=106785"/>
		<updated>2016-12-11T21:30:02Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106784</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106784"/>
		<updated>2016-12-11T20:51:08Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ol&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;  Expired cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
&amp;lt;li&amp;gt;  All cookies.&lt;br /&gt;
&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106783</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106783"/>
		<updated>2016-12-11T20:48:42Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
1.  Expired cookies.&lt;br /&gt;
2.  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
3.  Cookies that share a &amp;quot;domain&amp;quot; field with more than a predetermined number of other cookies.&lt;br /&gt;
4.  All cookies.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106782</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=106782"/>
		<updated>2016-12-11T20:47:43Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added priority order for cookie eviction&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specifi order for a cation.&lt;br /&gt;
&lt;br /&gt;
In order for a non-secure cookie to not replace secure cookie, the following priority order is used while deciding to evict a cookie(s):&lt;br /&gt;
&lt;br /&gt;
       1.  Expired cookies.&lt;br /&gt;
       2.  Cookies whose &amp;quot;secure-only-flag&amp;quot; is not set and which share a&lt;br /&gt;
           &amp;quot;domain&amp;quot; field with more than a predetermined number of other&lt;br /&gt;
           cookies.&lt;br /&gt;
       3.  Cookies that share a &amp;quot;domain&amp;quot; field with more than a&lt;br /&gt;
           predetermined number of other cookies.&lt;br /&gt;
       4.  All cookies.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105971</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105971"/>
		<updated>2016-11-16T02:19:21Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure&amp;lt;br&amp;gt; &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105970</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105970"/>
		<updated>2016-11-16T02:19:03Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
Current Structure &lt;br /&gt;
[[File:Cookie_before.JPG]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
After Refactoring&lt;br /&gt;
[[File:Cookie_after.JPG]]&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Cookie_before.JPG&amp;diff=105969</id>
		<title>File:Cookie before.JPG</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Cookie_before.JPG&amp;diff=105969"/>
		<updated>2016-11-16T02:18:04Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Cookie_after.JPG&amp;diff=105968</id>
		<title>File:Cookie after.JPG</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Cookie_after.JPG&amp;diff=105968"/>
		<updated>2016-11-16T02:17:38Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105967</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105967"/>
		<updated>2016-11-16T01:55:27Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Servo */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
Task Communication Diagram&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105966</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105966"/>
		<updated>2016-11-16T01:54:14Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
[[File:Tasks1.jpg]]&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Tasks2.jpg]]&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
==Test Plan==&lt;br /&gt;
There is no manual testing in this project. Existing unit tests will ensure that refactoring has not broken any functionality. New unit test cases would be written for validating &amp;quot;Leave Secure Cookies Alone&amp;quot; specification.&lt;br /&gt;
&lt;br /&gt;
1) Unit test for checking &amp;quot;secure-only-flag&amp;quot; is set.&lt;br /&gt;
2) Unit test for &amp;quot;domain&amp;quot; domain-matches the &amp;quot;domain&amp;quot; of the newly created cookie, or vice-versa.&lt;br /&gt;
3) Unit test to validate The &amp;quot;path&amp;quot; of the newly created cookie path-matches the &amp;quot;path&amp;quot; of the existing cookie.&lt;br /&gt;
&lt;br /&gt;
Please note that since lot of unit tests are already in place. We are not required to write many new test cases. After refactoring, if CI passes without any dip in code coverage then we can say refactoring is successful.&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Tasks2.jpg&amp;diff=105965</id>
		<title>File:Tasks2.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Tasks2.jpg&amp;diff=105965"/>
		<updated>2016-11-16T01:53:30Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=File:Tasks1.jpg&amp;diff=105964</id>
		<title>File:Tasks1.jpg</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=File:Tasks1.jpg&amp;diff=105964"/>
		<updated>2016-11-16T01:52:58Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105231</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105231"/>
		<updated>2016-11-10T02:57:39Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Continuous Integration'''==&lt;br /&gt;
Continuous Integration, being a key element in Test Driven Development. Our team will setup our own Travis server to ensure code sanity.&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105230</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105230"/>
		<updated>2016-11-10T02:55:22Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Files to be modified */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* /servo/components/net/cookie.rs&lt;br /&gt;
* /servo/test/unit/cookie.rs&lt;br /&gt;
* /servo/components/servo/cargo.toml&lt;br /&gt;
* /servo/components/servo/cargo.lock&lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105229</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105229"/>
		<updated>2016-11-10T02:53:08Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Approach */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
First step would be to update the vector to HasMap by maintaining the wrapper functions used on the CookieStporage class. Upon completion of the task, all the unit test cases should pass. This would provide an additional checkpoint to verify the integrity of the new CookieStorage class's behavior.&lt;br /&gt;
&lt;br /&gt;
Subsequent steps would include refactoring of the code so that the existing functionality is retained with added feature and advantages provided by HashMaps like faster search.&lt;br /&gt;
&lt;br /&gt;
RFC implementation would be possible after the code refactor of CookieStorage class. Most of the RFC related changes are related to maintaining the content of the map. So this step would be penultimate step of the project.&lt;br /&gt;
&lt;br /&gt;
Team would follow Test Driven Development, so unit tests would be written first wherever required and production code would be written to make the testcases pass.&lt;br /&gt;
&lt;br /&gt;
We would follow Pair Programming to minimize errors and maximize the productivity. We are going to adhere to industry set standards which provide better QoS and stable product.&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* &lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105220</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105220"/>
		<updated>2016-11-10T02:43:33Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Tasks */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* &lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105219</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105219"/>
		<updated>2016-11-10T02:43:18Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Approach */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* &lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105217</id>
		<title>User:Rjain9</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=User:Rjain9&amp;diff=105217"/>
		<updated>2016-11-10T02:42:53Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Approach */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== HTTP Cookie ===&lt;br /&gt;
An [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie] is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.&lt;br /&gt;
&lt;br /&gt;
=='''Tasks'''==&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. &amp;quot;www.google.co.uk&amp;quot; becomes &amp;quot;google.co.uk&amp;quot;)&lt;br /&gt;
&lt;br /&gt;
3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
4) Implement the [https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/?include_text=1 Leave Secure Cookies Alone] specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)&lt;br /&gt;
&lt;br /&gt;
=='''Approach'''==&lt;br /&gt;
The current implementation of CookieStorage utilizes vector of Cookies. No restrictions are placed on the number of cookies that can be added per host.The proposed change will refactor CookieStorage to use HashMap with Base host as key. There would a limit on the maximum number of cookies per host. Changes will also include, implementation of '''Deprecate modification of 'secure' cookies from non-secure origins''' which update RFC6265 by removing the ability for a non-secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set.&lt;br /&gt;
&lt;br /&gt;
Since this contains refactoring, all existing unit testcases need to pass. Additionally, new unit test cases will be written for validating implementation of aforementioned specification.&lt;br /&gt;
&lt;br /&gt;
=='''Files to be modified'''==&lt;br /&gt;
* /servo/components/cookie_storage.rs&lt;br /&gt;
* &lt;br /&gt;
&lt;br /&gt;
=='''Key People'''==&lt;br /&gt;
=== Developers ===&lt;br /&gt;
* Guru Darshan &lt;br /&gt;
* Raghavendra Nayak&lt;br /&gt;
* Rishi Jain&lt;br /&gt;
* Tsung-Ying Chuang&lt;br /&gt;
=== Mentor ===&lt;br /&gt;
* Ed Gehringer&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104673</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104673"/>
		<updated>2016-11-07T19:29:21Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
'''Note to Reviewers''' : The pull request has been approved and merged by Mozilla team. &lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
All the newly implemented functions have been provided with URL corresponding to their documentation instead of a direct comment above the function. This is in accordance with the guidelines set by Mozilla for the Servo project. Hence no extra comments are added to the code. All the implementation details can be provided in the links provided above the functions.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
No UI is available for testing the changes as the associated features involve cookies which do not have a visual interface. To test the changes follow these commands&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
Links to [https://github.com/rjain9/servo/pull/1 '''old'''] pull request and [https://github.com/servo/servo/pull/14059 '''new'''] pull request.&lt;br /&gt;
&lt;br /&gt;
This '''new''' pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referrer policy enums for strict-origin and strict-origin-when-cross-origin have been added to [https://github.com/hyperium/hyper/pull/943 hyper]. Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid a different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
Mozilla guidelines suggest that multiple concise commits should be wrapped into a single commit. Hence the '''old''' request shows the individual contributions but the '''new''' pull request contains only one major commit (and review comments based commits).&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104339</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104339"/>
		<updated>2016-11-04T16:47:03Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Implementation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
All the newly implemented functions have been provided with URL corresponding to their documentation instead of a direct comment above the function. This is in accordance with the guidelines set by Mozilla for the Servo project. Hence no extra comments are added to the code. All the implementation details can be provided in the links provided above the functions.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
No UI is available for testing the changes as the associated features involve cookies which do not have a visual interface. To test the changes follow these commands&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
Links to [https://github.com/rjain9/servo/pull/1 '''old'''] pull request and [https://github.com/servo/servo/pull/14059 '''new'''] pull request.&lt;br /&gt;
&lt;br /&gt;
This '''new''' pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referrer policy enums for strict-origin and strict-origin-when-cross-origin have been added to [https://github.com/hyperium/hyper/pull/943 hyper]. Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid a different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
Mozilla guidelines suggest that multiple concise commits should be wrapped into a single commit. Hence the '''old''' request shows the individual contributions but the '''new''' pull request contains only one major commit (and review comments based commits).&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104338</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104338"/>
		<updated>2016-11-04T16:45:38Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Implementation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
All the newly implemented functions have been provided with URL corresponding to their documentation instead of a direct comment above the function. This is in accordance with the guidelines set by Mozilla for the Servo project. So no extra comments are added to the code. All the implementation details can be provided in the links provided above the functions.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
No UI is available for testing the changes as the associated features involve cookies which do not have a visual interface. To test the changes follow these commands&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
Links to [https://github.com/rjain9/servo/pull/1 '''old'''] pull request and [https://github.com/servo/servo/pull/14059 '''new'''] pull request.&lt;br /&gt;
&lt;br /&gt;
This '''new''' pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referrer policy enums for strict-origin and strict-origin-when-cross-origin have been added to [https://github.com/hyperium/hyper/pull/943 hyper]. Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid a different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
Mozilla guidelines suggest that multiple concise commits should be wrapped into a single commit. Hence the '''old''' request shows the individual contributions but the '''new''' pull request contains only one major commit (and review comments based commits).&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104337</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104337"/>
		<updated>2016-11-04T16:42:37Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Pull Request Details */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
No UI is available for testing the changes as the associated features involve cookies which do not have a visual interface. To test the changes follow these commands&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
Links to [https://github.com/rjain9/servo/pull/1 '''old'''] pull request and [https://github.com/servo/servo/pull/14059 '''new'''] pull request.&lt;br /&gt;
&lt;br /&gt;
This '''new''' pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referrer policy enums for strict-origin and strict-origin-when-cross-origin have been added to [https://github.com/hyperium/hyper/pull/943 hyper]. Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid a different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
Mozilla guidelines suggest that multiple concise commits should be wrapped into a single commit. Hence the '''old''' request shows the individual contributions but the '''new''' pull request contains only one major commit (and review comments based commits).&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104334</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104334"/>
		<updated>2016-11-04T16:30:12Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added testing commands&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
No UI is available for testing the changes as the associated features involve cookies which do not have a visual interface. To test the changes follow these commands&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
 ./mach build --dev&lt;br /&gt;
 ./mach test-unit -p net&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
This pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referrer policy enums for strict-origin and strict-origin-when-cross-origin have been added to hyper([https://github.com/hyperium/hyper/pull/943]). Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid a different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104333</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104333"/>
		<updated>2016-11-04T16:21:29Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added pull request details&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Details''' ==&lt;br /&gt;
This pull request contains commit implementing initial steps for Improving Network Security project. As part of initial steps referer policy enums for strict-origin and strict-origin-when-cross-origin have been added to hyper([https://github.com/hyperium/hyper/pull/943]). Unit tests and additional logic has been added to handle these policies. Since enum changes are available on hyper version 0.9.11. We had to update hyper version to 0.9.11.&lt;br /&gt;
&lt;br /&gt;
Hyper 0.9.11 depends on num_cpus 1.1.0. To avoid different version of num_cpus. We have updated rayon version from 0.4.0 to 0.4.3. Cargo.toml of util, style, geckolib, stylo component has been updated to use num_cpus version 1.1.0 instead of 0.2.2.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104332</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104332"/>
		<updated>2016-11-04T16:20:05Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Updated links&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/servo/servo/pull/14059 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/servo/servo/pull/14059 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
== '''Pull Request Status''' ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104274</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104274"/>
		<updated>2016-11-04T01:37:53Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added commit freq&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/rjain9/servo/pull/1 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/rjain9/servo/pull/1 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;br /&gt;
&lt;br /&gt;
== '''Commit Frequency''' ==&lt;br /&gt;
Since this is a Mozilla project, all the changes were submitted in a single commit.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104273</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=104273"/>
		<updated>2016-11-04T01:29:35Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added Design pattern&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
[https://doc.rust-lang.org/book/ Rust] is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
[https://servo.org/ Servo] is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Design Pattern''' ==&lt;br /&gt;
No design patterns were used in this project.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/rjain9/servo/pull/1 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
Referrer policy implementation&amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs.jpg]]&amp;lt;br&amp;gt;&lt;br /&gt;
Selected Test case changes &amp;lt;br&amp;gt;&lt;br /&gt;
[[File:Ubs1.jpg]]&lt;br /&gt;
&lt;br /&gt;
For complete changes please refer aforementioned url.&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/rjain9/servo/pull/1 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=103130</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=103130"/>
		<updated>2016-10-28T21:56:59Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: /* Testing */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
Rust is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.[https://doc.rust-lang.org/book/ title]&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
Servo is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/rjain9/servo/pull/1 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;br /&gt;
Various testcase scenerios involving request from HTTP to HTTPS URLs and vice-versa have been added in [https://github.com/rjain9/servo/pull/1 tests/unit/net/http_loader.rs]. Full functionality coverage has been taken case of by ensuring that all same origin and cross origin test cases have been included.&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=103124</id>
		<title>CSC/ECE 517 Fall 2016/M1654. Improve network security features</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2016/M1654._Improve_network_security_features&amp;diff=103124"/>
		<updated>2016-10-28T21:52:24Z</updated>

		<summary type="html">&lt;p&gt;Gpollep: Added Project steps&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;font size=&amp;quot;5&amp;quot;&amp;gt;M1654: Improve network security features for Servo (cookies and strict referrer policies)&amp;lt;/font&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Servo supports standard [HTTP cookies] and parts of the Referral-Policy web standard. The project aims at increasing the security available to Servo browser users by implementing secure standards and complete the missing parts of the existing implementations. The project involves adding &amp;quot;strict&amp;quot; version of existing referrer policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Introduction'''==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Rust ===&lt;br /&gt;
Rust is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.[https://doc.rust-lang.org/book/ title]&lt;br /&gt;
&lt;br /&gt;
=== Servo ===&lt;br /&gt;
Servo is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policy ===&lt;br /&gt;
Referrer is a HTTP header field which contains the source of the URL that requested the web page. Referrer-policy dictates algorithm used to generate Referrer header when a new web page is requested.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=='''Project Description'''==&lt;br /&gt;
The project entails adding improved network security features for Servo engine by supplementing the existing Referrer-policies with 'strict origin' and 'strict origin when cross origin' policies.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A brief description of the list of tasks assigned as part of the project is as follows:&lt;br /&gt;
&lt;br /&gt;
1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html&lt;br /&gt;
&lt;br /&gt;
2) Email the mozilla.dev.servo mailing list (be sure to subscribe first!) introducing your group and asking any necessary questions&lt;br /&gt;
&lt;br /&gt;
3) Implement strict-origin and strict-origin-when-cross-origin referrer policies (see determine_request_referrer and determine_policy_for_token)&lt;br /&gt;
&lt;br /&gt;
4) Add support for the new strict policy values in the Referrer-Policy HTTP header (source)&lt;br /&gt;
&lt;br /&gt;
5) Add tests for the new policy values in tests/unit/net/http_loader.rs (run with ./mach test-unit -p net)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Referrer Policies added in this project ===&lt;br /&gt;
==== Strict Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin Strict Origin] Referrer Policy dictates that the Referrer in HTTP header is always filled with the stripped URL of the origin and not the complete URL.&lt;br /&gt;
&lt;br /&gt;
==== Strict origin When Cross Origin ====&lt;br /&gt;
[https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin Strict Origin When Cross Origin] Referrer Policy dictates that the Referrer in HTTP header is filled with the stripped URL of the origin if the request is sent to a URL different from the origin and the complete URL is sent when making [https://en.wikipedia.org/wiki/Same-origin_policy same origin] requests.&lt;br /&gt;
&lt;br /&gt;
== '''Implementation''' ==&lt;br /&gt;
Strict Origin and Strict Origin When Cross origin Referrer policy implementations have been added to the codebase. The pull request for Servo repository is available [https://github.com/rjain9/servo/pull/1 here] and Hyper is available [https://github.com/hyperium/hyper/pull/943 here]&lt;br /&gt;
&lt;br /&gt;
== '''Testing''' ==&lt;/div&gt;</summary>
		<author><name>Gpollep</name></author>
	</entry>
</feed>