Context Navigation

← Previous Changeset
Next Changeset →

Changeset 130150 in webkit

Timestamp:

Oct 2, 2012, 4:29:33 AM (13 years ago)

Author:

mkwst@chromium.org

Message:

Add call stacks to Content Security Policy checks when relevant.
https://bugs.webkit.org/show_bug.cgi?id=94433

Reviewed by Adam Barth.

Source/WebCore:

Previously, we generated stack traces only for eval-related CSP
violations. As it turns out, we can call createScriptCallStack from
practically anywhere. This patch takes advantage of that to generate
stack traces whenever a warning is logged to the console. If we're in
a JavaScript stack, brilliant: we get a detailed warning. If not, the
stack trace is empty, and we don't pass it into the console logging
method.

This has the advantage of giving us good developer-facing logging for
any and all violations that result from script-based injection of
resources. Yay!

Tests: http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html

http/tests/inspector/csp-inline-warning-contains-stacktrace.html
http/tests/inspector/csp-setInterval-warning-contains-stacktrace.html
http/tests/inspector/csp-setTimeout-warning-contains-stacktrace.html

bindings/js/ScheduledAction.cpp:

(WebCore::ScheduledAction::create):

Replacing the generated stack trace with the current script state,
which will enable us to generate the stack trace inside
ContentSecurityPolicy::reportViolation if it's relevant.

bindings/v8/ScriptCallStackFactory.cpp:

(WebCore::createScriptCallStackForConsole):
(WebCore):

bindings/v8/ScriptCallStackFactory.h:

(WebCore):

Adding a dummy interface to createScriptCallStackForConsole that
allows ScriptState to be passed in, which matches JSC's interface.

bindings/v8/custom/V8DOMWindowCustom.cpp:

(WebCore::WindowSetTimeoutImpl):

bindings/v8/custom/V8WorkerContextCustom.cpp:

(WebCore::SetTimeoutOrInterval):

Dropping stack trace from call to ContentSecurityPolicy::allowEval.

page/ContentSecurityPolicy.cpp:

(CSPDirectiveList):
(WebCore::CSPDirectiveList::reportViolation):
(WebCore::CSPDirectiveList::checkEvalAndReportViolation):
(WebCore::CSPDirectiveList::allowEval):

Piping script state through from CSPDirectiveList::allowEval rather
than a full stack trace.

(WebCore):
(WebCore::isAllowedByAll):
(WebCore::isAllowedByAllWithState):
(WebCore::ContentSecurityPolicy::allowEval):
(WebCore::ContentSecurityPolicy::reportViolation):
(WebCore::ContentSecurityPolicy::logToConsole):

Piping script state through from ContentSecurityPolicy::allowEval
rather than a full stack trace. Now, we can simply generate the
stack trace just before logging it, and only pass it into
addConsoleMessage if it's non-empty.

page/ContentSecurityPolicy.h:

(JSC):
(WebCore):

Including 'ScriptState.h' to normalize V8 and JSC's JS state objects.

LayoutTests:

http/tests/inspector-enabled/contentSecurityPolicy-blocks-setInterval-expected.txt: Removed.
http/tests/inspector-enabled/contentSecurityPolicy-blocks-setInterval.html: Removed.
http/tests/inspector-enabled/contentSecurityPolicy-blocks-setTimeout-expected.txt: Removed.
http/tests/inspector-enabled/contentSecurityPolicy-blocks-setTimeout.html: Removed.

Moved these tests to http/test/inspector, and rewrote them for consistency.

http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Added.
http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Added.
http/tests/inspector/csp-setInterval-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-setInterval-warning-contains-stacktrace.html: Added.
http/tests/inspector/csp-setTimeout-warning-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-setTimeout-warning-contains-stacktrace.html: Added.
http/tests/inspector/resources/csp-inline-test.js: Added.

(thisTest):

http/tests/inspector/resources/csp-test.js: Added.

(test.addMessage):
(test):

Two new tests for the functionality.

platform/chromium/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
platform/chromium/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
platform/chromium/http/tests/inspector/csp-setInterval-contains-stacktrace-expected.txt: Added.
platform/chromium/http/tests/inspector/csp-setTimeout-warning-contains-stacktrace-expected.txt: Added.

The stacktrace looks slightly different under JSC than V8.

Location:

trunk

Files:

: 14 added
: 4 deleted
: 9 edited

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-              r130147
+              r130150
+-10-02  Mike West  <mkwst@chromium.org>
+        Add call stacks to Content Security Policy checks when relevant.
+        https://bugs.webkit.org/show_bug.cgi?id=94433
+        Reviewed by Adam Barth.
+        * http/tests/inspector-enabled/contentSecurityPolicy-blocks-setInterval-expected.txt: Removed.
+        * http/tests/inspector-enabled/contentSecurityPolicy-blocks-setInterval.html: Removed.
+        * http/tests/inspector-enabled/contentSecurityPolicy-blocks-setTimeout-expected.txt: Removed.
+        * http/tests/inspector-enabled/contentSecurityPolicy-blocks-setTimeout.html: Removed.
+            Moved these tests to http/test/inspector, and rewrote them for consistency.
+        * http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/csp-setInterval-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-setInterval-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/csp-setTimeout-warning-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-setTimeout-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/resources/csp-inline-test.js: Added.
+        (thisTest):
+        * http/tests/inspector/resources/csp-test.js: Added.
+        (test.addMessage):
+        (test):
+            Two new tests for the functionality.
+        * platform/chromium/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
+        * platform/chromium/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
+        * platform/chromium/http/tests/inspector/csp-setInterval-contains-stacktrace-expected.txt: Added.
+        * platform/chromium/http/tests/inspector/csp-setTimeout-warning-contains-stacktrace-expected.txt: Added.
+            The stacktrace looks slightly different under JSC than V8.
 -10-02  Yoshifumi Inoue  <yosin@chromium.org>

trunk/Source/WebCore/ChangeLog

-              r130149
+              r130150
+-10-02  Mike West  <mkwst@chromium.org>
+        Add call stacks to Content Security Policy checks when relevant.
+        https://bugs.webkit.org/show_bug.cgi?id=94433
+        Reviewed by Adam Barth.
+        Previously, we generated stack traces only for eval-related CSP
+        violations. As it turns out, we can call createScriptCallStack from
+        practically anywhere. This patch takes advantage of that to generate
+        stack traces whenever a warning is logged to the console. If we're in
+        a JavaScript stack, brilliant: we get a detailed warning. If not, the
+        stack trace is empty, and we don't pass it into the console logging
+        method.
+        This has the advantage of giving us good developer-facing logging for
+        any and all violations that result from script-based injection of
+        resources. Yay!
+        Tests: http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html
+               http/tests/inspector/csp-inline-warning-contains-stacktrace.html
+               http/tests/inspector/csp-setInterval-warning-contains-stacktrace.html
+               http/tests/inspector/csp-setTimeout-warning-contains-stacktrace.html
+        * bindings/js/ScheduledAction.cpp:
+        (WebCore::ScheduledAction::create):
+            Replacing the generated stack trace with the current script state,
+            which will enable us to generate the stack trace inside
+            ContentSecurityPolicy::reportViolation if it's relevant.
+        * bindings/v8/ScriptCallStackFactory.cpp:
+        (WebCore::createScriptCallStackForConsole):
+        (WebCore):
+        * bindings/v8/ScriptCallStackFactory.h:
+        (WebCore):
+            Adding a dummy interface to createScriptCallStackForConsole that
+            allows ScriptState to be passed in, which matches JSC's interface.
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::WindowSetTimeoutImpl):
+        * bindings/v8/custom/V8WorkerContextCustom.cpp:
+        (WebCore::SetTimeoutOrInterval):
+            Dropping stack trace from call to ContentSecurityPolicy::allowEval.
+        * page/ContentSecurityPolicy.cpp:
+        (CSPDirectiveList):
+        (WebCore::CSPDirectiveList::reportViolation):
+        (WebCore::CSPDirectiveList::checkEvalAndReportViolation):
+        (WebCore::CSPDirectiveList::allowEval):
+            Piping script state through from CSPDirectiveList::allowEval rather
+            than a full stack trace.
+        (WebCore):
+        (WebCore::isAllowedByAll):
+        (WebCore::isAllowedByAllWithState):
+        (WebCore::ContentSecurityPolicy::allowEval):
+        (WebCore::ContentSecurityPolicy::reportViolation):
+        (WebCore::ContentSecurityPolicy::logToConsole):
+            Piping script state through from ContentSecurityPolicy::allowEval
+            rather than a full stack trace. Now, we can simply generate the
+            stack trace just before logging it, and only pass it into
+            addConsoleMessage if it's non-empty.
+        * page/ContentSecurityPolicy.h:
+        (JSC):
+        (WebCore):
+            Including 'ScriptState.h' to normalize V8 and JSC's JS state objects.
 -10-02  Pavel Feldman  <pfeldman@chromium.org>

trunk/Source/WebCore/bindings/js/ScheduledAction.cpp

-              r130021
+              r130150
     CallData callData;
     if (getCallData(v, callData) == CallTypeNone) {
+        RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(exec));
+        if (policy && !policy->allowEval(callStack.release()))
+        if (policy && !policy->allowEval(exec))
             return nullptr;
         String string = v.toString(exec)->value(exec);

trunk/Source/WebCore/bindings/v8/ScriptCallStackFactory.cpp

r130021	r130150
117	117	}
118	118
	119	PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(ScriptState* /* state */)
	120	{
	121	return createScriptCallStackForConsole();
	122	}
	123
119	124	PassRefPtr<ScriptArguments> createScriptArguments(const v8::Arguments& v8arguments, unsigned skipArgumentCount)
120	125	{

trunk/Source/WebCore/bindings/v8/ScriptCallStackFactory.h

-              r130021
+              r130150
 PassRefPtr<ScriptArguments> createScriptArguments(const v8::Arguments& v8arguments, unsigned skipArgumentCount);
+// This is just an alias to 'createScriptCallStackForConsole();' for compat with JSC.
+PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(ScriptState*);
 } // namespace WebCore

trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

-              r130021
+              r130150
         id = DOMTimer::install(scriptContext, action.release(), timeout, singleShot);
     } else {
+        RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole());
+        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval(callStack.release()))
+        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval())
             return v8Integer(0, args.GetIsolate());
         ASSERT(imp->frame());

trunk/Source/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp

-              r130021
+              r130150
     if (function->IsString()) {
         if (ContentSecurityPolicy* policy = workerContext->contentSecurityPolicy()) {
+            RefPtr<ScriptCallStack> callStack = createScriptCallStackForConsole();
+            if (!policy->allowEval(callStack.release()))
+            if (!policy->allowEval())
                 return v8Integer(0, args.GetIsolate());
+        }

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

-              r129572
+              r130150
 #include "SchemeRegistry.h"
 #include "ScriptCallStack.h"
+#include "ScriptCallStackFactory.h"
+#include "ScriptState.h"
 #include "SecurityOrigin.h"
 #include "TextEncoding.h"
 …
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
     bool allowEval(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const;
+    bool allowEval(ScriptState*, ContentSecurityPolicy::ReportingStatus) const;
     bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL&) const;
     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ContentSecurityPolicy::ReportingStatus) const;
 …
     SourceListDirective* operativeDirective(SourceListDirective*) const;
     void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), ScriptState* = 0) const;
     bool checkEval(SourceListDirective*) const;
 …
     void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisabledErrorMessage = errorMessage; }
     bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), ScriptState* = 0) const;
     bool checkInlineAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript) const;
     bool checkNonceAndReportViolation(NonceDirective*, const String& nonce, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
 …
+}
 void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine, ScriptState* state) const
+{
     String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage;
     m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine, callStack);
+    m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine, state);
+}
 …
+}
 bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, ScriptState* state) const
+{
     if (checkEval(directive))
 …
         suffix = " Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.";
     reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), contextURL, contextLine, callStack);
+    reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), contextURL, contextLine, state);
     if (!m_reportOnly) {
         m_policy->reportBlockedScriptExecutionToInspector(directive->text());
 …
+}
 bool CSPDirectiveList::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool CSPDirectiveList::allowEval(ScriptState* state, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
     DEFINE_STATIC_LOCAL(String, consoleMessage, (ASCIILiteral("Refused to evaluate script because it violates the following Content Security Policy directive: ")));
     return reportingStatus == ContentSecurityPolicy::SendReport ?
         checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst(), callStack) :
+        checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst(), state) :
         checkEval(operativeDirective(m_scriptSrc.get()));
+}
 …
+}
 template<bool (CSPDirectiveList::*allowed)(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedByAllWithCallStack(const CSPDirectiveListVector& policies, PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus)
+template<bool (CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatus) const>
+bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolicy::ReportingStatus reportingStatus)
+{
     for (size_t i = 0; i < policies.size(); ++i) {
+        if (!(policies[i].get()->*allowed)(callStack, reportingStatus))
+        if (!(policies[i].get()->*allowed)(reportingStatus))
+            return false;
+    }
+    return true;
+}
+template<bool (CSPDirectiveList::*allowed)(ScriptState* state, ContentSecurityPolicy::ReportingStatus) const>
+bool isAllowedByAllWithState(const CSPDirectiveListVector& policies, ScriptState* state, ContentSecurityPolicy::ReportingStatus reportingStatus)
+{
+    for (size_t i = 0; i < policies.size(); ++i) {
+        if (!(policies[i].get()->*allowed)(state, reportingStatus))
             return false;
+    }
 …
+}
 bool ContentSecurityPolicy::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
     return isAllowedByAllWithCallStack<&CSPDirectiveList::allowEval>(m_policies, callStack, reportingStatus);
+bool ContentSecurityPolicy::allowEval(ScriptState* state, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
+    return isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, state, reportingStatus);
+}
 …
+}
 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+{
     logToConsole(consoleMessage, contextURL, contextLine, callStack);
+void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine, ScriptState* state) const
+{
+    logToConsole(consoleMessage, contextURL, contextLine, state);
     if (reportURIs.isEmpty())
 …
+}
+void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+{
+void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine, ScriptState* state) const
+{
+    RefPtr<ScriptCallStack> callStack;
+    if (InspectorInstrumentation::consoleAgentEnabled(m_scriptExecutionContext)) {
+        if (state)
+            callStack = createScriptCallStackForConsole(state);
+        else
+            callStack = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
+        if (callStack && !callStack->size())
+            callStack = 0;
+    }
     m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), callStack);
+}

trunk/Source/WebCore/page/ContentSecurityPolicy.h

-              r129525
+              r130150
 #include "KURL.h"
+#include "ScriptState.h"
 #include <wtf/PassOwnPtr.h>
 #include <wtf/RefCounted.h>
 …
 class CSPDirectiveList;
-class ScriptCallStack;
 class DOMStringList;
 class ScriptExecutionContext;
 …
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowEval(PassRefPtr<ScriptCallStack>, ReportingStatus = SendReport) const;
+    bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const;
     bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& = KURL()) const;
     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
 …
     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
     void reportUnrecognizedDirective(const String&) const;
     void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), ScriptState* = 0) const;
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
 …
     explicit ContentSecurityPolicy(ScriptExecutionContext*);
     void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), ScriptState* = 0) const;
     ScriptExecutionContext* m_scriptExecutionContext;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 130150 in webkit

Legend:

Download in other formats: