Context Navigation

← Previous Changeset
Next Changeset →

Changeset 126852 in webkit

Timestamp:

Aug 28, 2012 12:11:28 AM (12 years ago)

Author:

commit-queue@webkit.org

Message:

Add call stacks to Content Security Policy checks when relevant.
https://bugs.webkit.org/show_bug.cgi?id=94433

Patch by Mike West <mkwst@chromium.org> on 2012-08-28
Reviewed by Adam Barth.

Source/WebCore:

Previously, we generated stack traces only for eval-related CSP
violations. As it turns out, we can call createScriptCallStack from
practically anywhere. This patch takes advantage of that to generate
stack traces whenever a warning is logged to the console. If we're in
a JavaScript stack, brilliant: we get a detailed warning. If not, the
stack trace is empty, and we don't pass it into the console logging
method.

This has the advantage of giving us good developer-facing logging for
any and all violations that result from script-based injection of
resources. Yay!

Tests: http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html

http/tests/inspector/csp-inline-warning-contains-stacktrace.html

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::initScript):

bindings/js/ScheduledAction.cpp:

(WebCore::ScheduledAction::create):

bindings/v8/V8DOMWindowShell.cpp:

(WebCore::V8DOMWindowShell::initContextIfNeeded):

bindings/v8/custom/V8DOMWindowCustom.cpp:

(WebCore::WindowSetTimeoutImpl):

Dropping stack trace from call to ContentSecurityPolicy::allowEval.

page/ContentSecurityPolicy.cpp:

(CSPDirectiveList):
(WebCore::CSPDirectiveList::reportViolation):
(WebCore::CSPDirectiveList::checkEvalAndReportViolation):
(WebCore::CSPDirectiveList::allowEval):

No longer piping a stack trace through CSPDirectiveList::allowEval
to reportViolation.

(WebCore::ContentSecurityPolicy::didReceiveHeader):

Dropping stack trace from call to ContentSecurityPolicy::allowEval.

(WebCore):
(WebCore::isAllowedByAll):
(WebCore::ContentSecurityPolicy::allowEval):
(WebCore::ContentSecurityPolicy::reportViolation):
(WebCore::ContentSecurityPolicy::logToConsole):

No longer piping a stack trace through ContentSecurityPolicy down to
the point where it would be logged. Instead, we simply generate the
stack trace just before logging it, and only pass it to
addConsoleMessage if it's non-empty.

page/ContentSecurityPolicy.h:

(WebCore):

page/DOMSecurityPolicy.cpp:

(WebCore::DOMSecurityPolicy::allowsEval):

Dropping stack trace from call to ContentSecurityPolicy::allowEval.

LayoutTests:

http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Added.
http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Added.
http/tests/inspector/resources/csp-inline-test.js: Added.

(thisTest):

http/tests/inspector/resources/csp-test.js: Added.

(test.addMessage):
(test):

Location:

trunk

Files:

: 6 added
: 9 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt (added)
LayoutTests/http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html (added)
LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt (added)
LayoutTests/http/tests/inspector/csp-inline-warning-contains-stacktrace.html (added)
LayoutTests/http/tests/inspector/resources/csp-inline-test.js (added)
LayoutTests/http/tests/inspector/resources/csp-test.js (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/bindings/js/ScheduledAction.cpp (modified) (1 diff)
Source/WebCore/bindings/js/ScriptController.cpp (modified) (1 diff)
Source/WebCore/bindings/v8/V8DOMWindowShell.cpp (modified) (1 diff)
Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (modified) (1 diff)
Source/WebCore/page/ContentSecurityPolicy.cpp (modified) (12 diffs)
Source/WebCore/page/ContentSecurityPolicy.h (modified) (4 diffs)
Source/WebCore/page/DOMSecurityPolicy.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r126850
+                      r126852
+-08-28  Mike West  <mkwst@chromium.org>
+        Add call stacks to Content Security Policy checks when relevant.
+        https://bugs.webkit.org/show_bug.cgi?id=94433
+        Reviewed by Adam Barth.
+        * http/tests/inspector/csp-injected-content-warning-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/csp-inline-warning-contains-stacktrace-expected.txt: Added.
+        * http/tests/inspector/csp-inline-warning-contains-stacktrace.html: Added.
+        * http/tests/inspector/resources/csp-inline-test.js: Added.
+        (thisTest):
+        * http/tests/inspector/resources/csp-test.js: Added.
+        (test.addMessage):
+        (test):
 -08-27  Zan Dobersek  <zandobersek@gmail.com>

trunk/Source/WebCore/ChangeLog

-                      r126851
+                      r126852
+-08-28  Mike West  <mkwst@chromium.org>
+        Add call stacks to Content Security Policy checks when relevant.
+        https://bugs.webkit.org/show_bug.cgi?id=94433
+        Reviewed by Adam Barth.
+        Previously, we generated stack traces only for eval-related CSP
+        violations. As it turns out, we can call createScriptCallStack from
+        practically anywhere. This patch takes advantage of that to generate
+        stack traces whenever a warning is logged to the console. If we're in
+        a JavaScript stack, brilliant: we get a detailed warning. If not, the
+        stack trace is empty, and we don't pass it into the console logging
+        method.
+        This has the advantage of giving us good developer-facing logging for
+        any and all violations that result from script-based injection of
+        resources. Yay!
+        Tests: http/tests/inspector/csp-injected-content-warning-contains-stacktrace.html
+               http/tests/inspector/csp-inline-warning-contains-stacktrace.html
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::initScript):
+        * bindings/js/ScheduledAction.cpp:
+        (WebCore::ScheduledAction::create):
+        * bindings/v8/V8DOMWindowShell.cpp:
+        (WebCore::V8DOMWindowShell::initContextIfNeeded):
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::WindowSetTimeoutImpl):
+            Dropping stack trace from call to ContentSecurityPolicy::allowEval.
+        * page/ContentSecurityPolicy.cpp:
+        (CSPDirectiveList):
+        (WebCore::CSPDirectiveList::reportViolation):
+        (WebCore::CSPDirectiveList::checkEvalAndReportViolation):
+        (WebCore::CSPDirectiveList::allowEval):
+            No longer piping a stack trace through CSPDirectiveList::allowEval
+            to reportViolation.
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+            Dropping stack trace from call to ContentSecurityPolicy::allowEval.
+        (WebCore):
+        (WebCore::isAllowedByAll):
+        (WebCore::ContentSecurityPolicy::allowEval):
+        (WebCore::ContentSecurityPolicy::reportViolation):
+        (WebCore::ContentSecurityPolicy::logToConsole):
+            No longer piping a stack trace through ContentSecurityPolicy down to
+            the point where it would be logged. Instead, we simply generate the
+            stack trace just before logging it, and only pass it to
+            addConsoleMessage if it's non-empty.
+        * page/ContentSecurityPolicy.h:
+        (WebCore):
+        * page/DOMSecurityPolicy.cpp:
+        (WebCore::DOMSecurityPolicy::allowsEval):
+            Dropping stack trace from call to ContentSecurityPolicy::allowEval.
 -08-27  Andrey Kosyakov  <caseq@chromium.org>

trunk/Source/WebCore/bindings/js/ScheduledAction.cpp

-                      r121381
+                      r126852
     CallData callData;
     if (getCallData(v, callData) == CallTypeNone) {
+        RefPtr<ScriptCallStack> callStack(createScriptCallStackForInspector(exec));
+        if (policy && !policy->allowEval(callStack.release()))
+        if (policy && !policy->allowEval())
             return nullptr;
         UString string = v.toString(exec)->value(exec);

trunk/Source/WebCore/bindings/js/ScriptController.cpp

r126837	r126852
223	223
224	224	if (m_frame->document())
225		windowShell->window()->setEvalEnabled(m_frame->document()->contentSecurityPolicy()->allowEval(~~0, ContentSecurityPolicy::SuppressReport));~~
	225	windowShell->window()->setEvalEnabled(m_frame->document()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport));
226	226
227	227	if (Page* page = m_frame->page()) {

trunk/Source/WebCore/bindings/v8/V8DOMWindowShell.cpp

r126829	r126852
321	321
322	322	if (m_frame->document())
323		context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport));
	323	context->AllowCodeGenerationFromStrings(m_frame->document()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport));
324	324
325	325	m_frame->loader()->client()->didCreateScriptContext(m_context.get(), 0, 0);

trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

-                      r126363
+                      r126852
         id = DOMTimer::install(scriptContext, action.release(), timeout, singleShot);
     } else {
+        RefPtr<ScriptCallStack> callStack(createScriptCallStackForInspector());
+        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval(callStack.release()))
+        if (imp->document() && !imp->document()->contentSecurityPolicy()->allowEval())
             return v8Integer(0, args.GetIsolate());
         ASSERT(imp->frame());

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

-                      r126785
+                      r126852
 #include "SchemeRegistry.h"
 #include "ScriptCallStack.h"
+#include "ScriptCallStackFactory.h"
 #include "SecurityOrigin.h"
 #include "TextEncoding.h"
 …
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
     bool allowEval(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const;
+    bool allowEval(ContentSecurityPolicy::ReportingStatus) const;
     bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL&) const;
     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ContentSecurityPolicy::ReportingStatus) const;
 …
     SourceListDirective* operativeDirective(SourceListDirective*) const;
     void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL = KURL(), const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
     bool checkEval(SourceListDirective*) const;
 …
     bool checkMediaType(MediaListDirective*, const String& type, const String& typeAttribute) const;
     bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
     bool checkInlineAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
     bool checkNonceAndReportViolation(NonceDirective*, const String& nonce, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
 …
+}
 void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+void CSPDirectiveList::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+{
     String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage;
     m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine, callStack);
+    m_policy->reportViolation(directiveText, message, blockedURL, m_reportURIs, m_header, contextURL, contextLine);
+}
 …
+}
 bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directive, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+{
     if (checkEval(directive))
         return true;
     reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\".\n", KURL(), contextURL, contextLine, callStack);
+    reportViolation(directive->text(), consoleMessage + "\"" + directive->text() + "\".\n", KURL(), contextURL, contextLine);
     return denyIfEnforcingPolicy();
+}
 …
+}
 bool CSPDirectiveList::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+bool CSPDirectiveList::allowEval(ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
     DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to evaluate script because it violates the following Content Security Policy directive: "));
     return reportingStatus == ContentSecurityPolicy::SendReport ?
         checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst(), callStack) :
+        checkEvalAndReportViolation(operativeDirective(m_scriptSrc.get()), consoleMessage, String(), WTF::OrdinalNumber::beforeFirst()) :
         checkEval(operativeDirective(m_scriptSrc.get()));
+}
 …
+    }
     if (!allowEval(0, SuppressReport))
+    if (!allowEval(SuppressReport))
         m_scriptExecutionContext->disableEval();
+}
 …
+}
 template<bool (CSPDirectiveList::*allowed)(PassRefPtr<ScriptCallStack>, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedByAllWithCallStack(const CSPDirectiveListVector& policies, PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus)
+template<bool (CSPDirectiveList::*allowed)( ContentSecurityPolicy::ReportingStatus) const>
+bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolicy::ReportingStatus reportingStatus)
+{
     for (size_t i = 0; i < policies.size(); ++i) {
         if (!(policies[i].get()->*allowed)(callStack, reportingStatus))
+        if (!(policies[i].get()->*allowed)(reportingStatus))
             return false;
+    }
 …
+}
 bool ContentSecurityPolicy::allowEval(PassRefPtr<ScriptCallStack> callStack, ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
     return isAllowedByAllWithCallStack<&CSPDirectiveList::allowEval>(m_policies, callStack, reportingStatus);
+bool ContentSecurityPolicy::allowEval(ContentSecurityPolicy::ReportingStatus reportingStatus) const
+{
+    return isAllowedByAll<&CSPDirectiveList::allowEval>(m_policies, reportingStatus);
+}
 …
+}
 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+{
     logToConsole(consoleMessage, contextURL, contextLine, callStack);
+void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+{
+    logToConsole(consoleMessage, contextURL, contextLine);
     if (reportURIs.isEmpty())
 …
+}
+void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
+{
+    m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), callStack);
+}
+}
+void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
+{
+    RefPtr<ScriptCallStack> callStack;
+    if (InspectorInstrumentation::hasFrontends())
+        callStack = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
+    m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), (callStack && callStack->size() > 0) ? callStack : 0);
+}
+}

trunk/Source/WebCore/page/ContentSecurityPolicy.h

-                      r125772
+                      r126852
 class CSPDirectiveList;
-class ScriptCallStack;
 class DOMStringList;
 class ScriptExecutionContext;
 …
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowEval(PassRefPtr<ScriptCallStack>, ReportingStatus = SendReport) const;
+    bool allowEval(ReportingStatus = SendReport) const;
     bool allowScriptNonce(const String& nonce, const String& contextURL, const WTF::OrdinalNumber& contextLine, const KURL& = KURL()) const;
     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
 …
     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
     void reportUnrecognizedDirective(const String&) const;
     void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
     const KURL& url() const;
 …
     explicit ContentSecurityPolicy(ScriptExecutionContext*);
     void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
+    void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst()) const;
     ScriptExecutionContext* m_scriptExecutionContext;

trunk/Source/WebCore/page/DOMSecurityPolicy.cpp

r125983	r126852
121	121	return true;
122	122
123		return scriptExecutionContext()->contentSecurityPolicy()->allowEval(0, ContentSecurityPolicy::SuppressReport);
	123	return scriptExecutionContext()->contentSecurityPolicy()->allowEval(ContentSecurityPolicy::SuppressReport);
124	124	}
125	125

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 126852 in webkit

Legend:

Download in other formats: