Changeset 126947 in webkit


Ignore:
Timestamp:
Aug 28, 2012 6:16:22 PM (12 years ago)
Author:
abarth@webkit.org
Message:

CSP doesn't turn off eval, etc. in Web Workers
https://bugs.webkit.org/show_bug.cgi?id=93392

Patch by Tom Sepez <tsepez@chromium.org> on 2012-08-28
Reviewed by Adam Barth.

On the JSC side, the blocking of eval() in workers was handled correctly, so it is
a matter of adding calls check the policy for setTimeout and SetInterval. On the v8
side, it is a matter of handling the above, plus eval().

Source/WebCore:

On the v8 side, the v8 context isn't available when the callers want to disable eval.
Rather than creating it earlier, which is problematic, remember the setting in the
WorkerContextExecutionProxy and apply before the next call to its evaluate() method.

Tests: http/tests/security/contentSecurityPolicy/worker-eval-blocked.html

http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html

  • bindings/js/JSWorkerContextCustom.cpp:

(WebCore::JSWorkerContext::setTimeout):
(WebCore::JSWorkerContext::setInterval):

  • bindings/v8/WorkerContextExecutionProxy.cpp:

(WebCore::WorkerContextExecutionProxy::WorkerContextExecutionProxy):
(WebCore::WorkerContextExecutionProxy::evaluate):
(WebCore::WorkerContextExecutionProxy::setEvalAllowed):
(WebCore):

  • bindings/v8/WorkerContextExecutionProxy.h:

(WorkerContextExecutionProxy):

  • bindings/v8/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::disableEval):

  • bindings/v8/custom/V8WorkerContextCustom.cpp:

(WebCore::SetTimeoutOrInterval):

LayoutTests:

  • http/tests/security/contentSecurityPolicy/resources/worker-eval.js: Added.
  • http/tests/security/contentSecurityPolicy/resources/worker-function-function.js: Added.

(fn):

  • http/tests/security/contentSecurityPolicy/resources/worker-set-timeout.js:
  • http/tests/security/contentSecurityPolicy/worker-eval-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-eval-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-function-function-blocked-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked-expected.txt:
Location:
trunk
Files:
6 added
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r126946 r126947  
     12012-08-28  Tom Sepez  <tsepez@chromium.org>
     2
     3        CSP doesn't turn off eval, etc. in Web Workers
     4        https://bugs.webkit.org/show_bug.cgi?id=93392
     5
     6        Reviewed by Adam Barth.
     7
     8        On the JSC side, the blocking of eval() in workers was handled correctly, so it is
     9        a matter of adding calls check the policy for setTimeout and SetInterval.  On the v8
     10        side, it is a matter of handling the above, plus eval().
     11
     12        * http/tests/security/contentSecurityPolicy/resources/worker-eval.js: Added.
     13        * http/tests/security/contentSecurityPolicy/resources/worker-function-function.js: Added.
     14        (fn):
     15        * http/tests/security/contentSecurityPolicy/resources/worker-set-timeout.js:
     16        * http/tests/security/contentSecurityPolicy/worker-eval-blocked-expected.txt: Added.
     17        * http/tests/security/contentSecurityPolicy/worker-eval-blocked.html: Added.
     18        * http/tests/security/contentSecurityPolicy/worker-function-function-blocked-expected.txt: Added.
     19        * http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html: Added.
     20        * http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked-expected.txt:
     21
    1222012-08-28  Aaron Colwell  <acolwell@chromium.org>
    223
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-set-timeout.js

    r125120 r126947  
    11var id = 0;
    22try {
    3     id = 17;  // Test not yet fully enabled.  Simply pretend that a call to setTimeout() here worked.
     3    id = setTimeout("postMessage('handler invoked')", 100);
    44} catch(e) {
    55}
    6 postMessage(id === 0 ? "setTimeout blocked" : "setTimout allowed");
     6postMessage(id === 0 ? "setTimeout blocked" : "setTimeout allowed");
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-set-timeout-blocked-expected.txt

    r125120 r126947  
    1 ALERT: setTimout allowed
     1CONSOLE MESSAGE: Refused to evaluate script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
    22
     3ALERT: setTimeout blocked
     4
  • trunk/Source/WebCore/ChangeLog

    r126946 r126947  
     12012-08-28  Tom Sepez  <tsepez@chromium.org>
     2
     3        CSP doesn't turn off eval, etc. in Web Workers
     4        https://bugs.webkit.org/show_bug.cgi?id=93392
     5
     6        Reviewed by Adam Barth.
     7
     8        On the JSC side, the blocking of eval() in workers was handled correctly, so it is
     9        a matter of adding calls check the policy for setTimeout and SetInterval.  On the v8
     10        side, it is a matter of handling the above, plus eval().
     11
     12        On the v8 side, the v8 context isn't available when the callers want to disable eval.
     13        Rather than creating it earlier, which is problematic, remember the setting in the
     14        WorkerContextExecutionProxy and apply before the next call to its evaluate() method.
     15
     16        Tests: http/tests/security/contentSecurityPolicy/worker-eval-blocked.html
     17               http/tests/security/contentSecurityPolicy/worker-function-function-blocked.html
     18
     19        * bindings/js/JSWorkerContextCustom.cpp:
     20        (WebCore::JSWorkerContext::setTimeout):
     21        (WebCore::JSWorkerContext::setInterval):
     22        * bindings/v8/WorkerContextExecutionProxy.cpp:
     23        (WebCore::WorkerContextExecutionProxy::WorkerContextExecutionProxy):
     24        (WebCore::WorkerContextExecutionProxy::evaluate):
     25        (WebCore::WorkerContextExecutionProxy::setEvalAllowed):
     26        (WebCore):
     27        * bindings/v8/WorkerContextExecutionProxy.h:
     28        (WorkerContextExecutionProxy):
     29        * bindings/v8/WorkerScriptController.cpp:
     30        (WebCore::WorkerScriptController::disableEval):
     31        * bindings/v8/custom/V8WorkerContextCustom.cpp:
     32        (WebCore::SetTimeoutOrInterval):
     33
    1342012-08-28  Aaron Colwell  <acolwell@chromium.org>
    235
  • trunk/Source/WebCore/bindings/js/JSWorkerContextCustom.cpp

    r116828 r126947  
    123123JSValue JSWorkerContext::setTimeout(ExecState* exec)
    124124{
    125     // FIXME: Should we enforce a Content-Security-Policy on workers?
    126     OwnPtr<ScheduledAction> action = ScheduledAction::create(exec, currentWorld(exec), 0);
     125    OwnPtr<ScheduledAction> action = ScheduledAction::create(exec, currentWorld(exec), impl()->contentSecurityPolicy());
    127126    if (exec->hadException())
    128127        return jsUndefined();
     128    if (!action)
     129        return jsNumber(0);
    129130    int delay = exec->argument(1).toInt32(exec);
    130131    return jsNumber(impl()->setTimeout(action.release(), delay));
     
    133134JSValue JSWorkerContext::setInterval(ExecState* exec)
    134135{
    135     // FIXME: Should we enforce a Content-Security-Policy on workers?
    136     OwnPtr<ScheduledAction> action = ScheduledAction::create(exec, currentWorld(exec), 0);
     136    OwnPtr<ScheduledAction> action = ScheduledAction::create(exec, currentWorld(exec), impl()->contentSecurityPolicy());
    137137    if (exec->hadException())
    138138        return jsUndefined();
     139    if (!action)
     140        return jsNumber(0);
    139141    int delay = exec->argument(1).toInt32(exec);
    140142    return jsNumber(impl()->setInterval(action.release(), delay));
  • trunk/Source/WebCore/bindings/v8/WorkerContextExecutionProxy.cpp

    r126796 r126947  
    8787WorkerContextExecutionProxy::WorkerContextExecutionProxy(WorkerContext* workerContext)
    8888    : m_workerContext(workerContext)
     89    , m_disableEvalPending(false)
    8990{
    9091    initIsolate();
     
    210211        return ScriptValue();
    211212
     213    if (m_disableEvalPending) {
     214        m_context->AllowCodeGenerationFromStrings(false);
     215        m_disableEvalPending = false;
     216    }
     217
    212218    v8::Context::Scope scope(m_context);
    213219
     
    244250}
    245251
     252void WorkerContextExecutionProxy::setEvalAllowed(bool enable)
     253{
     254    m_disableEvalPending = !enable;
     255}
     256
    246257v8::Local<v8::Value> WorkerContextExecutionProxy::runScript(v8::Handle<v8::Script> script)
    247258{
  • trunk/Source/WebCore/bindings/v8/WorkerContextExecutionProxy.h

    r126796 r126947  
    6969        void trackEvent(Event*);
    7070
     71        // Alow use of eval() and is equivalents in scripts.
     72        void setEvalAllowed(bool enable);
     73
    7174        // Evaluate a script file in the current execution environment.
    7275        ScriptValue evaluate(const String& script, const String& fileName, const TextPosition& scriptStartPosition, WorkerContextExecutionState*);
     
    9598
    9699        OwnPtr<V8PerContextData> m_perContextData;
     100
     101        bool m_disableEvalPending;
    97102    };
    98103
  • trunk/Source/WebCore/bindings/v8/WorkerScriptController.cpp

    r126399 r126947  
    135135void WorkerScriptController::disableEval()
    136136{
     137    m_proxy->setEvalAllowed(false);
    137138}
    138139
  • trunk/Source/WebCore/bindings/v8/custom/V8WorkerContextCustom.cpp

    r126399 r126947  
    3434#include "V8WorkerContext.h"
    3535
     36#include "ContentSecurityPolicy.h"
    3637#include "DOMTimer.h"
    3738#include "ExceptionCode.h"
    3839#include "ScheduledAction.h"
     40#include "ScriptCallStack.h"
     41#include "ScriptCallStackFactory.h"
    3942#include "V8Binding.h"
    4043#include "V8Utilities.h"
     
    6467    v8::Handle<v8::Context> v8Context = proxy->context();
    6568    if (function->IsString()) {
     69        if (ContentSecurityPolicy* policy = workerContext->contentSecurityPolicy()) {
     70            RefPtr<ScriptCallStack> callStack = createScriptCallStackForInspector();
     71            if (!policy->allowEval(callStack.release()))
     72                return v8Integer(0, args.GetIsolate());
     73        }
    6674        WTF::String stringFunction = toWebCoreString(function);
    6775        timerId = DOMTimer::install(workerContext, adoptPtr(new ScheduledAction(v8Context, stringFunction, workerContext->url())), timeout, singleShot);
Note: See TracChangeset for help on using the changeset viewer.