Changeset 251814 in webkit

Timestamp:

Oct 30, 2019 3:39:31 PM (4 years ago)

Author:

achristensen@apple.com

Message:

WKContentRuleLists should block requests from service workers
​https://bugs.webkit.org/show_bug.cgi?id=201980
<rdar://problem/55516735>

Reviewed by Chris Dumez.

Source/WebKit:

Test: http/tests/contentextensions/service-worker.https.html

Also covered by an API test.

• Shared/ServiceWorkerInitializationData.cpp: Added.

(WebKit::ServiceWorkerInitializationData::encode const):
(WebKit::ServiceWorkerInitializationData::decode):

• Shared/ServiceWorkerInitializationData.h: Added.
• Sources.txt:
• UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::contentRuleListData):

• UIProcess/UserContent/WebUserContentControllerProxy.h:
• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::establishWorkerContextConnectionToNetworkProcess):
(WebKit::WebProcessPool::createWebPage):

• UIProcess/WebProcessPool.h:
• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::createForServiceWorkers):
(WebKit::WebProcessProxy::establishServiceWorkerContext):
(WebKit::contentRuleListsFromIdentifier):
(WebKit::WebProcessProxy::enableServiceWorkers):

• UIProcess/WebProcessProxy.h:
• WebKit.xcodeproj/project.pbxproj:
• WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::WebSWContextManagerConnection::WebSWContextManagerConnection):
(WebKit::m_userAgent):
(WebKit::WebSWContextManagerConnection::installServiceWorker):

• WebProcess/Storage/WebSWContextManagerConnection.h:
• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::establishWorkerContextConnectionToNetworkProcess):

• WebProcess/WebProcess.h:
• WebProcess/WebProcess.messages.in:

Tools:

NSString initWithContentsOfURL doesn't work with https URLs with certificates without a trusted root,
so I use an ephemeral NSURLSession instead so I can tell it to accept any connection, even our WebKit httpd server.
I also added an API test.

• TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:
• WebKitTestRunner/mac/TestControllerMac.mm:

(-[WKTRSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(WTR::TestController::configureContentExtensionForTest):

LayoutTests:

• http/tests/contentextensions/resources/fetch-worker.js: Added.

(event.fetch.string_appeared_here.then):
(event.catch):

• http/tests/contentextensions/resources/serviceworkertest.js: Added.

(testServiceWorker):
(test):

• http/tests/contentextensions/service-worker.https-expected.txt: Added.
• http/tests/contentextensions/service-worker.https.html: Added.
• http/tests/contentextensions/service-worker.https.html.json: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/contentextensions/resources/fetch-worker.js (added)
• LayoutTests/http/tests/contentextensions/resources/serviceworkertest.js (added)
• LayoutTests/http/tests/contentextensions/service-worker.https-expected.txt (added)
• LayoutTests/http/tests/contentextensions/service-worker.https.html (added)
• LayoutTests/http/tests/contentextensions/service-worker.https.html.json (added)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/Shared/ServiceWorkerInitializationData.cpp (added)
• Source/WebKit/Shared/ServiceWorkerInitializationData.h (added)
• Source/WebKit/Sources.txt (modified) (1 diff)
• Source/WebKit/UIProcess/UserContent/WebUserContentControllerProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/UserContent/WebUserContentControllerProxy.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebProcessPool.cpp (modified) (4 diffs)
• Source/WebKit/UIProcess/WebProcessPool.h (modified) (2 diffs)
• Source/WebKit/UIProcess/WebProcessProxy.cpp (modified) (3 diffs)
• Source/WebKit/UIProcess/WebProcessProxy.h (modified) (4 diffs)
• Source/WebKit/WebKit.xcodeproj/project.pbxproj (modified) (2 diffs)
• Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (modified) (5 diffs)
• Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h (modified) (3 diffs)
• Source/WebKit/WebProcess/WebProcess.cpp (modified) (2 diffs)
• Source/WebKit/WebProcess/WebProcess.h (modified) (4 diffs)
• Source/WebKit/WebProcess/WebProcess.messages.in (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm (modified) (1 diff)
• Tools/WebKitTestRunner/mac/TestControllerMac.mm (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-10-30  Alex Christensen  <achristensen@webkit.org>
+
+        WKContentRuleLists should block requests from service workers
+        https://bugs.webkit.org/show_bug.cgi?id=201980
+        <rdar://problem/55516735>
+
+        Reviewed by Chris Dumez.
+
+        * http/tests/contentextensions/resources/fetch-worker.js: Added.
+        (event.fetch.string_appeared_here.then):
+        (event.catch):
+        * http/tests/contentextensions/resources/serviceworkertest.js: Added.
+        (testServiceWorker):
+        (test):
+        * http/tests/contentextensions/service-worker.https-expected.txt: Added.
+        * http/tests/contentextensions/service-worker.https.html: Added.
+        * http/tests/contentextensions/service-worker.https.html.json: Added.
+
 2019-10-30  Daniel Bates  <dabates@apple.com>
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-10-30  Alex Christensen  <achristensen@webkit.org>
+
+        WKContentRuleLists should block requests from service workers
+        https://bugs.webkit.org/show_bug.cgi?id=201980
+        <rdar://problem/55516735>
+
+        Reviewed by Chris Dumez.
+
+        Test: http/tests/contentextensions/service-worker.https.html
+
+        Also covered by an API test.
+
+        * Shared/ServiceWorkerInitializationData.cpp: Added.
+        (WebKit::ServiceWorkerInitializationData::encode const):
+        (WebKit::ServiceWorkerInitializationData::decode):
+        * Shared/ServiceWorkerInitializationData.h: Added.
+        * Sources.txt:
+        * UIProcess/UserContent/WebUserContentControllerProxy.cpp:
+        (WebKit::WebUserContentControllerProxy::addProcess):
+        (WebKit::WebUserContentControllerProxy::contentRuleListData):
+        * UIProcess/UserContent/WebUserContentControllerProxy.h:
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::establishWorkerContextConnectionToNetworkProcess):
+        (WebKit::WebProcessPool::createWebPage):
+        * UIProcess/WebProcessPool.h:
+        * UIProcess/WebProcessProxy.cpp:
+        (WebKit::WebProcessProxy::createForServiceWorkers):
+        (WebKit::WebProcessProxy::establishServiceWorkerContext):
+        (WebKit::contentRuleListsFromIdentifier):
+        (WebKit::WebProcessProxy::enableServiceWorkers):
+        * UIProcess/WebProcessProxy.h:
+        * WebKit.xcodeproj/project.pbxproj:
+        * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+        (WebKit::WebSWContextManagerConnection::WebSWContextManagerConnection):
+        (WebKit::m_userAgent):
+        (WebKit::WebSWContextManagerConnection::installServiceWorker):
+        * WebProcess/Storage/WebSWContextManagerConnection.h:
+        * WebProcess/WebProcess.cpp:
+        (WebKit::WebProcess::establishWorkerContextConnectionToNetworkProcess):
+        * WebProcess/WebProcess.h:
+        * WebProcess/WebProcess.messages.in:
+
 2019-10-30  Andres Gonzalez  <andresg_22@apple.com>
 

trunk/Source/WebKit/Sources.txt

@@ -134 +134 @@
 Shared/RTCNetwork.cpp
 Shared/RTCPacketOptions.cpp
+Shared/ServiceWorkerInitializationData.cpp
 Shared/SessionState.cpp
 Shared/ShareableBitmap.cpp @no-unify

trunk/Source/WebKit/UIProcess/UserContent/WebUserContentControllerProxy.cpp

@@ -122 +122 @@
 #if ENABLE(CONTENT_EXTENSIONS)
     ASSERT(parameters.contentRuleLists.isEmpty());
+    parameters.contentRuleLists = contentRuleListData();
+#endif
+}
+
+#if ENABLE(CONTENT_EXTENSIONS)
+Vector<std::pair<String, WebCompiledContentRuleListData>> WebUserContentControllerProxy::contentRuleListData()
+{
+    Vector<std::pair<String, WebCompiledContentRuleListData>> data;
+    data.reserveInitialCapacity(m_contentRuleLists.size());
     for (const auto& contentRuleList : m_contentRuleLists.values())
-        parameters.contentRuleLists.append(std::make_pair(contentRuleList->name(), contentRuleList->compiledRuleList().data()));
-#endif
-}
+        data.uncheckedAppend(std::make_pair(contentRuleList->name(), contentRuleList->compiledRuleList().data()));
+    return data;
+}
+#endif
 
 void WebUserContentControllerProxy::removeProcess(WebProcessProxy& webProcessProxy)

trunk/Source/WebKit/UIProcess/UserContent/WebUserContentControllerProxy.h

@@ -61 +61 @@
 class WebScriptMessageHandler;
 struct FrameInfoData;
+class WebCompiledContentRuleListData;
 struct WebPageCreationParameters;
 enum class InjectUserScriptImmediately : bool;
@@ -105 +106 @@
     void removeAllContentRuleLists();
     const HashMap<String, RefPtr<API::ContentRuleList>>& contentExtensionRules() { return m_contentRuleLists; }
+    Vector<std::pair<String, WebCompiledContentRuleListData>> contentRuleListData();
 #endif
 

trunk/Source/WebKit/UIProcess/WebProcessPool.cpp

@@ -79 +79 @@
 #include "WebProcessProxy.h"
 #include "WebProcessProxyMessages.h"
+#include "WebUserContentControllerProxy.h"
 #include "WebsiteDataStore.h"
 #include "WebsiteDataStoreParameters.h"
@@ -723 +724 @@
 
             serviceWorkerProcessProxy = process.get();
-            serviceWorkerProcessProxy->enableServiceWorkers();
+            serviceWorkerProcessProxy->enableServiceWorkers(userContentControllerIdentifierForServiceWorkers());
 
             RELEASE_LOG_IF(sessionID.isAlwaysOnLoggingAllowed(), ServiceWorker, "WebProcessPool::establishWorkerContextConnectionToNetworkProcess reusing an existing web process %p, process identifier %d", serviceWorkerProcessProxy, serviceWorkerProcessProxy->processIdentifier());
@@ -1228 +1229 @@
         process = &processForRegistrableDomain(*pageConfiguration->websiteDataStore(), nullptr, { });
 
+    RefPtr<WebUserContentControllerProxy> userContentController = pageConfiguration->userContentController();
+    
     ASSERT(process);
 
@@ -1238 +1241 @@
             serviceWorkerProcess->updateServiceWorkerPreferencesStore(*m_serviceWorkerPreferences);
     }
+    if (userContentController)
+        m_userContentControllerIDForServiceWorker = userContentController->identifier();
 #endif
 

trunk/Source/WebKit/UIProcess/WebProcessPool.h

@@ -394 +394 @@
     bool allowsAnySSLCertificateForServiceWorker() const { return m_allowsAnySSLCertificateForServiceWorker; }
     void updateServiceWorkerUserAgent(const String& userAgent);
+    const Optional<UserContentControllerIdentifier>& userContentControllerIdentifierForServiceWorkers() const { return m_userContentControllerIDForServiceWorker; }
 #endif
 
@@ -612 +613 @@
     String m_serviceWorkerUserAgent;
     Optional<WebPreferencesStore> m_serviceWorkerPreferences;
+    Optional<UserContentControllerIdentifier> m_userContentControllerIDForServiceWorker;
 #endif
 

trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp

@@ -144 +144 @@
     auto proxy = adoptRef(*new WebProcessProxy(processPool, &websiteDataStore, IsPrewarmed::No));
     proxy->m_registrableDomain = WTFMove(registrableDomain);
-    proxy->enableServiceWorkers();
+    proxy->enableServiceWorkers(processPool.userContentControllerIdentifierForServiceWorkers());
     proxy->connect();
     return proxy;
@@ -1542 +1542 @@
 void WebProcessProxy::establishServiceWorkerContext(const WebPreferencesStore& store)
 {
-    send(Messages::WebProcess::EstablishWorkerContextConnectionToNetworkProcess { processPool().defaultPageGroup().pageGroupID(), m_serviceWorkerInformation->serviceWorkerPageProxyID, m_serviceWorkerInformation->serviceWorkerPageID, store, *m_registrableDomain }, 0);
+    send(Messages::WebProcess::EstablishWorkerContextConnectionToNetworkProcess { processPool().defaultPageGroup().pageGroupID(), m_serviceWorkerInformation->serviceWorkerPageProxyID, m_serviceWorkerInformation->serviceWorkerPageID, store, *m_registrableDomain, m_serviceWorkerInformation->initializationData }, 0);
 }
 
@@ -1573 +1573 @@
 }
 
-void WebProcessProxy::enableServiceWorkers()
+#if ENABLE(CONTENT_EXTENSIONS)
+static Vector<std::pair<String, WebCompiledContentRuleListData>> contentRuleListsFromIdentifier(const Optional<UserContentControllerIdentifier>& userContentControllerIdentifier)
+{
+    if (!userContentControllerIdentifier) {
+        ASSERT_NOT_REACHED();
+        return { };
+    }
+
+    auto* userContentController = WebUserContentControllerProxy::get(*userContentControllerIdentifier);
+    if (!userContentController) {
+        ASSERT_NOT_REACHED();
+        return { };
+    }
+
+    return userContentController->contentRuleListData();
+}
+#endif
+
+void WebProcessProxy::enableServiceWorkers(const Optional<UserContentControllerIdentifier>& userContentControllerIdentifier)
 {
     ASSERT(m_registrableDomain && !m_registrableDomain->isEmpty());
     ASSERT(!m_serviceWorkerInformation);
-    m_serviceWorkerInformation = ServiceWorkerInformation { WebPageProxyIdentifier::generate(), PageIdentifier::generate() };
+    m_serviceWorkerInformation = ServiceWorkerInformation {
+        WebPageProxyIdentifier::generate(),
+        PageIdentifier::generate(),
+        ServiceWorkerInitializationData {
+            userContentControllerIdentifier,
+#if ENABLE(CONTENT_EXTENSIONS)
+            contentRuleListsFromIdentifier(userContentControllerIdentifier),
+#endif
+        },
+    };
 }
 

trunk/Source/WebKit/UIProcess/WebProcessProxy.h

@@ -36 +36 @@
 #include "ProcessThrottlerClient.h"
 #include "ResponsivenessTimer.h"
+#include "ServiceWorkerInitializationData.h"
+#include "UserContentControllerIdentifier.h"
 #include "VisibleWebPageCounter.h"
 #include "WebConnectionToWebProcess.h"
@@ -75 +77 @@
 class VisitedLinkStore;
 class WebBackForwardListItem;
+class WebCompiledContentRuleListData;
 class WebFrameProxy;
 class WebPageGroup;
@@ -132 +135 @@
     bool isInProcessCache() const { return m_isInProcessCache; }
 
-    void enableServiceWorkers();
+    void enableServiceWorkers(const Optional<UserContentControllerIdentifier>&);
     void disableServiceWorkers();
 
@@ -523 +526 @@
         WebPageProxyIdentifier serviceWorkerPageProxyID;
         WebCore::PageIdentifier serviceWorkerPageID;
+        ServiceWorkerInitializationData initializationData;
     };
     Optional<ServiceWorkerInformation> m_serviceWorkerInformation;

trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -3670 +3670 @@
                 5C7FB46E21E97C0B009E3241 /* WebCookieJar.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebCookieJar.cpp; sourceTree = "<group>"; };
                 5C7FB46F21E97C0C009E3241 /* WebCookieJar.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebCookieJar.h; sourceTree = "<group>"; };
+                5C80B3DB23690D8D0086E6DE /* ServiceWorkerInitializationData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServiceWorkerInitializationData.h; sourceTree = "<group>"; };
+                5C80B3DD23690F100086E6DE /* ServiceWorkerInitializationData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ServiceWorkerInitializationData.cpp; sourceTree = "<group>"; };
                 5C84CF901F96AC4E00B6705A /* NetworkSessionCreationParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkSessionCreationParameters.h; sourceTree = "<group>"; };
                 5C85C7861C3F23C50061A4FA /* PendingDownload.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PendingDownload.cpp; sourceTree = "<group>"; };
@@ -5331 +5333 @@
                                 1AAB4A8C1296F0A20023952F /* SandboxExtension.h */,
                                 E1E552C316AE065E004ED653 /* SandboxInitializationParameters.h */,
+                                5C80B3DD23690F100086E6DE /* ServiceWorkerInitializationData.cpp */,
+                                5C80B3DB23690D8D0086E6DE /* ServiceWorkerInitializationData.h */,
                                 1AFDE6571954A42B00C48FFA /* SessionState.cpp */,
                                 1AFDE6581954A42B00C48FFA /* SessionState.h */,

trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp

@@ -35 +35 @@
 #include "NetworkProcessMessages.h"
 #include "ServiceWorkerFetchTaskMessages.h"
+#include "ServiceWorkerInitializationData.h"
 #include "WebCacheStorageProvider.h"
+#include "WebCompiledContentRuleListData.h"
 #include "WebCoreArgumentCoders.h"
 #include "WebDatabaseProvider.h"
@@ -48 +50 @@
 #include "WebServiceWorkerFetchTaskClient.h"
 #include "WebSocketProvider.h"
+#include "WebUserContentController.h"
 #include <WebCore/EditorClient.h>
 #include <WebCore/EmptyClients.h>
@@ -84 +87 @@
 }
 
-WebSWContextManagerConnection::WebSWContextManagerConnection(Ref<IPC::Connection>&& connection, WebCore::RegistrableDomain&& registrableDomain, uint64_t pageGroupID, WebPageProxyIdentifier webPageProxyID, PageIdentifier pageID, const WebPreferencesStore& store)
+WebSWContextManagerConnection::WebSWContextManagerConnection(Ref<IPC::Connection>&& connection, WebCore::RegistrableDomain&& registrableDomain, uint64_t pageGroupID, WebPageProxyIdentifier webPageProxyID, PageIdentifier pageID, const WebPreferencesStore& store, ServiceWorkerInitializationData&& initializationData)
     : m_connectionToNetworkProcess(WTFMove(connection))
     , m_registrableDomain(WTFMove(registrableDomain))
@@ -96 +99 @@
 #endif
 {
+    if (initializationData.userContentControllerIdentifier) {
+        m_userContentController = WebUserContentController::getOrCreate(*initializationData.userContentControllerIdentifier);
+#if ENABLE(CONTENT_EXTENSIONS)
+        m_userContentController->addContentRuleLists(WTFMove(initializationData.contentRuleLists));
+#endif
+    }
+
     updatePreferencesStore(store);
     m_connectionToNetworkProcess->send(Messages::NetworkConnectionToWebProcess::EstablishSWContextConnection { m_registrableDomain }, 0);
@@ -129 +139 @@
 #endif
     pageConfiguration.socketProvider = WebSocketProvider::create();
+    pageConfiguration.userContentProvider = m_userContentController;
 
     auto effectiveUserAgent =  WTFMove(userAgent);

trunk/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h

@@ -30 +30 @@
 #include "Connection.h"
 #include "MessageReceiver.h"
+#include "UserContentControllerIdentifier.h"
 #include "WebPageProxyIdentifier.h"
 #include "WebSWContextManagerConnectionMessagesReplies.h"
@@ -50 +51 @@
 
 class ServiceWorkerFrameLoaderClient;
+struct ServiceWorkerInitializationData;
 struct WebPreferencesStore;
+class WebUserContentController;
 
 class WebSWContextManagerConnection final : public WebCore::SWContextManager::Connection, public IPC::MessageReceiver {
 public:
-    WebSWContextManagerConnection(Ref<IPC::Connection>&&, WebCore::RegistrableDomain&&, uint64_t pageGroupID, WebPageProxyIdentifier, WebCore::PageIdentifier, const WebPreferencesStore&);
+    WebSWContextManagerConnection(Ref<IPC::Connection>&&, WebCore::RegistrableDomain&&, uint64_t pageGroupID, WebPageProxyIdentifier, WebCore::PageIdentifier, const WebPreferencesStore&, ServiceWorkerInitializationData&&);
     ~WebSWContextManagerConnection();
 
@@ -116 +119 @@
     String m_userAgent;
     bool m_isThrottleable { true };
+    RefPtr<WebUserContentController> m_userContentController;
 };
 

trunk/Source/WebKit/WebProcess/WebProcess.cpp

@@ -1739 +1739 @@
 
 #if ENABLE(SERVICE_WORKER)
-void WebProcess::establishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebPageProxyIdentifier webPageProxyID, PageIdentifier pageID, const WebPreferencesStore& store, RegistrableDomain&& registrableDomain)
+void WebProcess::establishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebPageProxyIdentifier webPageProxyID, PageIdentifier pageID, const WebPreferencesStore& store, RegistrableDomain&& registrableDomain, ServiceWorkerInitializationData&& initializationData)
 {
     // We are in the Service Worker context process and the call below establishes our connection to the Network Process
@@ -1745 +1745 @@
     // NetworkProcessConnection for synchronization purposes.
     auto& ipcConnection = ensureNetworkProcessConnection().connection();
-    SWContextManager::singleton().setConnection(makeUnique<WebSWContextManagerConnection>(ipcConnection, WTFMove(registrableDomain), pageGroupID, webPageProxyID, pageID, store));
+    SWContextManager::singleton().setConnection(makeUnique<WebSWContextManagerConnection>(ipcConnection, WTFMove(registrableDomain), pageGroupID, webPageProxyID, pageID, store, WTFMove(initializationData)));
 }
 

trunk/Source/WebKit/WebProcess/WebProcess.h

@@ -36 +36 @@
 #include "StorageAreaIdentifier.h"
 #include "TextCheckerState.h"
+#include "UserContentControllerIdentifier.h"
 #include "ViewUpdateDispatcher.h"
 #include "WebInspectorInterruptDispatcher.h"
@@ -110 +111 @@
 class NetworkProcessConnection;
 class ObjCObjectGraph;
+struct ServiceWorkerInitializationData;
 class StorageAreaMap;
 class UserData;
@@ -115 +117 @@
 class WebAutomationSessionProxy;
 class WebCacheStorageProvider;
+class WebCompiledContentRuleListData;
 class WebConnectionToUIProcess;
 class WebFrame;
@@ -372 +375 @@
 
 #if ENABLE(SERVICE_WORKER)
-    void establishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebPageProxyIdentifier, WebCore::PageIdentifier, const WebPreferencesStore&, WebCore::RegistrableDomain&&);
+    void establishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebPageProxyIdentifier, WebCore::PageIdentifier, const WebPreferencesStore&, WebCore::RegistrableDomain&&, ServiceWorkerInitializationData&&);
     void registerServiceWorkerClients();
 #endif

trunk/Source/WebKit/WebProcess/WebProcess.messages.in

@@ -107 +107 @@
 
 #if ENABLE(SERVICE_WORKER)
-    EstablishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebKit::WebPageProxyIdentifier webPageProxyID, WebCore::PageIdentifier pageID, struct WebKit::WebPreferencesStore store, WebCore::RegistrableDomain domain)
+    EstablishWorkerContextConnectionToNetworkProcess(uint64_t pageGroupID, WebKit::WebPageProxyIdentifier webPageProxyID, WebCore::PageIdentifier pageID, struct WebKit::WebPreferencesStore store, WebCore::RegistrableDomain domain, struct WebKit::ServiceWorkerInitializationData initializationData)
     RegisterServiceWorkerClients()
 #endif

trunk/Tools/ChangeLog

@@ +1 @@
+2019-10-30  Alex Christensen  <achristensen@webkit.org>
+
+        WKContentRuleLists should block requests from service workers
+        https://bugs.webkit.org/show_bug.cgi?id=201980
+        <rdar://problem/55516735>
+
+        Reviewed by Chris Dumez.
+
+        NSString initWithContentsOfURL doesn't work with https URLs with certificates without a trusted root,
+        so I use an ephemeral NSURLSession instead so I can tell it to accept any connection, even our WebKit httpd server.
+        I also added an API test.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:
+        * WebKitTestRunner/mac/TestControllerMac.mm:
+        (-[WKTRSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
+        (WTR::TestController::configureContentExtensionForTest):
+
 2019-10-30  Daniel Bates  <dabates@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm

@@ -1914 +1914 @@
     EXPECT_EQ(2U, processPool._serviceWorkerProcessCount);
 }
+
+static const char* contentRuleListWorkerScript =
+"self.addEventListener('message', (event) => {"
+"    fetch('blockedsubresource').then(() => {"
+"        event.source.postMessage('FAIL - should have blocked first request');"
+"    }).catch(() => {"
+"        fetch('allowedsubresource').then(() => {"
+"            event.source.postMessage('PASS - blocked first request, allowed second');"
+"        }).catch(() => {"
+"            event.source.postMessage('FAIL - should have allowed second request');"
+"        });"
+"    });"
+"});";
+
+TEST(ServiceWorkers, ContentRuleList)
+{
+    [WKWebsiteDataStore _allowWebsiteDataRecordsForAllOrigins];
+
+    __block bool doneCompiling = false;
+    __block RetainPtr<WKContentRuleList> contentRuleList;
+    [[WKContentRuleListStore defaultStore] compileContentRuleListForIdentifier:@"ServiceWorkerRuleList" encodedContentRuleList:@"[{\"action\":{\"type\":\"block\"},\"trigger\":{\"url-filter\":\"blockedsubresource\"}}]" completionHandler:^(WKContentRuleList *list, NSError *error) {
+        EXPECT_NOT_NULL(list);
+        EXPECT_NULL(error);
+        contentRuleList = list;
+        doneCompiling = true;
+    }];
+    TestWebKitAPI::Util::run(&doneCompiling);
+
+    // Start with a clean slate data store
+    [[WKWebsiteDataStore defaultDataStore] removeDataOfTypes:[WKWebsiteDataStore allWebsiteDataTypes] modifiedSince:[NSDate distantPast] completionHandler:^() {
+        done = true;
+    }];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+
+    auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+
+    auto messageHandler = adoptNS([[SWMessageHandlerWithExpectedMessage alloc] init]);
+    [[configuration userContentController] addScriptMessageHandler:messageHandler.get() name:@"sw"];
+    [[configuration userContentController] addContentRuleList:contentRuleList.get()];
+
+    using namespace TestWebKitAPI;
+    TCPServer server([] (int socket) {
+        auto respond = [socket] (const char* body, const char* mimeType) {
+            NSString *format = @"HTTP/1.1 200 OK\r\n"
+            "Content-Type: %s\r\n"
+            "Content-Length: %d\r\n\r\n"
+            "%s";
+            NSString *response = [NSString stringWithFormat:format, mimeType, strlen(body), body];
+            TCPServer::write(socket, response.UTF8String, response.length);
+        };
+        TCPServer::read(socket);
+        respond(mainBytes, "text/html");
+        TCPServer::read(socket);
+        respond(contentRuleListWorkerScript, "application/javascript");
+        auto lastRequest = TCPServer::read(socket);
+        EXPECT_TRUE(strstr((const char*)lastRequest.data(), "allowedsubresource"));
+        respond("successful fetch", "application/octet-stream");
+    });
+
+    expectedMessage = @"Message from worker: PASS - blocked first request, allowed second";
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://127.0.0.1:%d/", server.port()]]]];
+    TestWebKitAPI::Util::run(&done);
+    
+    __block bool doneRemoving = false;
+    [[WKContentRuleListStore defaultStore] removeContentRuleListForIdentifier:@"ServiceWorkerRuleList" completionHandler:^(NSError *error) {
+        EXPECT_NULL(error);
+        doneRemoving = true;
+    }];
+    TestWebKitAPI::Util::run(&doneRemoving);
+}

trunk/Tools/WebKitTestRunner/mac/TestControllerMac.mm

@@ -51 +51 @@
 @end
 
+@interface WKTRSessionDelegate : NSObject <NSURLSessionDataDelegate>
+@end
+@implementation WKTRSessionDelegate
+- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
+{
+    completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+}
+@end
+
 namespace WTR {
 
@@ -126 +135 @@
     NSURL *filterURL = [(__bridge NSURL *)testURL.get() URLByAppendingPathExtension:@"json"];
 
-    NSStringEncoding encoding;
-    NSString *contentExtensionString = [[NSString alloc] initWithContentsOfURL:filterURL usedEncoding:&encoding error:NULL];
-    if (!contentExtensionString)
-        return;
-    
+    __block NSString *contentExtensionString;
+    __block bool doneFetchingContentExtension = false;
+    auto delegate = adoptNS([WKTRSessionDelegate new]);
+    NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:delegate.get() delegateQueue:[NSOperationQueue mainQueue]];
+    NSURLSessionDataTask *task = [session dataTaskWithRequest:[NSURLRequest requestWithURL:filterURL] completionHandler:^(NSData * data, NSURLResponse *response, NSError *error) {
+        ASSERT(data);
+        ASSERT(response);
+        ASSERT(!error);
+        contentExtensionString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
+        doneFetchingContentExtension = true;
+    }];
+    [task resume];
+    platformRunUntil(doneFetchingContentExtension, noTimeout);
+
     __block bool doneCompiling = false;