Bug 752559 - Console warning when sandboxed iframe is used ineffectively. r=smaug

This commit is contained in:
Francois Marier 2014-09-07 23:05:00 -04:00
parent 82c26a152e
commit 12e6ff4e4a
14 changed files with 262 additions and 0 deletions

View File

@ -45,6 +45,15 @@ support-files =
test-bug-646025-console-file-location.html
test-bug-658368-time-methods.html
test-bug-737873-mixedcontent.html
test-bug-752559-ineffective-iframe-sandbox-warning0.html
test-bug-752559-ineffective-iframe-sandbox-warning1.html
test-bug-752559-ineffective-iframe-sandbox-warning2.html
test-bug-752559-ineffective-iframe-sandbox-warning3.html
test-bug-752559-ineffective-iframe-sandbox-warning4.html
test-bug-752559-ineffective-iframe-sandbox-warning5.html
test-bug-752559-ineffective-iframe-sandbox-warning-inner.html
test-bug-752559-ineffective-iframe-sandbox-warning-nested1.html
test-bug-752559-ineffective-iframe-sandbox-warning-nested2.html
test-bug-762593-insecure-passwords-about-blank-web-console-warning.html
test-bug-762593-insecure-passwords-web-console-warning.html
test-bug-766001-console-log.js
@ -235,6 +244,7 @@ run-if = os == "win"
[browser_webconsole_bug_704295.js]
[browser_webconsole_bug_734061_No_input_change_and_Tab_key_pressed.js]
[browser_webconsole_bug_737873_mixedcontent.js]
[browser_webconsole_bug_752559_ineffective_iframe_sandbox_warning.js]
[browser_webconsole_bug_762593_insecure_passwords_about_blank_web_console_warning.js]
skip-if = buildapp == 'mulet'
[browser_webconsole_bug_762593_insecure_passwords_web_console_warning.js]

View File

@ -0,0 +1,77 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
// Tests that warnings about ineffective iframe sandboxing are logged to the
// web console when necessary (and not otherwise).
const TEST_URI_WARNING = "http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning0.html";
const TEST_URI_NOWARNING = [
"http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning1.html",
"http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning2.html",
"http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning3.html",
"http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning4.html",
"http://example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning5.html"
];
const INEFFECTIVE_IFRAME_SANDBOXING_MSG = "An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.";
const SENTINEL_MSG = "testing ineffective sandboxing message";
function test()
{
addTab(TEST_URI_WARNING);
browser.addEventListener("load", function onLoad(aEvent) {
browser.removeEventListener(aEvent.type, onLoad, true);
openConsole(null, function testIneffectiveIframeSandboxingLogged (hud) {
content.console.log(SENTINEL_MSG)
waitForMessages({
webconsole: hud,
messages: [
{
name: "Ineffective iframe sandboxing warning displayed successfully",
text: INEFFECTIVE_IFRAME_SANDBOXING_MSG,
category: CATEGORY_SECURITY,
severity: SEVERITY_WARNING
},
{
text: SENTINEL_MSG,
severity: SEVERITY_LOG
}
]
}).then(() => {
let msgs = hud.outputNode.querySelectorAll(".message[category=security]");
is(msgs.length, 1, "one security message");
testNoWarning(0);
});
});
}, true);
}
function testNoWarning(id)
{
addTab(TEST_URI_NOWARNING[id]);
browser.addEventListener("load", function onLoad(aEvent) {
browser.removeEventListener(aEvent.type, onLoad, true);
openConsole(null, function testIneffectiveIframeSandboxingNotLogged (hud) {
content.console.log(SENTINEL_MSG)
waitForMessages({
webconsole: hud,
messages: [
{
text: SENTINEL_MSG,
severity: SEVERITY_LOG
}
]
}).then(() => {
let msgs = hud.outputNode.querySelectorAll(".message[category=security]");
is(msgs.length, 0, "no security messages (case " + id + ")");
id += 1;
if (id < TEST_URI_NOWARNING.length) {
testNoWarning(id);
} else {
finishTest();
}
});
});
}, true);
}

View File

@ -0,0 +1,13 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<p>I am sandboxed and want to escape.</p>
</body>
</html>

View File

@ -0,0 +1,14 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe
src="http://www.example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning-inner.html"></iframe>
</body>
</html>

View File

@ -0,0 +1,14 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe
src="http://www.example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning-inner.html" sandbox="allow-scripts allow-same-origin"></iframe>
</body>
</html>

View File

@ -0,0 +1,13 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (allow-scripts, allow-same-origin)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe src="test-bug-752559-ineffective-iframe-sandbox-warning-inner.html" sandbox="allow-scripts allow-same-origin"></iframe>
</body>
</html>

View File

@ -0,0 +1,13 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (allow-scripts, no allow-same-origin)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe src="test-bug-752559-ineffective-iframe-sandbox-warning-inner.html" sandbox="allow-scripts"></iframe>
</body>
</html>

View File

@ -0,0 +1,13 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (no allow-scripts, allow-same-origin)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe src="test-bug-752559-ineffective-iframe-sandbox-warning-inner.html" sandbox="allow-same-origin"></iframe>
</body>
</html>

View File

@ -0,0 +1,14 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (allow-scripts, allow-same-origin)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe
src="http://www.example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning-inner.html" sandbox="allow-scripts allow-same-origin"></iframe>
</body>
</html>

View File

@ -0,0 +1,14 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (allow-scripts, allow-same-origin, nested)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe
src="http://www.example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning-nested1.html" sandbox="allow-scripts allow-same-origin"></iframe>
</body>
</html>

View File

@ -0,0 +1,14 @@
<!doctype html>
<html>
<head>
<meta charset="utf8">
<title>Bug 752559 - print warning to error console when iframe sandbox
is being used ineffectively (nested, allow-scripts, allow-same-origin)</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
</head>
<body>
<iframe
src="http://www.example.com/browser/browser/devtools/webconsole/test/test-bug-752559-ineffective-iframe-sandbox-warning-nested2.html"></iframe>
</body>
</html>

View File

@ -4669,6 +4669,7 @@ var Utils = {
case "Insecure Password Field":
case "SSL":
case "CORS":
case "Iframe Sandbox":
return CATEGORY_SECURITY;
default:

View File

@ -2517,6 +2517,55 @@ nsDocument::FillStyleSet(nsStyleSet* aStyleSet)
nsStyleSet::eDocSheet);
}
static void
WarnIfSandboxIneffective(nsIDocShell* aDocShell,
uint32_t aSandboxFlags,
nsIChannel* aChannel)
{
// If the document is sandboxed (via the HTML5 iframe sandbox
// attribute) and both the allow-scripts and allow-same-origin
// keywords are supplied, the sandboxed document can call into its
// parent document and remove its sandboxing entirely - we print a
// warning to the web console in this case.
if (aSandboxFlags & SANDBOXED_NAVIGATION &&
!(aSandboxFlags & SANDBOXED_SCRIPTS) &&
!(aSandboxFlags & SANDBOXED_ORIGIN)) {
nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
aDocShell->GetSameTypeParent(getter_AddRefs(parentAsItem));
nsCOMPtr<nsIDocShell> parentDocShell = do_QueryInterface(parentAsItem);
if (!parentDocShell) {
return;
}
// Don't warn if our parent is not the top-level document.
nsCOMPtr<nsIDocShellTreeItem> grandParentAsItem;
parentDocShell->GetSameTypeParent(getter_AddRefs(grandParentAsItem));
if (grandParentAsItem) {
return;
}
nsCOMPtr<nsIChannel> parentChannel;
parentDocShell->GetCurrentDocumentChannel(getter_AddRefs(parentChannel));
if (!parentChannel) {
return;
}
nsresult rv = nsContentUtils::CheckSameOrigin(aChannel, parentChannel);
if (NS_FAILED(rv)) {
return;
}
nsCOMPtr<nsIDocument> parentDocument = do_GetInterface(parentDocShell);
nsCOMPtr<nsIURI> iframeUri;
parentChannel->GetURI(getter_AddRefs(iframeUri));
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("Iframe Sandbox"),
parentDocument,
nsContentUtils::eSECURITY_PROPERTIES,
"BothAllowScriptsAndSameOriginPresent",
nullptr, 0, iframeUri);
}
}
nsresult
nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
nsILoadGroup* aLoadGroup,
@ -2606,6 +2655,7 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
if (docShell) {
nsresult rv = docShell->GetSandboxFlags(&mSandboxFlags);
NS_ENSURE_SUCCESS(rv, rv);
WarnIfSandboxIneffective(docShell, mSandboxFlags, GetChannel());
}
// If this is not a data document, set CSP.

View File

@ -13,3 +13,5 @@ InsecureFormActionPasswordsPresent=Password fields present in a form with an ins
InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.
LoadingMixedActiveContent=Loading mixed (insecure) active content on a secure page "%1$S"
LoadingMixedDisplayContent=Loading mixed (insecure) display content on a secure page "%1$S"
# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.