mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 07:15:46 +00:00
Bug 1490165 - Workers.setTimeout/setInterval must handle CSP rejections, r=ckerschb
This commit is contained in:
parent
0040934b67
commit
cfe495e70b
@ -9,6 +9,7 @@
|
||||
#include "mozilla/Attributes.h"
|
||||
#include "mozilla/Likely.h"
|
||||
#include "mozilla/Maybe.h"
|
||||
#include "mozilla/dom/CSPEvalChecker.h"
|
||||
#include "mozilla/dom/FunctionBinding.h"
|
||||
#include "mozilla/dom/WorkerPrivate.h"
|
||||
#include "nsCOMPtr.h"
|
||||
@ -45,7 +46,8 @@ public:
|
||||
Function& aFunction,
|
||||
nsTArray<JS::Heap<JS::Value>>&& aArguments);
|
||||
nsJSScriptTimeoutHandler(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression);
|
||||
const nsAString& aExpression, bool* aAllowEval,
|
||||
ErrorResult& aRv);
|
||||
|
||||
virtual const nsAString& GetHandlerText() override;
|
||||
|
||||
@ -163,54 +165,6 @@ NS_INTERFACE_MAP_END
|
||||
NS_IMPL_CYCLE_COLLECTING_ADDREF(nsJSScriptTimeoutHandler)
|
||||
NS_IMPL_CYCLE_COLLECTING_RELEASE(nsJSScriptTimeoutHandler)
|
||||
|
||||
static bool
|
||||
CheckCSPForEval(JSContext* aCx, nsGlobalWindowInner* aWindow,
|
||||
const nsAString& aExpression, ErrorResult& aError)
|
||||
{
|
||||
// if CSP is enabled, and setTimeout/setInterval was called with a string,
|
||||
// disable the registration and log an error
|
||||
nsCOMPtr<nsIDocument> doc = aWindow->GetExtantDoc();
|
||||
if (!doc) {
|
||||
// if there's no document, we don't have to do anything.
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
aError = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
|
||||
if (aError.Failed()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!csp) {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool allowsEval = true;
|
||||
bool reportViolation = false;
|
||||
aError = csp->GetAllowsEval(&reportViolation, &allowsEval);
|
||||
if (aError.Failed()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (reportViolation) {
|
||||
// Get the calling location.
|
||||
uint32_t lineNum = 0;
|
||||
uint32_t columnNum = 0;
|
||||
nsAutoString fileNameString;
|
||||
if (!nsJSUtils::GetCallingLocation(aCx, fileNameString, &lineNum,
|
||||
&columnNum)) {
|
||||
fileNameString.AssignLiteral("unknown");
|
||||
}
|
||||
|
||||
csp->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
|
||||
nullptr, // triggering element
|
||||
fileNameString, aExpression, lineNum, columnNum,
|
||||
EmptyString(), EmptyString());
|
||||
}
|
||||
|
||||
return allowsEval;
|
||||
}
|
||||
|
||||
nsJSScriptTimeoutHandler::nsJSScriptTimeoutHandler()
|
||||
: mLineNo(0)
|
||||
, mColumn(0)
|
||||
@ -252,8 +206,9 @@ nsJSScriptTimeoutHandler::nsJSScriptTimeoutHandler(JSContext* aCx,
|
||||
return;
|
||||
}
|
||||
|
||||
*aAllowEval = CheckCSPForEval(aCx, aWindow, aExpression, aError);
|
||||
if (aError.Failed() || !*aAllowEval) {
|
||||
aError = CSPEvalChecker::CheckForWindow(aCx, aWindow, aExpression,
|
||||
aAllowEval);
|
||||
if (NS_WARN_IF(aError.Failed()) || !*aAllowEval) {
|
||||
return;
|
||||
}
|
||||
|
||||
@ -276,7 +231,9 @@ nsJSScriptTimeoutHandler::nsJSScriptTimeoutHandler(JSContext* aCx,
|
||||
|
||||
nsJSScriptTimeoutHandler::nsJSScriptTimeoutHandler(JSContext* aCx,
|
||||
WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression)
|
||||
const nsAString& aExpression,
|
||||
bool* aAllowEval,
|
||||
ErrorResult& aError)
|
||||
: mLineNo(0)
|
||||
, mColumn(0)
|
||||
, mExpr(aExpression)
|
||||
@ -284,6 +241,12 @@ nsJSScriptTimeoutHandler::nsJSScriptTimeoutHandler(JSContext* aCx,
|
||||
MOZ_ASSERT(aWorkerPrivate);
|
||||
aWorkerPrivate->AssertIsOnWorkerThread();
|
||||
|
||||
aError = CSPEvalChecker::CheckForWorker(aCx, aWorkerPrivate, aExpression,
|
||||
aAllowEval);
|
||||
if (NS_WARN_IF(aError.Failed()) || !*aAllowEval) {
|
||||
return;
|
||||
}
|
||||
|
||||
Init(aCx);
|
||||
}
|
||||
|
||||
@ -376,9 +339,15 @@ NS_CreateJSTimeoutHandler(JSContext *aCx, WorkerPrivate* aWorkerPrivate,
|
||||
|
||||
already_AddRefed<nsIScriptTimeoutHandler>
|
||||
NS_CreateJSTimeoutHandler(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression)
|
||||
const nsAString& aExpression, ErrorResult& aRv)
|
||||
{
|
||||
bool allowEval = false;
|
||||
RefPtr<nsJSScriptTimeoutHandler> handler =
|
||||
new nsJSScriptTimeoutHandler(aCx, aWorkerPrivate, aExpression);
|
||||
new nsJSScriptTimeoutHandler(aCx, aWorkerPrivate, aExpression, &allowEval,
|
||||
aRv);
|
||||
if (aRv.Failed() || !allowEval) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
return handler.forget();
|
||||
}
|
||||
|
185
dom/security/CSPEvalChecker.cpp
Normal file
185
dom/security/CSPEvalChecker.cpp
Normal file
@ -0,0 +1,185 @@
|
||||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "mozilla/dom/CSPEvalChecker.h"
|
||||
#include "mozilla/dom/WorkerPrivate.h"
|
||||
#include "mozilla/dom/WorkerRunnable.h"
|
||||
#include "mozilla/ErrorResult.h"
|
||||
#include "nsGlobalWindowInner.h"
|
||||
#include "nsIDocument.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsJSUtils.h"
|
||||
|
||||
using namespace mozilla;
|
||||
using namespace mozilla::dom;
|
||||
|
||||
namespace {
|
||||
|
||||
nsresult
|
||||
CheckInternal(nsIContentSecurityPolicy* aCSP,
|
||||
const nsAString& aExpression,
|
||||
const nsAString& aFileNameString,
|
||||
uint32_t aLineNum,
|
||||
uint32_t aColumnNum,
|
||||
bool* aAllowed)
|
||||
{
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
MOZ_ASSERT(aAllowed);
|
||||
|
||||
// The value is set at any "return", but better to have a default value here.
|
||||
*aAllowed = false;
|
||||
|
||||
if (!aCSP) {
|
||||
*aAllowed = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
bool reportViolation = false;
|
||||
nsresult rv = aCSP->GetAllowsEval(&reportViolation, aAllowed);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
*aAllowed = false;
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (reportViolation) {
|
||||
aCSP->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
|
||||
nullptr, // triggering element
|
||||
aFileNameString, aExpression, aLineNum,
|
||||
aColumnNum, EmptyString(), EmptyString());
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
class WorkerCSPCheckRunnable final : public WorkerMainThreadRunnable
|
||||
{
|
||||
public:
|
||||
WorkerCSPCheckRunnable(WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression,
|
||||
const nsAString& aFileNameString,
|
||||
uint32_t aLineNum,
|
||||
uint32_t aColumnNum)
|
||||
: WorkerMainThreadRunnable(aWorkerPrivate,
|
||||
NS_LITERAL_CSTRING("CSP Eval Check"))
|
||||
, mExpression(aExpression)
|
||||
, mFileNameString(aFileNameString)
|
||||
, mLineNum(aLineNum)
|
||||
, mColumnNum(aColumnNum)
|
||||
, mEvalAllowed(false)
|
||||
{}
|
||||
|
||||
bool
|
||||
MainThreadRun() override
|
||||
{
|
||||
mResult = CheckInternal(mWorkerPrivate->GetCSP(), mExpression,
|
||||
mFileNameString, mLineNum, mColumnNum,
|
||||
&mEvalAllowed);
|
||||
return true;
|
||||
}
|
||||
|
||||
nsresult
|
||||
GetResult(bool* aAllowed)
|
||||
{
|
||||
MOZ_ASSERT(aAllowed);
|
||||
*aAllowed = mEvalAllowed;
|
||||
return mResult;
|
||||
}
|
||||
|
||||
private:
|
||||
const nsString mExpression;
|
||||
const nsString mFileNameString;
|
||||
const uint32_t mLineNum;
|
||||
const uint32_t mColumnNum;
|
||||
bool mEvalAllowed;
|
||||
nsresult mResult;
|
||||
};
|
||||
|
||||
} // anonymous
|
||||
|
||||
/* static */ nsresult
|
||||
CSPEvalChecker::CheckForWindow(JSContext* aCx, nsGlobalWindowInner* aWindow,
|
||||
const nsAString& aExpression, bool* aAllowEval)
|
||||
{
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
MOZ_ASSERT(aWindow);
|
||||
MOZ_ASSERT(aAllowEval);
|
||||
|
||||
// The value is set at any "return", but better to have a default value here.
|
||||
*aAllowEval = false;
|
||||
|
||||
// if CSP is enabled, and setTimeout/setInterval was called with a string,
|
||||
// disable the registration and log an error
|
||||
nsCOMPtr<nsIDocument> doc = aWindow->GetExtantDoc();
|
||||
if (!doc) {
|
||||
// if there's no document, we don't have to do anything.
|
||||
*aAllowEval = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
nsresult rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
*aAllowEval = false;
|
||||
return rv;
|
||||
}
|
||||
|
||||
// Get the calling location.
|
||||
uint32_t lineNum = 0;
|
||||
uint32_t columnNum = 0;
|
||||
nsAutoString fileNameString;
|
||||
if (!nsJSUtils::GetCallingLocation(aCx, fileNameString, &lineNum,
|
||||
&columnNum)) {
|
||||
fileNameString.AssignLiteral("unknown");
|
||||
}
|
||||
|
||||
rv = CheckInternal(csp, aExpression, fileNameString, lineNum, columnNum,
|
||||
aAllowEval);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
*aAllowEval = false;
|
||||
return rv;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* static */ nsresult
|
||||
CSPEvalChecker::CheckForWorker(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression, bool* aAllowEval)
|
||||
{
|
||||
MOZ_ASSERT(aWorkerPrivate);
|
||||
aWorkerPrivate->AssertIsOnWorkerThread();
|
||||
MOZ_ASSERT(aAllowEval);
|
||||
|
||||
// The value is set at any "return", but better to have a default value here.
|
||||
*aAllowEval = false;
|
||||
|
||||
// Get the calling location.
|
||||
uint32_t lineNum = 0;
|
||||
uint32_t columnNum = 0;
|
||||
nsAutoString fileNameString;
|
||||
if (!nsJSUtils::GetCallingLocation(aCx, fileNameString, &lineNum,
|
||||
&columnNum)) {
|
||||
fileNameString.AssignLiteral("unknown");
|
||||
}
|
||||
|
||||
RefPtr<WorkerCSPCheckRunnable> r =
|
||||
new WorkerCSPCheckRunnable(aWorkerPrivate, aExpression, fileNameString,
|
||||
lineNum, columnNum);
|
||||
ErrorResult error;
|
||||
r->Dispatch(Canceling, error);
|
||||
if (NS_WARN_IF(error.Failed())) {
|
||||
*aAllowEval = false;
|
||||
return error.StealNSResult();
|
||||
}
|
||||
|
||||
nsresult rv = r->GetResult(aAllowEval);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
*aAllowEval = false;
|
||||
return rv;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
35
dom/security/CSPEvalChecker.h
Normal file
35
dom/security/CSPEvalChecker.h
Normal file
@ -0,0 +1,35 @@
|
||||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef mozilla_dom_CSPEvalChecker_h
|
||||
#define mozilla_dom_CSPEvalChecker_h
|
||||
|
||||
#include "nsString.h"
|
||||
|
||||
struct JSContext;
|
||||
class nsGlobalWindowInner;
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
|
||||
class WorkerPrivate;
|
||||
|
||||
class CSPEvalChecker final
|
||||
{
|
||||
public:
|
||||
static nsresult
|
||||
CheckForWindow(JSContext* aCx, nsGlobalWindowInner* aWindow,
|
||||
const nsAString& aExpression, bool* aAllowEval);
|
||||
|
||||
static nsresult
|
||||
CheckForWorker(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression, bool* aAllowEval);
|
||||
};
|
||||
|
||||
} // dom namespace
|
||||
} // mozilla namespace
|
||||
|
||||
#endif // mozilla_dom_CSPEvalChecker_h
|
@ -11,6 +11,7 @@ TEST_DIRS += ['test']
|
||||
|
||||
EXPORTS.mozilla.dom += [
|
||||
'ContentVerifier.h',
|
||||
'CSPEvalChecker.h',
|
||||
'FramingChecker.h',
|
||||
'nsContentSecurityManager.h',
|
||||
'nsCSPContext.h',
|
||||
@ -30,6 +31,7 @@ EXPORTS += [
|
||||
|
||||
UNIFIED_SOURCES += [
|
||||
'ContentVerifier.cpp',
|
||||
'CSPEvalChecker.cpp',
|
||||
'FramingChecker.cpp',
|
||||
'nsContentSecurityManager.cpp',
|
||||
'nsCSPContext.cpp',
|
||||
|
@ -1224,7 +1224,7 @@ private:
|
||||
("Scriptloader::Load, SRI required but not supported in workers"));
|
||||
nsCOMPtr<nsIContentSecurityPolicy> wcsp;
|
||||
chanLoadInfo->LoadingPrincipal()->GetCsp(getter_AddRefs(wcsp));
|
||||
MOZ_ASSERT(wcsp, "We sould have a CSP for the worker here");
|
||||
MOZ_ASSERT(wcsp, "We should have a CSP for the worker here");
|
||||
if (wcsp) {
|
||||
wcsp->LogViolationDetails(
|
||||
nsIContentSecurityPolicy::VIOLATION_TYPE_REQUIRE_SRI_FOR_SCRIPT,
|
||||
|
@ -67,7 +67,8 @@ NS_CreateJSTimeoutHandler(JSContext* aCx,
|
||||
extern already_AddRefed<nsIScriptTimeoutHandler>
|
||||
NS_CreateJSTimeoutHandler(JSContext* aCx,
|
||||
mozilla::dom::WorkerPrivate* aWorkerPrivate,
|
||||
const nsAString& aExpression);
|
||||
const nsAString& aExpression,
|
||||
mozilla::ErrorResult& aRv);
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
@ -276,7 +277,7 @@ WorkerGlobalScope::SetTimeout(JSContext* aCx,
|
||||
|
||||
nsCOMPtr<nsIScriptTimeoutHandler> handler =
|
||||
NS_CreateJSTimeoutHandler(aCx, mWorkerPrivate, aHandler, aArguments, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
if (!handler) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -293,7 +294,11 @@ WorkerGlobalScope::SetTimeout(JSContext* aCx,
|
||||
mWorkerPrivate->AssertIsOnWorkerThread();
|
||||
|
||||
nsCOMPtr<nsIScriptTimeoutHandler> handler =
|
||||
NS_CreateJSTimeoutHandler(aCx, mWorkerPrivate, aHandler);
|
||||
NS_CreateJSTimeoutHandler(aCx, mWorkerPrivate, aHandler, aRv);
|
||||
if (!handler) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return mWorkerPrivate->SetTimeout(aCx, handler, aTimeout, false, aRv);
|
||||
}
|
||||
|
||||
@ -334,7 +339,11 @@ WorkerGlobalScope::SetInterval(JSContext* aCx,
|
||||
Sequence<JS::Value> dummy;
|
||||
|
||||
nsCOMPtr<nsIScriptTimeoutHandler> handler =
|
||||
NS_CreateJSTimeoutHandler(aCx, mWorkerPrivate, aHandler);
|
||||
NS_CreateJSTimeoutHandler(aCx, mWorkerPrivate, aHandler, aRv);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return mWorkerPrivate->SetTimeout(aCx, handler, aTimeout, true, aRv);
|
||||
}
|
||||
|
||||
|
@ -27,9 +27,3 @@
|
||||
[`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20*)]
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20*)]
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20*)]
|
||||
expected: FAIL
|
||||
|
||||
|
@ -2,12 +2,6 @@
|
||||
[`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20%27self%27]
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in http:?pipe=sub|header(Content-Security-Policy,script-src%20%27self%27]
|
||||
expected: FAIL
|
||||
|
||||
[`eval()` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20%27self%27]
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in http:?pipe=sub|header(Content-Security-Policy,default-src%20%27self%27]
|
||||
expected: FAIL
|
||||
|
||||
|
@ -1,4 +0,0 @@
|
||||
[script-src-1_4_2.html]
|
||||
[Unsafe eval ran in Function() constructor.]
|
||||
expected: FAIL
|
||||
|
@ -1,4 +0,0 @@
|
||||
[worker-set-timeout-blocked.sub.html]
|
||||
[Expecting alerts: ["setTimeout blocked"\]]
|
||||
expected: FAIL
|
||||
|
Loading…
Reference in New Issue
Block a user