| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 587 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 598 v8::Isolate* isolate = env->GetIsolate(); | 598 v8::Isolate* isolate = env->GetIsolate(); |
| 599 v8::HandleScope scope(isolate); | 599 v8::HandleScope scope(isolate); |
| 600 v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate); | 600 v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate); |
| 601 obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter)); | 601 obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter)); |
| 602 obj->SetNativeDataProperty(v8_str("prop"), OneProperty); | 602 obj->SetNativeDataProperty(v8_str("prop"), OneProperty); |
| 603 env->Global()->Set(v8_str("obj"), obj->NewInstance()); | 603 env->Global()->Set(v8_str("obj"), obj->NewInstance()); |
| 604 CompileRun( | 604 CompileRun( |
| 605 "Object.defineProperty(obj, 'prop', { writable: false });" | 605 "Object.defineProperty(obj, 'prop', { writable: false });" |
| 606 "Object.defineProperty(obj, 'prop', { writable: true });"); | 606 "Object.defineProperty(obj, 'prop', { writable: true });"); |
| 607 } | 607 } |
| 608 | |
| 609 | |
| 610 static bool security_check_value = false; | |
| 611 | |
| 612 | |
| 613 static bool SecurityTestCallback(Local<v8::Object> global, Local<Value> name, | |
| 614 v8::AccessType type, Local<Value> data) { | |
| 615 return security_check_value; | |
| 616 } | |
| 617 | |
| 618 | |
| 619 TEST(PrototypeGetterAccessCheck) { | |
| 620 i::FLAG_allow_natives_syntax = true; | |
| 621 LocalContext env; | |
| 622 v8::Isolate* isolate = env->GetIsolate(); | |
| 623 v8::HandleScope scope(isolate); | |
| 624 auto fun_templ = v8::FunctionTemplate::New(isolate); | |
| 625 auto getter_templ = v8::FunctionTemplate::New(isolate, handle_property); | |
| 626 getter_templ->SetLength(0); | |
| 627 fun_templ->InstanceTemplate()->SetAccessorProperty(v8_str("foo"), | |
| 628 getter_templ); | |
| 629 auto obj_templ = v8::ObjectTemplate::New(isolate); | |
| 630 obj_templ->SetAccessCheckCallbacks(SecurityTestCallback, nullptr); | |
| 631 env->Global()->Set(v8_str("Fun"), fun_templ->GetFunction()); | |
| 632 env->Global()->Set(v8_str("obj"), obj_templ->NewInstance()); | |
| 633 env->Global()->Set(v8_str("obj2"), obj_templ->NewInstance()); | |
| 634 | |
| 635 security_check_value = true; | |
| 636 CompileRun("var proto = new Fun();"); | |
| 637 CompileRun("obj.__proto__ = proto;"); | |
| 638 ExpectInt32("proto.foo", 907); | |
| 639 | |
| 640 // Test direct. | |
| 641 security_check_value = true; | |
| 642 ExpectInt32("obj.foo", 907); | |
| 643 security_check_value = false; | |
| 644 { | |
| 645 v8::TryCatch try_catch(isolate); | |
| 646 CompileRun("obj.foo"); | |
| 647 CHECK(try_catch.HasCaught()); | |
| 648 } | |
| 649 | |
| 650 // Test through call. | |
| 651 security_check_value = true; | |
| 652 ExpectInt32("proto.__lookupGetter__('foo').call(obj)", 907); | |
| 653 security_check_value = false; | |
| 654 { | |
| 655 v8::TryCatch try_catch(isolate); | |
| 656 CompileRun("proto.__lookupGetter__('foo').call(obj)"); | |
| 657 CHECK(try_catch.HasCaught()); | |
| 658 } | |
| 659 | |
| 660 // Test ics. | |
| 661 CompileRun( | |
| 662 "function f() {" | |
| 663 " var x;" | |
| 664 " for (var i = 0; i < 4; i++) {" | |
| 665 " x = obj.foo;" | |
| 666 " }" | |
| 667 " return x;" | |
| 668 "}"); | |
| 669 | |
| 670 security_check_value = true; | |
| 671 ExpectInt32("f()", 907); | |
| 672 security_check_value = false; | |
| 673 { | |
| 674 v8::TryCatch try_catch(isolate); | |
| 675 CompileRun("f();"); | |
| 676 CHECK(try_catch.HasCaught()); | |
| 677 } | |
| 678 | |
| 679 // Test crankshaft. | |
| 680 CompileRun("%OptimizeFunctionOnNextCall(f);"); | |
| 681 | |
| 682 security_check_value = true; | |
| 683 ExpectInt32("f()", 907); | |
| 684 security_check_value = false; | |
| 685 { | |
| 686 v8::TryCatch try_catch(isolate); | |
| 687 CompileRun("f();"); | |
| 688 CHECK(try_catch.HasCaught()); | |
| 689 } | |
| 690 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1023783009:
Revert of add access checks to receivers on function callbacks (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master