Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(392)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/cctest/test-accessors.cc

Issue 1036743004: add access checks to receivers on function callbacks (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: super nit Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/objects-inl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 587 matching lines...) Expand 10 before | Expand all | Expand 10 after
598 v8::Isolate* isolate = env->GetIsolate(); 598 v8::Isolate* isolate = env->GetIsolate();
599 v8::HandleScope scope(isolate); 599 v8::HandleScope scope(isolate);
600 v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate); 600 v8::Handle<v8::ObjectTemplate> obj = ObjectTemplate::New(isolate);
601 obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter)); 601 obj->SetHandler(v8::NamedPropertyHandlerConfiguration(EmptyGetter));
602 obj->SetNativeDataProperty(v8_str("prop"), OneProperty); 602 obj->SetNativeDataProperty(v8_str("prop"), OneProperty);
603 env->Global()->Set(v8_str("obj"), obj->NewInstance()); 603 env->Global()->Set(v8_str("obj"), obj->NewInstance());
604 CompileRun( 604 CompileRun(
605 "Object.defineProperty(obj, 'prop', { writable: false });" 605 "Object.defineProperty(obj, 'prop', { writable: false });"
606 "Object.defineProperty(obj, 'prop', { writable: true });"); 606 "Object.defineProperty(obj, 'prop', { writable: true });");
607 } 607 }
608
609
610 static bool security_check_value = false;
611
612
613 static bool SecurityTestCallback(Local<v8::Object> global, Local<Value> name,
614 v8::AccessType type, Local<Value> data) {
615 return security_check_value;
616 }
617
618
619 TEST(PrototypeGetterAccessCheck) {
620 i::FLAG_allow_natives_syntax = true;
621 LocalContext env;
622 v8::Isolate* isolate = env->GetIsolate();
623 v8::HandleScope scope(isolate);
624 auto fun_templ = v8::FunctionTemplate::New(isolate);
625 auto getter_templ = v8::FunctionTemplate::New(isolate, handle_property);
626 getter_templ->SetAcceptAnyReceiver(false);
627 fun_templ->InstanceTemplate()->SetAccessorProperty(v8_str("foo"),
628 getter_templ);
629 auto obj_templ = v8::ObjectTemplate::New(isolate);
630 obj_templ->SetAccessCheckCallbacks(SecurityTestCallback, nullptr);
631 env->Global()->Set(v8_str("Fun"), fun_templ->GetFunction());
632 env->Global()->Set(v8_str("obj"), obj_templ->NewInstance());
633 env->Global()->Set(v8_str("obj2"), obj_templ->NewInstance());
634
635 security_check_value = true;
636 CompileRun("var proto = new Fun();");
637 CompileRun("obj.__proto__ = proto;");
638 ExpectInt32("proto.foo", 907);
639
640 // Test direct.
641 security_check_value = true;
642 ExpectInt32("obj.foo", 907);
643 security_check_value = false;
644 {
645 v8::TryCatch try_catch(isolate);
646 CompileRun("obj.foo");
647 CHECK(try_catch.HasCaught());
648 }
649
650 // Test through call.
651 security_check_value = true;
652 ExpectInt32("proto.__lookupGetter__('foo').call(obj)", 907);
653 security_check_value = false;
654 {
655 v8::TryCatch try_catch(isolate);
656 CompileRun("proto.__lookupGetter__('foo').call(obj)");
657 CHECK(try_catch.HasCaught());
658 }
659
660 // Test ics.
661 CompileRun(
662 "function f() {"
663 " var x;"
664 " for (var i = 0; i < 4; i++) {"
665 " x = obj.foo;"
666 " }"
667 " return x;"
668 "}");
669
670 security_check_value = true;
671 ExpectInt32("f()", 907);
672 security_check_value = false;
673 {
674 v8::TryCatch try_catch(isolate);
675 CompileRun("f();");
676 CHECK(try_catch.HasCaught());
677 }
678
679 // Test crankshaft.
680 CompileRun("%OptimizeFunctionOnNextCall(f);");
681
682 security_check_value = true;
683 ExpectInt32("f()", 907);
684 security_check_value = false;
685 {
686 v8::TryCatch try_catch(isolate);
687 CompileRun("f();");
688 CHECK(try_catch.HasCaught());
689 }
690 }
OLDNEW
« no previous file with comments | « src/objects-inl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698