test/cctest/test-accessors.cc - Issue 1036743004: add access checks to receivers on function callbacks

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: test/cctest/test-accessors.cc

Issue 1036743004: add access checks to receivers on function callbacks (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: super nit Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: test/cctest/test-accessors.cc

diff --git a/test/cctest/test-accessors.cc b/test/cctest/test-accessors.cc

index bbb74c0a71ada861c959c3fdd9049d3cdb9995a9..be69111364284581d6f5abf156facddba9a7d431 100644

--- a/test/cctest/test-accessors.cc

+++ b/test/cctest/test-accessors.cc

@@ -605,3 +605,86 @@ THREADED_TEST(Regress433458) {

"Object.defineProperty(obj, 'prop', { writable: false });"

"Object.defineProperty(obj, 'prop', { writable: true });");

}

+static bool security_check_value = false;

+static bool SecurityTestCallback(Local<v8::Object> global, Local<Value> name,

+ v8::AccessType type, Local<Value> data) {

+ return security_check_value;

+TEST(PrototypeGetterAccessCheck) {

+ i::FLAG_allow_natives_syntax = true;

+ LocalContext env;

+ v8::Isolate* isolate = env->GetIsolate();

+ v8::HandleScope scope(isolate);

+ auto fun_templ = v8::FunctionTemplate::New(isolate);

+ auto getter_templ = v8::FunctionTemplate::New(isolate, handle_property);

+ getter_templ->SetAcceptAnyReceiver(false);

+ fun_templ->InstanceTemplate()->SetAccessorProperty(v8_str("foo"),

+ getter_templ);

+ auto obj_templ = v8::ObjectTemplate::New(isolate);

+ obj_templ->SetAccessCheckCallbacks(SecurityTestCallback, nullptr);

+ env->Global()->Set(v8_str("Fun"), fun_templ->GetFunction());

+ env->Global()->Set(v8_str("obj"), obj_templ->NewInstance());

+ env->Global()->Set(v8_str("obj2"), obj_templ->NewInstance());

+ security_check_value = true;

+ CompileRun("var proto = new Fun();");

+ CompileRun("obj.__proto__ = proto;");

+ ExpectInt32("proto.foo", 907);

+ // Test direct.

+ security_check_value = true;

+ ExpectInt32("obj.foo", 907);

+ security_check_value = false;

+ {

+ v8::TryCatch try_catch(isolate);

+ CompileRun("obj.foo");

+ CHECK(try_catch.HasCaught());

+ }

+ // Test through call.

+ security_check_value = true;

+ ExpectInt32("proto.__lookupGetter__('foo').call(obj)", 907);

+ security_check_value = false;

+ {

+ v8::TryCatch try_catch(isolate);

+ CompileRun("proto.__lookupGetter__('foo').call(obj)");

+ CHECK(try_catch.HasCaught());

+ }

+ // Test ics.

+ CompileRun(

+ "function f() {"

+ " var x;"

+ " for (var i = 0; i < 4; i++) {"

+ " x = obj.foo;"

+ " }"

+ " return x;"

+ "}");

+ security_check_value = true;

+ ExpectInt32("f()", 907);

+ security_check_value = false;

+ {

+ v8::TryCatch try_catch(isolate);

+ CompileRun("f();");

+ CHECK(try_catch.HasCaught());

+ }

+ // Test crankshaft.

+ CompileRun("%OptimizeFunctionOnNextCall(f);");

+ security_check_value = true;

+ ExpectInt32("f()", 907);

+ security_check_value = false;

+ {

+ v8::TryCatch try_catch(isolate);

+ CompileRun("f();");

+ CHECK(try_catch.HasCaught());

+ }

« no previous file with comments | « src/objects-inl.h ('k') | no next file » | no next file with comments »