Introduce bad_message.h for chrome and NaCl.

content/browser/site_per_process_browsertest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/site_per_process_browsertest.h"
 
 #include <algorithm>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 41 matching lines @@
   EXPECT_TRUE(success);
 
   content::DOMMessageQueue msg_queue;
   std::string status;
   while (msg_queue.WaitForMessage(&status)) {
     if (status == reply_status)
       break;
   }
 }
 
-}  // anonymous namespace
-
 class RedirectNotificationObserver : public NotificationObserver {
  public:
   // Register to listen for notifications of the given type from either a
   // specific source, or from all sources if |source| is
   // NotificationService::AllSources().
   RedirectNotificationObserver(int notification_type,
                                const NotificationSource& source);
   ~RedirectNotificationObserver() override;
 
   // Wait until the specified notification occurs.  If the notification was
@@ skipping 159 matching lines @@
   DCHECK(source == web_contents_);
 
   std::string ascii_message = base::UTF16ToASCII(message);
   if (MatchPattern(ascii_message, filter_)) {
     message_ = ascii_message;
     message_loop_runner_->Quit();
   }
   return false;
 }
 
+std::string GetCookieFromJS(RenderFrameHost* frame) {
+  std::string cookie;
+  EXPECT_TRUE(ExecuteScriptAndExtractString(
+      frame, "window.domAutomationController.send(document.cookie);", &cookie));
+  return cookie;
+}
+
+}  // namespace
+
 //
 // SitePerProcessBrowserTest
 //
 
 SitePerProcessBrowserTest::SitePerProcessBrowserTest() {
 };
 
 std::string SitePerProcessBrowserTest::DepictFrameTree(FrameTreeNode* node) {
   return visualizer_.DepictFrameTree(node);
 }
@@ skipping 801 matching lines @@
 
 // Crash a subframe and ensures its children are cleared from the FrameTree.
 // See http://crbug.com/338508.
 // TODO(creis): Disabled for flakiness; see http://crbug.com/405582.
 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, DISABLED_CrashSubframe) {
   GURL main_url(embedded_test_server()->GetURL("/site_per_process_main.html"));
   NavigateToURL(shell(), main_url);
 
   StartFrameAtDataURL();
 
-  // These must stay in scope with replace_host.
-  GURL::Replacements replace_host;
-  std::string foo_com("foo.com");
-
   // Load cross-site page into iframe.
   EXPECT_TRUE(NavigateIframeToURL(
       shell()->web_contents(), "test",
       embedded_test_server()->GetURL("/cross-site/foo.com/title2.html")));
 
   // Check the subframe process.
   FrameTreeNode* root =
       static_cast<WebContentsImpl*>(shell()->web_contents())->
           GetFrameTree()->root();
   ASSERT_EQ(2U, root->child_count());
@@ skipping 1381 matching lines @@
       " Site A\n"
       "   |--Site A\n"
       "   +--Site A\n"
       "        |--Site A\n"
       "        +--Site A\n"
       "             +--Site A\n"
       "Where A = http://127.0.0.1/",
       DepictFrameTree(root));
 }
 
+// Exercises

[James Cook, 2015/05/22 18:13:10]

Exercises?

Also, is this meant to be part of a different CL?

[ncarter (slow), 2015/05/22 18:41:52]

Oh gosh yes, this doesn't belong here at all. Stale edits in my text editor
after switching branches...

+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CookieAccessRestrictions) {
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS, net::SpawnedTestServer::kLocalhost,
+      base::FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  // The server sends a HttpOnly cookie which should never be seen by any
+  // renderer.
+  GURL https_url = https_server.GetURL("set-cookie?notforjs=1;HttpOnly");
+  GURL http_url = embedded_test_server()->GetURL("/frame_with_load_event.html");
+
+  Shell* shell2 = CreateBrowser();
+  NavigateToURL(shell(), http_url);
+  NavigateToURL(shell2, https_url);
+
+  WebContentsImpl* secure_web_contents =
+      static_cast<WebContentsImpl*>(shell2->web_contents());
+  WebContentsImpl* insecure_web_contents =
+      static_cast<WebContentsImpl*>(shell()->web_contents());
+
+  EXPECT_EQ("http://127.0.0.1/",
+            insecure_web_contents->GetSiteInstance()->GetSiteURL().spec());
+  EXPECT_EQ("https://127.0.0.1/",
+            secure_web_contents->GetSiteInstance()->GetSiteURL().spec());
+
+  EXPECT_NE(insecure_web_contents->GetSiteInstance()->GetProcess(),
+            secure_web_contents->GetSiteInstance()->GetProcess());
+
+  EXPECT_EQ("", GetCookieFromJS(secure_web_contents->GetMainFrame()));
+  EXPECT_EQ("", GetCookieFromJS(insecure_web_contents->GetMainFrame()));
+
+  // HTTP page writes secure cookie.
+  EXPECT_TRUE(ExecuteScript(insecure_web_contents->GetMainFrame(),
+                            "document.cookie = 'A=1; secure;';"));
+  EXPECT_EQ("A=1", GetCookieFromJS(secure_web_contents->GetMainFrame()));
+  EXPECT_EQ("", GetCookieFromJS(insecure_web_contents->GetMainFrame()));
+
+  // TLS page writes not-secure cookie.
+  EXPECT_TRUE(ExecuteScript(insecure_web_contents->GetMainFrame(),
+                            "document.cookie = 'B=2';"));
+  EXPECT_EQ("A=1; B=2", GetCookieFromJS(secure_web_contents->GetMainFrame()));
+  EXPECT_EQ("B=2", GetCookieFromJS(insecure_web_contents->GetMainFrame()));
+
+  // HTTP page writes secure cookie.
+  EXPECT_TRUE(ExecuteScript(secure_web_contents->GetMainFrame(),
+                            "document.cookie = 'C=3;secure;';"));
+  EXPECT_EQ("A=1; B=2; C=3",
+            GetCookieFromJS(secure_web_contents->GetMainFrame()));
+  EXPECT_EQ("B=2", GetCookieFromJS(insecure_web_contents->GetMainFrame()));
+
+  // TLS doc writes not-secure cookie.
+  EXPECT_TRUE(ExecuteScript(secure_web_contents->GetMainFrame(),
+                            "document.cookie = 'D=4';"));
+  EXPECT_EQ("A=1; B=2; C=3; D=4",
+            GetCookieFromJS(secure_web_contents->GetMainFrame()));
+  EXPECT_EQ("B=2; D=4", GetCookieFromJS(insecure_web_contents->GetMainFrame()));
+
+  // The iframe on the http page should get its own process.
+  EXPECT_EQ(
+      " Site A ------------ proxies for B\n"
+      "   +--Site B ------- proxies for A\n"
+      "Where A = http://127.0.0.1/\n"
+      "      B = http://baz.com/",
+      DepictFrameTree(insecure_web_contents->GetFrameTree()->root()));
+
+  RenderFrameHost* evil_iframe = insecure_web_contents->GetFrameTree()
+                                     ->root()
+                                     ->child_at(0)
+                                     ->current_frame_host();
+
+  EXPECT_NE(evil_iframe->GetProcess(),
+            insecure_web_contents->GetMainFrame()->GetProcess());
+  EXPECT_NE(evil_iframe->GetProcess(),
+            secure_web_contents->GetMainFrame()->GetProcess());
+
+  // Try to get cross-site cookies from the subframe's process and wait for it
+  // to be killed.
+  std::string response;
+  FrameHostMsg_GetCookies illegal_get_cookies(
+      evil_iframe->GetRoutingID(), GURL("https://127.0.0.1/"),
+      GURL("https://127.0.0.1/"), &response);
+
+  RenderProcessHostWatcher baz_killed(
+      evil_iframe->GetProcess(),
+      RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
+
+  IPC::IpcSecurityTestUtil::PwnMessageReceived(
+      evil_iframe->GetProcess()->GetChannel(), illegal_get_cookies);
+
+  baz_killed.Wait();
+
+  EXPECT_EQ(
+      " Site A ------------ proxies for B\n"
+      "   +--Site B ------- proxies for A\n"
+      "Where A = http://127.0.0.1/\n"
+      "      B = http://baz.com/ (no process)",
+      DepictFrameTree(insecure_web_contents->GetFrameTree()->root()));
+
+  EXPECT_EQ(
+      " Site C\n"
+      "Where C = https://127.0.0.1/",
+      DepictFrameTree(secure_web_contents->GetFrameTree()->root()));
+
+  // Now set a cross-site cookie from the main frame's process and wait for it
+  // to be killed.
+  RenderProcessHostWatcher secure_localhost_killed(
+      insecure_web_contents->GetMainFrame()->GetProcess(),
+      RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
+  FrameHostMsg_SetCookie illegal_set_cookie(
+      insecure_web_contents->GetMainFrame()->GetRoutingID(),
+      GURL("https://baz.com/"), GURL("https://baz.com/"), "pwn=ed");
+  IPC::IpcSecurityTestUtil::PwnMessageReceived(
+      secure_web_contents->GetMainFrame()->GetProcess()->GetChannel(),
+      illegal_set_cookie);
+
+  secure_localhost_killed.Wait();
+
+  EXPECT_EQ(
+      " Site C\n"
+      "Where C = https://127.0.0.1/ (no process)",
+      DepictFrameTree(secure_web_contents->GetFrameTree()->root()));
+
+  // Now try to .
+
+  EXPECT_EQ(
+      " Site A\n"
+      "Where A = http://127.0.0.1/ (no process)",
+      DepictFrameTree(insecure_web_contents->GetFrameTree()->root()));
+}
+
 }  // namespace content