Cache Storage: restrict access to secure origins (Blink-side)

Source/modules/cachestorage/InspectorCacheStorageAgent.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "modules/cachestorage/InspectorCacheStorageAgent.h"
 
 #include "core/InspectorBackendDispatcher.h"
 #include "core/InspectorTypeBuilder.h"
+#include "core/dom/Document.h"
+#include "core/dom/ExecutionContext.h"
+#include "core/frame/Frame.h"
+#include "core/page/Page.h"
 #include "platform/JSONValues.h"
 #include "platform/heap/Handle.h"
 #include "platform/weborigin/DatabaseIdentifier.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebServiceWorkerCache.h"
 #include "public/platform/WebServiceWorkerCacheError.h"
 #include "public/platform/WebServiceWorkerCacheStorage.h"
 #include "public/platform/WebServiceWorkerRequest.h"
@@ skipping 39 matching lines @@
     size_t pipe = id.find('|');
     if (pipe == WTF::kNotFound) {
         *errorString = "Invalid cache id.";
         return false;
     }
     *securityOrigin = id.substring(0, pipe);
     *cacheName = id.substring(pipe + 1);
     return true;
 }
 
-PassOwnPtr<WebServiceWorkerCacheStorage> assertCacheStorage(ErrorString* errorString, const String& securityOrigin)
-{
-    RefPtr<SecurityOrigin> secOrigin = SecurityOrigin::createFromString(securityOrigin);
-    String identifier = createDatabaseIdentifierFromSecurityOrigin(secOrigin.get());
-    OwnPtr<WebServiceWorkerCacheStorage> cache = adoptPtr(Platform::current()->cacheStorage(identifier));
-    if (!cache)
-        *errorString = "Could not find cache storage.";
-    return cache.release();
-}
-
-PassOwnPtr<WebServiceWorkerCacheStorage> assertCacheStorageAndNameForId(ErrorString* errorString, const String& cacheId, String* cacheName)
-{
-    String securityOrigin;
-    if (!parseCacheId(errorString, cacheId, &securityOrigin, cacheName)) {
-        return nullptr;
-    }
-    return assertCacheStorage(errorString, securityOrigin);
-}
-
 CString serviceWorkerCacheErrorString(WebServiceWorkerCacheError* error)
 {
     switch (*error) {
     case WebServiceWorkerCacheErrorNotImplemented:
         return CString("not implemented.");
         break;
     case WebServiceWorkerCacheErrorNotFound:
         return CString("not found.");
         break;
     case WebServiceWorkerCacheErrorExists:
@@ skipping 287 matching lines @@
     }
 
 private:
     String m_requestSpec;
     String m_cacheName;
     RefPtrWillBePersistent<DeleteEntryCallback> m_callback;
 };
 
 } // namespace
 
-InspectorCacheStorageAgent::InspectorCacheStorageAgent()
+InspectorCacheStorageAgent::InspectorCacheStorageAgent(Page* page)
     : InspectorBaseAgent<InspectorCacheStorageAgent, InspectorFrontend::CacheStorage>("CacheStorage")
+    , m_page(page)
 {
 }
 
 InspectorCacheStorageAgent::~InspectorCacheStorageAgent() { }
 
 DEFINE_TRACE(InspectorCacheStorageAgent)
 {
     InspectorBaseAgent::trace(visitor);
 }
 
@@ skipping 37 matching lines @@
 {
     String cacheName;
     OwnPtr<WebServiceWorkerCacheStorage> cache = assertCacheStorageAndNameForId(errorString, cacheId, &cacheName);
     if (!cache) {
         callback->sendFailure(*errorString);
         return;
     }
     cache->dispatchOpen(new GetCacheForDeleteEntry(request, cacheName, callback), WebString(cacheName));
 }
 
+ExecutionContext* InspectorCacheStorageAgent::assertExecutionContextForOrigin(ErrorString* error, SecurityOrigin* origin)
+{
+    for (Frame* frame = m_page->mainFrame(); frame; frame = frame->tree().traverseNext()) {
+        if (!frame->isLocalFrame())
+            continue;
+        LocalFrame* localFrame = toLocalFrame(frame);
+        if (localFrame->document() && localFrame->document()->securityOrigin()->isSameSchemeHostPort(origin))
+            return localFrame->document();
+    }
+
+    *error = "No frame is available for the request";
+    return 0;
+}
+
+PassOwnPtr<WebServiceWorkerCacheStorage> InspectorCacheStorageAgent::assertCacheStorage(ErrorString* errorString, const String& securityOrigin)
+{
+    RefPtr<SecurityOrigin> secOrigin = SecurityOrigin::createFromString(securityOrigin);
+    ExecutionContext* executionContext = assertExecutionContextForOrigin(errorString, secOrigin.get());
+    if (!executionContext || !executionContext->isPrivilegedContext(*errorString))

[jsbell, 2015/06/19 20:32:40]

This should call a public static on CacheStorage rather than duplicating the
permission check.

+        return nullptr;
+
+    String identifier = createDatabaseIdentifierFromSecurityOrigin(secOrigin.get());
+    OwnPtr<WebServiceWorkerCacheStorage> cache = adoptPtr(Platform::current()->cacheStorage(identifier));
+    if (!cache)
+        *errorString = "Could not find cache storage.";
+    return cache.release();
+}
+
+PassOwnPtr<WebServiceWorkerCacheStorage> InspectorCacheStorageAgent::assertCacheStorageAndNameForId(ErrorString* errorString, const String& cacheId, String* cacheName)
+{
+    String securityOrigin;
+    if (!parseCacheId(errorString, cacheId, &securityOrigin, cacheName))
+        return nullptr;
+    return assertCacheStorage(errorString, securityOrigin);
+}
+
 
 } // namespace blink