Kill renderers for bad password forms in --site-per-process.

chrome/browser/password_manager/password_manager_browsertest.cc

Index: chrome/browser/password_manager/password_manager_browsertest.cc
diff --git a/chrome/browser/password_manager/password_manager_browsertest.cc b/chrome/browser/password_manager/password_manager_browsertest.cc
index 6a6416b1e3522a7e6f499b3b91d984878669358e..5e49c07bc2ee7ff263eaf5164aad520fb6d26a6a 100644
--- a/chrome/browser/password_manager/password_manager_browsertest.cc
+++ b/chrome/browser/password_manager/password_manager_browsertest.cc
@@ -29,8 +29,10 @@
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/test_switches.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "components/autofill/content/common/autofill_messages.h"
 #include "components/autofill/core/browser/autofill_test_utils.h"
 #include "components/autofill/core/browser/test_autofill_client.h"
+#include "components/autofill/core/common/password_form.h"
 #include "components/infobars/core/confirm_infobar_delegate.h"
 #include "components/infobars/core/infobar.h"
 #include "components/infobars/core/infobar_manager.h"
@@ -41,12 +43,14 @@
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_utils.h"
+#include "ipc/ipc_security_test_util.h"
 #include "net/base/filename_util.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
@@ -91,6 +95,7 @@ class NavigationObserver : public content::WebContentsObserver {
   // content::WebContentsObserver:
   void DidFinishLoad(content::RenderFrameHost* render_frame_host,
                      const GURL& validated_url) override {
+    render_frame_host_ = render_frame_host;
     if (!wait_for_path_.empty()) {
       if (validated_url.path() == wait_for_path_)
         message_loop_runner_->Quit();
@@ -105,8 +110,11 @@ class NavigationObserver : public content::WebContentsObserver {
   }
   void Wait() { message_loop_runner_->Run(); }
 
+  content::RenderFrameHost* render_frame_host() { return render_frame_host_; }
+
  private:
   std::string wait_for_path_;
+  content::RenderFrameHost* render_frame_host_;
   bool quit_on_entry_commited_;
   scoped_refptr<content::MessageLoopRunner> message_loop_runner_;
 
@@ -2127,3 +2135,60 @@ IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
   CheckElementValue("iframe", "username_field", "temp");
 
 }
+
+// The password manager driver will kill processes when they try to access
+// passwords of sites other than the site the process is dedicated to, under
+// site isolation.
+IN_PROC_BROWSER_TEST_F(PasswordManagerBrowserTest,
+                       CrossSitePasswordEnforcement) {
+  // The code under test is only active under site isolation.
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kSitePerProcess)) {

[vabr (Chromium), 2015/07/08 08:26:27]

Are there trybots running tests with this flag?

[lfg, 2015/07/08 15:31:47]

Yes, however it's currently only an FYI bot. The bot is linux_site_isolation.

[vabr (Chromium), 2015/07/09 06:29:32]

Acknowledged.

+    return;
+  }
+
+  // Setup the mock host resolver
+  host_resolver()->AddRule("*", "127.0.0.1");
+
+  // Navigate the main frame.
+  GURL main_frame_url = embedded_test_server()->GetURL(
+      "/password/password_form_in_crosssite_iframe.html");
+  NavigationObserver observer(WebContents());
+  ui_test_utils::NavigateToURL(browser(), main_frame_url);
+  observer.Wait();
+
+  // Create an iframe and navigate cross-site.
+  NavigationObserver iframe_observer(WebContents());
+  iframe_observer.SetPathToWaitFor("/password/crossite_iframe_content.html");

[ncarter (slow), 2015/07/07 22:18:32]

Crossite is an inosilicate double chain sodic amphibole and is a rare silicate
mineral belonging to the riebeckite group. It is considered an intermediate
between the amphiboles glaucophane and magnesioriebeckite, which form a series.

Physical Properties
===================
Hand Specimen Colour: blue 
Transparency: translucent, opaque
Lustre: vitreous 
Streak: grey, grey-blue 
Hardness: 6
Density: 0
Habit: elongate bladed or prismatic laths
Cleavage: One: perfect [110]

Optical Properties
==================
PPL Colour: blue, light blue 
Pleochroism: moderate to strong 
Relief: None
Birefringence: 0.01-0.016 
2V: 0-180 
Optic Type: Biaxial (+) and (-) 

[DaleCurtis, 2015/07/07 22:20:09]

So many words that look like misspellings there -_-

[lfg, 2015/07/08 15:31:47]

Hey! I'm just reusing what's already there ;)

+  GURL iframe_url = embedded_test_server()->GetURL(
+      "foo.com", "/password/crossite_iframe_content.html");
+  std::string create_iframe =
+      base::StringPrintf("create_iframe('%s');", iframe_url.spec().c_str());
+  ASSERT_TRUE(content::ExecuteScript(RenderViewHost(), create_iframe));
+  iframe_observer.Wait();
+
+  // The iframe on the http page should get its own process.

[ncarter (slow), 2015/07/07 22:18:32]

This comment looks like copypasta & needs reworking, "the http page" was in
contrast to the https page, in the cookies test?

[lfg, 2015/07/08 15:31:47]

Yup. Fixed. There's only a single iframe, so the qualifier is irrelevant.

+  content::RenderFrameHost* main_frame = WebContents()->GetMainFrame();
+  content::RenderFrameHost* iframe = iframe_observer.render_frame_host();
+  content::SiteInstance* main_site_instance = main_frame->GetSiteInstance();
+  content::SiteInstance* iframe_site_instance = iframe->GetSiteInstance();
+  EXPECT_NE(main_site_instance, iframe_site_instance);
+  EXPECT_NE(main_frame->GetProcess(), iframe->GetProcess());
+
+  // Try to get cross-site passwords from the subframe's process and wait for it
+  // to be killed.
+  std::vector<autofill::PasswordForm> password_forms;
+  password_forms.push_back(autofill::PasswordForm());
+  password_forms.back().origin = main_frame_url;
+  AutofillHostMsg_PasswordFormsParsed illegal_forms_parsed(
+      iframe->GetRoutingID(), password_forms);
+
+  content::RenderProcessHostWatcher iframe_killed(
+      iframe->GetProcess(),
+      content::RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
+
+  IPC::IpcSecurityTestUtil::PwnMessageReceived(
+      iframe->GetProcess()->GetChannel(), illegal_forms_parsed);
+
+  iframe_killed.Wait();
+}