[Extensions] Don't allow gin::Define to be overridden

[Extensions] Don't allow gin::Define to be overridden

Use DefineOwnProperty instead of Set in for gin, including gin::Define.
Replace Set in v8_helpers as well, to avoid the same problem.
Also update callsites from JS to CHECK expected arguments, rather
than DCHECK (since receiving unexpected arguments likely means
executing untrusted code).

BUG=549986
Committed: https://crrev.com/415b73b1a400a994a86e6f29709aa0271e895dd5
Cr-Commit-Position: refs/heads/master@{#359460}

[Devlin, 2015-11-12 23:09:08]

Description was changed from

==========
[Extensions]
BUG=
==========

to

==========
[Extensions] Don't allow gin::Define to be overridden

Use DefineOwnProperty instead of Set in for gin, including gin::Define.
Replace Set in v8_helpers as well, to avoid the same problem.
Also update callsites from JS to CHECK expected arguments, rather
than DCHECK (since receiving unexpected arguments likely means
executing untrusted code).

BUG=549986
==========

[Devlin, 2015-11-12 23:10:15]

rdevlin.cronin@chromium.org changed reviewers:
+ jochen@chromium.org

[Devlin, 2015-11-12 23:10:15]

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
File extensions/renderer/v8_helpers.h (right):

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
extensions/renderer/v8_helpers.h:72: return IsTrue(object->Set(context, index,
value));
Is there a way to bypass setters for an index-based set property?

[jochen (gone - plz use gerrit), 2015-11-12 23:17:37]

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
File extensions/renderer/v8_helpers.h (right):

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
extensions/renderer/v8_helpers.h:72: return IsTrue(object->Set(context, index,
value));
On 2015/11/12 at 23:10:15, Devlin wrote:
> Is there a way to bypass setters for an index-based set property?

DefineOwnProperty should work for indexed values as well (just convert the
integer to a string)

[Devlin, 2015-11-12 23:40:48]

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
File extensions/renderer/v8_helpers.h (right):

https://codereview.chromium.org/1433293004/diff/1/extensions/renderer/v8_help...
extensions/renderer/v8_helpers.h:72: return IsTrue(object->Set(context, index,
value));
On 2015/11/12 23:17:37, jochen (slow - traveling) wrote:
> On 2015/11/12 at 23:10:15, Devlin wrote:
> > Is there a way to bypass setters for an index-based set property?
> 
> DefineOwnProperty should work for indexed values as well (just convert the
> integer to a string)

Oh, cool.  I wasn't sure if that's what it meant by indexed, or if it like
looped over it's existing properties and inserted one.

Updated.

[jochen (gone - plz use gerrit), 2015-11-12 23:42:21]

lgtm

[Devlin, 2015-11-13 00:35:45]

The CQ bit was checked by rdevlin.cronin@chromium.org

[commit-bot: I haz the power, 2015-11-13 00:39:17]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1433293004/20001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1433293004/20001

[commit-bot: I haz the power, 2015-11-13 01:14:57]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2015-11-13 01:16:32]

Patchset 2 (id:??) landed as
https://crrev.com/415b73b1a400a994a86e6f29709aa0271e895dd5
Cr-Commit-Position: refs/heads/master@{#359460}