Chromium Code Reviews Chromium Code Reviews
Issue 2182633007:
Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/containers/hash_tables.h" | 8 #include "base/containers/hash_tables.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 394 | 394 |
| 395 // Send a second message from the interstitial page, and make sure that the | 395 // Send a second message from the interstitial page, and make sure that the |
| 396 // "evil" message doesn't arrive in the intervening period. | 396 // "evil" message doesn't arrive in the intervening period. |
| 397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), | 397 ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(), |
| 398 "window.domAutomationController.send(\"okay2\");")); | 398 "window.domAutomationController.send(\"okay2\");")); |
| 399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); | 399 ASSERT_TRUE(message_queue.WaitForMessage(&message)); |
| 400 ASSERT_EQ("\"okay2\"", message); | 400 ASSERT_EQ("\"okay2\"", message); |
| 401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); | 401 ASSERT_EQ("\"okay2\"", interstitial->last_command()); |
| 402 } | 402 } |
| 403 | 403 |
| 404 class IsolatedAppContentBrowserClient : public TestContentBrowserClient { | |
| 405 public: | |
| 406 bool IsIllegalOrigin(content::ResourceContext* resource_context, | |
| 407 int child_process_id, | |
| 408 const GURL& origin) override { | |
| 409 // Simulate a case where an app origin is not in an app process. | |
| 410 return true; | |
| 411 } | |
| 412 }; | |
| 413 | |
| 414 // Renderer processes should not be able to spoof Origin HTTP headers. | 404 // Renderer processes should not be able to spoof Origin HTTP headers. |
| 415 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { | 405 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
| 416 // Create a set of IPC messages with various Origin headers. | 406 // Create a set of IPC messages with various Origin headers. |
| 417 ResourceRequest chrome_origin_msg( | 407 ResourceRequest chrome_origin_msg( |
| 418 CreateXHRRequestWithOrigin("chrome://settings")); | 408 CreateXHRRequestWithOrigin("chrome://settings")); |
| 419 ResourceRequest embedder_isolated_origin_msg( | 409 ResourceRequest embedder_isolated_origin_msg( |
| 420 CreateXHRRequestWithOrigin("https://isolated.bar.com")); | 410 CreateXHRRequestWithOrigin("https://isolated.bar.com")); |
| 421 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); | 411 ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl")); |
| 422 ResourceRequest invalid_scheme_origin_msg( | 412 ResourceRequest invalid_scheme_origin_msg( |
| 423 CreateXHRRequestWithOrigin("fake-scheme://foo")); | 413 CreateXHRRequestWithOrigin("fake-scheme://foo")); |
| 424 | 414 |
| 425 GURL web_url("http://foo.com/simple_page.html"); | 415 GURL web_url("http://foo.com/simple_page.html"); |
| 426 NavigateToURL(shell(), web_url); | 416 NavigateToURL(shell(), web_url); |
| 427 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); | 417 RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); |
| 428 | 418 |
| 419 ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https"); | |
|
Charlie Reis
2016/08/02 20:41:42
Please add a comment about how this leads to denyi
| |
| 420 | |
| 429 // Web processes cannot make XHRs with chrome:// Origin headers. | 421 // Web processes cannot make XHRs with chrome:// Origin headers. |
| 430 { | 422 { |
| 431 RenderProcessHostWatcher web_process_killed( | 423 RenderProcessHostWatcher web_process_killed( |
| 432 web_rfh->GetProcess(), | 424 web_rfh->GetProcess(), |
| 433 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 425 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
| 434 IPC::IpcSecurityTestUtil::PwnMessageReceived( | 426 IPC::IpcSecurityTestUtil::PwnMessageReceived( |
| 435 web_rfh->GetProcess()->GetChannel(), | 427 web_rfh->GetProcess()->GetChannel(), |
| 436 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), | 428 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), |
| 437 kRequestIdNotPreviouslyUsed, | 429 kRequestIdNotPreviouslyUsed, |
| 438 chrome_origin_msg)); | 430 chrome_origin_msg)); |
| 439 web_process_killed.Wait(); | 431 web_process_killed.Wait(); |
| 440 } | 432 } |
| 441 | 433 |
| 442 // Web processes cannot make XHRs with URLs that the content embedder expects | 434 // Web processes cannot make XHRs with URLs that the content embedder expects |
| 443 // to have process isolation. Ideally this would test chrome-extension:// | 435 // to have process isolation. Ideally this would test chrome-extension:// |
| 444 // URLs for Chrome Apps, but those can't be tested inside content/ and the | 436 // URLs for Chrome Apps, but those can't be tested inside content/ and the |
| 445 // ResourceRequest IPC can't be created in a test outside content/. | 437 // ResourceRequest IPC can't be created in a test outside content/. |
| 446 NavigateToURL(shell(), web_url); | 438 NavigateToURL(shell(), web_url); |
| 447 { | 439 { |
| 448 // Set up a ContentBrowserClient that simulates an app URL in a non-app | 440 // Set up a ContentBrowserClient that simulates an app URL in a non-app |
| 449 // process. | 441 // process. |
| 450 IsolatedAppContentBrowserClient app_client; | 442 TestContentBrowserClient app_client; |
|
Charlie Reis
2016/08/02 20:41:42
Why keep this if you're removing IsolatedAppConten
| |
| 451 ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client); | 443 ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client); |
| 452 RenderProcessHostWatcher web_process_killed( | 444 RenderProcessHostWatcher web_process_killed( |
| 453 web_rfh->GetProcess(), | 445 web_rfh->GetProcess(), |
| 454 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 446 RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
| 455 IPC::IpcSecurityTestUtil::PwnMessageReceived( | 447 IPC::IpcSecurityTestUtil::PwnMessageReceived( |
| 456 web_rfh->GetProcess()->GetChannel(), | 448 web_rfh->GetProcess()->GetChannel(), |
| 457 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), | 449 ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(), |
| 458 kRequestIdNotPreviouslyUsed, | 450 kRequestIdNotPreviouslyUsed, |
| 459 embedder_isolated_origin_msg)); | 451 embedder_isolated_origin_msg)); |
| 460 web_process_killed.Wait(); | 452 web_process_killed.Wait(); |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 550 // separate task of the message loop, so ensure that the process is still | 542 // separate task of the message loop, so ensure that the process is still |
| 551 // considered alive. | 543 // considered alive. |
| 552 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); | 544 EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection()); |
| 553 | 545 |
| 554 exit_observer.Wait(); | 546 exit_observer.Wait(); |
| 555 EXPECT_FALSE(exit_observer.did_exit_normally()); | 547 EXPECT_FALSE(exit_observer.did_exit_normally()); |
| 556 ResourceDispatcherHost::Get()->SetDelegate(nullptr); | 548 ResourceDispatcherHost::Get()->SetDelegate(nullptr); |
| 557 } | 549 } |
| 558 | 550 |
| 559 } // namespace content | 551 } // namespace content |
| OLD | NEW |
