Fix a crash of SRI when used with web workers

third_party/WebKit/Source/core/frame/SubresourceIntegrity.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/SubresourceIntegrity.h"
 
 #include "core/HTMLNames.h"
 #include "core/dom/Document.h"
 #include "core/dom/Element.h"
+#include "core/dom/ExecutionContext.h"
 #include "core/fetch/Resource.h"
 #include "core/frame/UseCounter.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "platform/Crypto.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/WebCrypto.h"
 #include "public/platform/WebCryptoAlgorithm.h"
 #include "wtf/ASCIICType.h"
 #include "wtf/Vector.h"
@@ skipping 11 matching lines @@
   // not much risk in it, and it'll make it simpler for developers.
   return isASCIIAlphanumeric(c) || c == '_' || c == '-' || c == '+' ||
          c == '/' || c == '=';
 }
 
 static bool isValueCharacter(UChar c) {
   // VCHAR per https://tools.ietf.org/html/rfc5234#appendix-B.1
   return c >= 0x21 && c <= 0x7e;
 }
 
-static void logErrorToConsole(const String& message, Document& document) {
-  document.addConsoleMessage(ConsoleMessage::create(
+static void logErrorToConsole(const String& message,
+                              ExecutionContext& executionContext) {
+  executionContext.addConsoleMessage(ConsoleMessage::create(
       SecurityMessageSource, ErrorMessageLevel, message));
 }
 
 static bool DigestsEqual(const DigestValue& digest1,
                          const DigestValue& digest2) {
   if (digest1.size() != digest2.size())
     return false;
 
   for (size_t i = 0; i < digest1.size(); i++) {
     if (digest1[i] != digest2[i])
@@ skipping 96 matching lines @@
   if (!result)
     logErrorToConsole(errorMessage, document);
   return result;
 }
 
 bool SubresourceIntegrity::CheckSubresourceIntegrity(
     const String& integrityMetadata,
     const char* content,
     size_t size,
     const KURL& resourceUrl,
-    Document& document,
+    ExecutionContext& executionContext,
     String& errorMessage) {
   IntegrityMetadataSet metadataSet;
-  IntegrityParseResult integrityParseResult =
-      parseIntegrityAttribute(integrityMetadata, metadataSet, &document);
+  IntegrityParseResult integrityParseResult = parseIntegrityAttribute(
+      integrityMetadata, metadataSet, &executionContext);
   // On failed parsing, there's no need to log an error here, as
   // parseIntegrityAttribute() will output an appropriate console message.
   if (integrityParseResult != IntegrityParseValidResult)
     return true;
 
   return CheckSubresourceIntegrity(metadataSet, content, size, resourceUrl,
-                                   document, errorMessage);
+                                   executionContext, errorMessage);
 }
 
 bool SubresourceIntegrity::CheckSubresourceIntegrity(
     const IntegrityMetadataSet& metadataSet,
     const char* content,
     size_t size,
     const KURL& resourceUrl,
-    Document& document,
+    ExecutionContext& executionContext,
     String& errorMessage) {
   if (!metadataSet.size())
     return true;
 
   HashAlgorithm strongestAlgorithm = HashAlgorithmSha256;
   for (const IntegrityMetadata& metadata : metadataSet)
     strongestAlgorithm =
         getPrioritizedHashFunction(metadata.algorithm(), strongestAlgorithm);
 
   DigestValue digest;
   for (const IntegrityMetadata& metadata : metadataSet) {
     if (metadata.algorithm() != strongestAlgorithm)
       continue;
 
     digest.clear();
     bool digestSuccess =
         computeDigest(metadata.algorithm(), content, size, digest);
 
     if (digestSuccess) {
       Vector<char> hashVector;
       base64Decode(metadata.digest(), hashVector);
       DigestValue convertedHashVector;
       convertedHashVector.append(reinterpret_cast<uint8_t*>(hashVector.data()),
                                  hashVector.size());
 
       if (DigestsEqual(digest, convertedHashVector)) {
-        UseCounter::count(document,
+        UseCounter::count(&executionContext,
                           UseCounter::SRIElementWithMatchingIntegrityAttribute);
         return true;
       }
     }
   }
 
   digest.clear();
   if (computeDigest(HashAlgorithmSha256, content, size, digest)) {
     // This message exposes the digest of the resource to the console.
     // Because this is only to the console, that's okay for now, but we
     // need to be very careful not to expose this in exceptions or
     // JavaScript, otherwise it risks exposing information about the
     // resource cross-origin.
     errorMessage =
         "Failed to find a valid digest in the 'integrity' attribute for "
         "resource '" +
         resourceUrl.elidedString() + "' with computed SHA-256 integrity '" +
         digestToString(digest) + "'. The resource has been blocked.";
   } else {
     errorMessage =
         "There was an error computing an integrity value for resource '" +
         resourceUrl.elidedString() + "'. The resource has been blocked.";
   }
-  UseCounter::count(document,
+  UseCounter::count(&executionContext,
                     UseCounter::SRIElementWithNonMatchingIntegrityAttribute);
   return false;
 }
 
 // Before:
 //
 // [algorithm]-[hash]
 // ^                 ^
 // position          end
 //
@@ skipping 70 matching lines @@
 }
 
 SubresourceIntegrity::IntegrityParseResult
 SubresourceIntegrity::parseIntegrityAttribute(
     const WTF::String& attribute,
     IntegrityMetadataSet& metadataSet) {
   return parseIntegrityAttribute(attribute, metadataSet, nullptr);
 }
 
 SubresourceIntegrity::IntegrityParseResult
-SubresourceIntegrity::parseIntegrityAttribute(const WTF::String& attribute,
-                                              IntegrityMetadataSet& metadataSet,
-                                              Document* document) {
+SubresourceIntegrity::parseIntegrityAttribute(
+    const WTF::String& attribute,
+    IntegrityMetadataSet& metadataSet,
+    ExecutionContext* executionContext) {
   Vector<UChar> characters;
   attribute.stripWhiteSpace().appendTo(characters);
   const UChar* position = characters.data();
   const UChar* end = characters.end();
   const UChar* currentIntegrityEnd;
 
   metadataSet.clear();
   bool error = false;
 
   // The integrity attribute takes the form:
@@ skipping 11 matching lines @@
     // Algorithm parsing errors are non-fatal (the subresource should
     // still be loaded) because strong hash algorithms should be used
     // without fear of breaking older user agents that don't support
     // them.
     AlgorithmParseResult parseResult =
         parseAlgorithm(position, currentIntegrityEnd, algorithm);
     if (parseResult == AlgorithmUnknown) {
       // Unknown hash algorithms are treated as if they're not present,
       // and thus are not marked as an error, they're just skipped.
       skipUntil<UChar, isASCIISpace>(position, end);
-      if (document) {
+      if (executionContext) {
         logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute +
                               "'). The specified hash algorithm must be one of "
                               "'sha256', 'sha384', or 'sha512'.",
-                          *document);
+                          *executionContext);
         UseCounter::count(
-            *document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
+            executionContext,
+            UseCounter::SRIElementWithUnparsableIntegrityAttribute);
       }
       continue;
     }
 
     if (parseResult == AlgorithmUnparsable) {
       error = true;
       skipUntil<UChar, isASCIISpace>(position, end);
-      if (document) {
+      if (executionContext) {
         logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute +
                               "'). The hash algorithm must be one of 'sha256', "
                               "'sha384', or 'sha512', followed by a '-' "
                               "character.",
-                          *document);
+                          *executionContext);
         UseCounter::count(
-            *document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
+            executionContext,
+            UseCounter::SRIElementWithUnparsableIntegrityAttribute);
       }
       continue;
     }
 
     ASSERT(parseResult == AlgorithmValid);
 
     if (!parseDigest(position, currentIntegrityEnd, digest)) {
       error = true;
       skipUntil<UChar, isASCIISpace>(position, end);
-      if (document) {
+      if (executionContext) {
         logErrorToConsole(
             "Error parsing 'integrity' attribute ('" + attribute +
                 "'). The digest must be a valid, base64-encoded value.",
-            *document);
+            *executionContext);
         UseCounter::count(
-            *document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
+            executionContext,
+            UseCounter::SRIElementWithUnparsableIntegrityAttribute);
       }
       continue;
     }
 
     // The spec defines a space in the syntax for options, separated by a
     // '?' character followed by unbounded VCHARs, but no actual options
     // have been defined yet. Thus, for forward compatibility, ignore any
     // options specified.
     if (skipExactly<UChar>(position, end, '?')) {
       const UChar* begin = position;
       skipWhile<UChar, isValueCharacter>(position, end);
-      if (begin != position && document)
+      if (begin != position && executionContext) {
         logErrorToConsole(
             "Ignoring unrecogized 'integrity' attribute option '" +
                 String(begin, position - begin) + "'.",
-            *document);
+            *executionContext);
+      }
     }
 
     IntegrityMetadata integrityMetadata(digest, algorithm);
     metadataSet.add(integrityMetadata.toPair());
   }
 
   if (metadataSet.size() == 0 && error)
     return IntegrityParseNoValidResult;
 
   return IntegrityParseValidResult;
 }
 
 }  // namespace blink