third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp - Issue 2713413002: Blink bindings: use v8 to enforce method call access checks

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp

Issue 2713413002: Blink bindings: use v8 to enforce method call access checks (Closed)

Patch Set: . Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.h ('K') | « third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.h ('k') | third_party/WebKit/Source/bindings/templates/interface_base.cpp.tmpl » ('j') | third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2012 Google Inc. All rights reserved.	2 * Copyright (C) 2012 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions	5 * modification, are permitted provided that the following conditions

6 * are met:	6 * are met:

7 *	7 *

8 * 1. Redistributions of source code must retain the above copyright	8 * 1. Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * 2. Redistributions in binary form must reproduce the above copyright	10 * 2. Redistributions in binary form must reproduce the above copyright

(...skipping 330 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
341 if (method.holderCheckConfiguration == V8DOMConfiguration::DoNotCheckHolder)	341 if (method.holderCheckConfiguration == V8DOMConfiguration::DoNotCheckHolder)

342 signature = v8::Local<v8::Signature>();	342 signature = v8::Local<v8::Signature>();

343	343

344 DCHECK(method.propertyLocationConfiguration);	344 DCHECK(method.propertyLocationConfiguration);

345 if (method.propertyLocationConfiguration &	345 if (method.propertyLocationConfiguration &

346 (V8DOMConfiguration::OnInstance \| V8DOMConfiguration::OnPrototype)) {	346 (V8DOMConfiguration::OnInstance \| V8DOMConfiguration::OnPrototype)) {

347 v8::Local<v8::FunctionTemplate> functionTemplate =	347 v8::Local<v8::FunctionTemplate> functionTemplate =

348 v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(),	348 v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(),

349 signature, method.length);	349 signature, method.length);

350 functionTemplate->RemovePrototype();	350 functionTemplate->RemovePrototype();

	351 if (method.accessCheckConfiguration == V8DOMConfiguration::CheckAccess)

	352 functionTemplate->SetAcceptAnyReceiver(false);

351 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnInstance)	353 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnInstance)

352 instanceTemplate->Set(	354 instanceTemplate->Set(

353 name, functionTemplate,	355 name, functionTemplate,

354 static_cast<v8::PropertyAttribute>(method.attribute));	356 static_cast<v8::PropertyAttribute>(method.attribute));

355 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnPrototype)	357 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnPrototype)

356 prototypeTemplate->Set(	358 prototypeTemplate->Set(

357 name, functionTemplate,	359 name, functionTemplate,

358 static_cast<v8::PropertyAttribute>(method.attribute));	360 static_cast<v8::PropertyAttribute>(method.attribute));

359 }	361 }

360 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnInterface) {	362 if (method.propertyLocationConfiguration & V8DOMConfiguration::OnInterface) {

361 // Operations installed on the interface object must be static	363 // Operations installed on the interface object must be static

362 // operations, so no need to specify a signature, i.e. no need to do	364 // operations, so no need to specify a signature, i.e. no need to do

363 // type check against a holder.	365 // type check against a holder.

364 v8::Local<v8::FunctionTemplate> functionTemplate =	366 v8::Local<v8::FunctionTemplate> functionTemplate =

365 v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(),	367 v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(),

366 v8::Local<v8::Signature>(), method.length);	368 v8::Local<v8::Signature>(), method.length);

367 functionTemplate->RemovePrototype();	369 functionTemplate->RemovePrototype();

	370 // TODO(dcheng): Does this need an access check?
	dcheng 2017/02/27 05:34:19 I don't think it does, since I think this implies I don't think it does, since I think this implies a static method? haraken 2017/02/27 05:49:25 Agreed. We won't need the access check. I'm okay w Show quoted text On 2017/02/27 05:34:19, dcheng wrote: > I don't think it does, since I think this implies a static method? Agreed. We won't need the access check. I'm okay with adding the check just in case though. dcheng 2017/02/27 07:52:26 Hmm... it's not possible to do an access check in Show quoted text On 2017/02/27 05:49:25, haraken wrote: > On 2017/02/27 05:34:19, dcheng wrote: > > I don't think it does, since I think this implies a static method? > > Agreed. We won't need the access check. I'm okay with adding the check just in > case though. > Hmm... it's not possible to do an access check in that case though, since there is no \|impl\|. I will just remove the TODO and write a comment why an access check is not necessary in this case. Yuki 2017/03/01 08:40:11 Just FYI, the spec doesn't require any access chec Show quoted text On 2017/02/27 07:52:26, dcheng wrote: > On 2017/02/27 05:49:25, haraken wrote: > > On 2017/02/27 05:34:19, dcheng wrote: > > > I don't think it does, since I think this implies a static method? > > > > Agreed. We won't need the access check. I'm okay with adding the check just in > > case though. > > > > Hmm... it's not possible to do an access check in that case though, since there > is no \|impl\|. I will just remove the TODO and write a comment why an access > check is not necessary in this case. Just FYI, the spec doesn't require any access check here because the property is a data property. There is no way to perform a security check when just getting a data property.
368 interfaceTemplate->Set(	371 interfaceTemplate->Set(

369 name, functionTemplate,	372 name, functionTemplate,

370 static_cast<v8::PropertyAttribute>(method.attribute));	373 static_cast<v8::PropertyAttribute>(method.attribute));

371 }	374 }

372 }	375 }

373	376

374 void installMethodInternal(	377 void installMethodInternal(

375 v8::Isolate* isolate,	378 v8::Isolate* isolate,

376 v8::Local<v8::Object> instance,	379 v8::Local<v8::Object> instance,

377 v8::Local<v8::Object> prototype,	380 v8::Local<v8::Object> prototype,

(...skipping 286 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
664 void V8DOMConfiguration::setClassString(	667 void V8DOMConfiguration::setClassString(

665 v8::Isolate* isolate,	668 v8::Isolate* isolate,

666 v8::Local<v8::ObjectTemplate> objectTemplate,	669 v8::Local<v8::ObjectTemplate> objectTemplate,

667 const char* classString) {	670 const char* classString) {

668 objectTemplate->Set(	671 objectTemplate->Set(

669 v8::Symbol::GetToStringTag(isolate), v8AtomicString(isolate, classString),	672 v8::Symbol::GetToStringTag(isolate), v8AtomicString(isolate, classString),

670 static_cast<v8::PropertyAttribute>(v8::ReadOnly \| v8::DontEnum));	673 static_cast<v8::PropertyAttribute>(v8::ReadOnly \| v8::DontEnum));

671 }	674 }

672	675

673 } // namespace blink	676 } // namespace blink

OLD	NEW