Enable websocket filtering via SubresourceFilter

third_party/WebKit/Source/modules/websockets/DocumentWebSocketChannel.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 15 matching lines @@
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "modules/websockets/DocumentWebSocketChannel.h"
 
 #include <memory>
 #include "core/dom/DOMArrayBuffer.h"
 #include "core/dom/ExecutionContext.h"
+#include "core/dom/TaskRunnerHelper.h"
 #include "core/fileapi/FileReaderLoader.h"
 #include "core/fileapi/FileReaderLoaderClient.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/LocalFrameClient.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/inspector/InspectorInstrumentation.h"
+#include "core/loader/DocumentLoader.h"
+#include "core/loader/SubresourceFilter.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/MixedContentChecker.h"
 #include "core/loader/ThreadableLoadingContext.h"
 #include "modules/websockets/InspectorWebSocketEvents.h"
 #include "modules/websockets/WebSocketChannelClient.h"
 #include "modules/websockets/WebSocketFrame.h"
 #include "modules/websockets/WebSocketHandleImpl.h"
 #include "platform/WebFrameScheduler.h"
 #include "platform/loader/fetch/UniqueIdentifier.h"
 #include "platform/network/NetworkLog.h"
@@ skipping 125 matching lines @@
   m_url = url;
   Vector<String> protocols;
   // Avoid placing an empty token in the Vector when the protocol string is
   // empty.
   if (!protocol.isEmpty()) {
     // Since protocol is already verified and escaped, we can simply split
     // it.
     protocol.split(", ", true, protocols);
   }
 
+  // If the connection needs to be filtered, asynchronously fail. Note that

[engedy, 2017/03/06 14:12:46]

nit: Let's make this comment more specific, as it leaves the reader wondering
what a `synchronous security error` is, and why subresource filtering cannot be
done synchronously.

It looks like we are just using this to avoid triggering throwing a
SecurityError in [1], as that code expects the only reason for synchronously
failing here would be because of Mixed Content checks? If so, could you please
elaborate on this specifically here?

1:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/websoc...

[Charlie Harrison, 2017/03/06 14:48:23]

It's based on that and based on the fact that we don't want to block the worker
thread by posting a message. I'll fix up the comment.

+  // returning "true" just indicates that this was not synchronous security
+  // error.
+  if (shouldDisallowConnection(url)) {
+    TaskRunnerHelper::get(TaskType::Networking, document())
+        ->postTask(
+            BLINK_FROM_HERE,
+            WTF::bind(
+                &DocumentWebSocketChannel::failWithClosureCode,
+                wrapPersistent(this), CloseEventCodePolicyViolation,

[engedy, 2017/03/06 14:12:46]

nit: Is this error code really appropriate here?

According to [1], code 1008 is sent by an endpoint in a `Close control frame` if
it has received a message that violates its policy.

Would code 1006 not be more appropriate? It is "designated for use in
applications expecting a status code to indicate that the connection was closed
abnormally, e.g., without sending or receiving a Close control frame."

1: https://tools.ietf.org/html/rfc6455#section-7.4

[Charlie Harrison, 2017/03/06 14:48:23]

Hm yeah I think you're right. Since we never open a connection I think 1006
might be the best option.

yhirano: WDYT?

+                String("Connection disallowed by the subresource filter"),
+                WarningMessageLevel,
+                WTF::passed(SourceLocation::create(String(), 0, 0, nullptr))));
+    return true;
+  }
+
   // TODO(kinuko): document() should return nullptr if we don't
   // have valid document/frame that returns non-empty interface provider.
   if (document() && document()->frame() &&
       document()->frame()->interfaceProvider() !=
           InterfaceProvider::getEmptyInterfaceProvider()) {
     // Initialize the WebSocketHandle with the frame's InterfaceProvider to
     // provide the WebSocket implementation with context about this frame.
     // This is important so that the browser can show UI associated with
     // the WebSocket (e.g., for certificate errors).
     m_handle->initialize(document()->frame()->interfaceProvider());
@@ skipping 92 matching lines @@
   DCHECK(m_handle);
   unsigned short codeToSend = static_cast<unsigned short>(
       code == CloseEventCodeNotSpecified ? CloseEventCodeNoStatusRcvd : code);
   m_messages.append(new Message(codeToSend, reason));
   processSendQueue();
 }
 
 void DocumentWebSocketChannel::fail(const String& reason,
                                     MessageLevel level,
                                     std::unique_ptr<SourceLocation> location) {
+  return failWithClosureCode(CloseEventCodeAbnormalClosure, reason, level,
+                             std::move(location));
+}
+
+void DocumentWebSocketChannel::failWithClosureCode(
+    unsigned short code,
+    const String& reason,
+    MessageLevel level,
+    std::unique_ptr<SourceLocation> location) {
   NETWORK_DVLOG(1) << this << " fail(" << reason << ")";
   // m_handle and m_client can be null here.
 
   connection_handle_for_scheduler_.reset();
 
   if (document()) {
     InspectorInstrumentation::didReceiveWebSocketFrameError(
         document(), m_identifier, reason);
     const String message = "WebSocket connection to '" + m_url.elidedString() +
                            "' failed: " + reason;
     document()->addConsoleMessage(ConsoleMessage::create(
         JSMessageSource, level, message, std::move(location)));
   }
 
   if (m_client)
     m_client->didError();
   // |reason| is only for logging and should not be provided for scripts,
   // hence close reason must be empty.
-  handleDidClose(false, CloseEventCodeAbnormalClosure, String());
+  handleDidClose(false, code, String());
   // handleDidClose may delete this object.
 }
 
 void DocumentWebSocketChannel::disconnect() {
   NETWORK_DVLOG(1) << this << " disconnect()";
   if (m_identifier) {
     TRACE_EVENT_INSTANT1(
         "devtools.timeline", "WebSocketDestroy", TRACE_EVENT_SCOPE_THREAD,
         "data", InspectorWebSocketEvent::data(document(), m_identifier));
     InspectorInstrumentation::didCloseWebSocket(document(), m_identifier);
@@ skipping 346 matching lines @@
   m_blobLoader.clear();
   if (errorCode == FileError::kAbortErr) {
     // The error is caused by cancel().
     return;
   }
   // FIXME: Generate human-friendly reason message.
   failAsError("Failed to load Blob: error code = " + String::number(errorCode));
   // |this| can be deleted here.
 }
 
+bool DocumentWebSocketChannel::shouldDisallowConnection(const KURL& url) {
+  if (!m_handle)

[engedy, 2017/03/06 14:12:46]

Can this ever evaluate to false? If not, let's make this a DCHECK.

[Charlie Harrison, 2017/03/06 14:48:23]

Done.

+    return false;
+  DocumentLoader* loader = document()->loader();
+  if (!loader)
+    return false;
+  SubresourceFilter* subresourceFilter = loader->subresourceFilter();
+  if (!subresourceFilter)
+    return false;
+  return !subresourceFilter->allowWebSocketConnection(url);
+}
+
 DEFINE_TRACE(DocumentWebSocketChannel) {
   visitor->trace(m_blobLoader);
   visitor->trace(m_messages);
   visitor->trace(m_client);
   visitor->trace(m_loadingContext);
   WebSocketChannel::trace(visitor);
 }
 
 std::ostream& operator<<(std::ostream& ostream,
                          const DocumentWebSocketChannel* channel) {
   return ostream << "DocumentWebSocketChannel "
                  << static_cast<const void*>(channel);
 }
 
 }  // namespace blink