OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
11 * notice, this list of conditions and the following disclaimer in the | 11 * notice, this list of conditions and the following disclaimer in the |
12 * documentation and/or other materials provided with the distribution. | 12 * documentation and/or other materials provided with the distribution. |
13 * | 13 * |
14 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY | 14 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
17 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY | 17 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
19 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 19 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
20 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 20 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
21 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 */ | 24 */ |
25 | 25 |
26 #include "bindings/modules/v8/V8BindingForModules.h" | 26 #include "bindings/modules/v8/V8BindingForModules.h" |
27 | 27 |
| 28 #include "bindings/core/v8/SerializationTag.h" |
| 29 #include "bindings/core/v8/SerializedScriptValue.h" |
28 #include "bindings/core/v8/ToV8.h" | 30 #include "bindings/core/v8/ToV8.h" |
29 #include "bindings/core/v8/V8Binding.h" | 31 #include "bindings/core/v8/V8Binding.h" |
30 #include "bindings/core/v8/V8BindingForTesting.h" | 32 #include "bindings/core/v8/V8BindingForTesting.h" |
31 #include "bindings/core/v8/V8PerIsolateData.h" | 33 #include "bindings/core/v8/V8PerIsolateData.h" |
32 #include "bindings/modules/v8/ToV8ForModules.h" | 34 #include "bindings/modules/v8/ToV8ForModules.h" |
| 35 #include "modules/indexeddb/IDBAny.h" |
33 #include "modules/indexeddb/IDBKey.h" | 36 #include "modules/indexeddb/IDBKey.h" |
34 #include "modules/indexeddb/IDBKeyPath.h" | 37 #include "modules/indexeddb/IDBKeyPath.h" |
| 38 #include "modules/indexeddb/IDBValue.h" |
| 39 #include "platform/SharedBuffer.h" |
| 40 #include "public/platform/WebBlobInfo.h" |
| 41 #include "public/platform/WebData.h" |
| 42 #include "public/platform/WebString.h" |
| 43 #include "public/platform/modules/indexeddb/WebIDBKey.h" |
| 44 #include "public/platform/modules/indexeddb/WebIDBKeyPath.h" |
| 45 #include "public/platform/modules/indexeddb/WebIDBValue.h" |
35 #include "testing/gtest/include/gtest/gtest.h" | 46 #include "testing/gtest/include/gtest/gtest.h" |
36 | 47 |
37 namespace blink { | 48 namespace blink { |
38 | 49 |
39 namespace { | 50 namespace { |
40 | 51 |
41 IDBKey* checkKeyFromValueAndKeyPathInternal(v8::Isolate* isolate, | 52 IDBKey* checkKeyFromValueAndKeyPathInternal(v8::Isolate* isolate, |
42 const ScriptValue& value, | 53 const ScriptValue& value, |
43 const String& keyPath) { | 54 const String& keyPath) { |
44 IDBKeyPath idbKeyPath(keyPath); | 55 IDBKeyPath idbKeyPath(keyPath); |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
109 void checkKeyPathNumberValue(v8::Isolate* isolate, | 120 void checkKeyPathNumberValue(v8::Isolate* isolate, |
110 const ScriptValue& value, | 121 const ScriptValue& value, |
111 const String& keyPath, | 122 const String& keyPath, |
112 int expected) { | 123 int expected) { |
113 IDBKey* idbKey = checkKeyFromValueAndKeyPathInternal(isolate, value, keyPath); | 124 IDBKey* idbKey = checkKeyFromValueAndKeyPathInternal(isolate, value, keyPath); |
114 ASSERT_TRUE(idbKey); | 125 ASSERT_TRUE(idbKey); |
115 ASSERT_EQ(IDBKey::NumberType, idbKey->getType()); | 126 ASSERT_EQ(IDBKey::NumberType, idbKey->getType()); |
116 ASSERT_TRUE(expected == idbKey->number()); | 127 ASSERT_TRUE(expected == idbKey->number()); |
117 } | 128 } |
118 | 129 |
| 130 // SerializedScriptValue header format offsets are inferred from the Blink and |
| 131 // V8 serialization code. The code below DCHECKs that |
| 132 constexpr static size_t kSSVHeaderBlinkVersionOffset = 0; |
| 133 constexpr static size_t kSSVHeaderBlinkVersionTagOffset = 1; |
| 134 constexpr static size_t kSSVHeaderV8VersionOffset = 2; |
| 135 constexpr static size_t kSSVHeaderV8VersionTagOffset = 3; |
| 136 |
| 137 // 13 is v8::internal::kLatestVersion in v8/src/value-serializer.cc at the |
| 138 // time when this test was written. Unlike Blink, V8 does not currently export |
| 139 // its serialization version, so this number might get stale. |
| 140 constexpr static unsigned char kV8LatestKnownVersion = 13; |
| 141 |
| 142 // Follows the same steps as the IndexedDB value serialization code. |
| 143 void serializeV8Value(v8::Local<v8::Value> value, |
| 144 v8::Isolate* isolate, |
| 145 Vector<char>* wireBytes) { |
| 146 NonThrowableExceptionState nonThrowableExceptionState; |
| 147 |
| 148 SerializedScriptValue::SerializeOptions options; |
| 149 RefPtr<SerializedScriptValue> serializedValue = |
| 150 SerializedScriptValue::serialize(isolate, value, options, |
| 151 nonThrowableExceptionState); |
| 152 serializedValue->toWireBytes(*wireBytes); |
| 153 |
| 154 // Sanity check that the serialization header has not changed, as the tests |
| 155 // that use this method rely on the header format. |
| 156 // |
| 157 // The cast from char* to unsigned char* is necessary to avoid VS2015 warning |
| 158 // C4309 (truncation of constant value). This happens because VersionTag is |
| 159 // 0xFF. |
| 160 const unsigned char* wireData = |
| 161 reinterpret_cast<unsigned char*>(wireBytes->data()); |
| 162 ASSERT_EQ( |
| 163 static_cast<unsigned char>(SerializedScriptValue::wireFormatVersion), |
| 164 wireData[kSSVHeaderBlinkVersionOffset]); |
| 165 ASSERT_EQ(static_cast<unsigned char>(VersionTag), |
| 166 wireData[kSSVHeaderBlinkVersionTagOffset]); |
| 167 |
| 168 ASSERT_GE(static_cast<unsigned char>(kV8LatestKnownVersion), |
| 169 wireData[kSSVHeaderV8VersionOffset]); |
| 170 ASSERT_EQ(static_cast<unsigned char>(VersionTag), |
| 171 wireData[kSSVHeaderV8VersionTagOffset]); |
| 172 } |
| 173 |
| 174 PassRefPtr<IDBValue> createIDBValue(v8::Isolate* isolate, |
| 175 Vector<char>& wireBytes, |
| 176 double primaryKey, |
| 177 const WebString& keyPath) { |
| 178 WebData webData(SharedBuffer::adoptVector(wireBytes)); |
| 179 Vector<WebBlobInfo> webBlobInfo; |
| 180 WebIDBKey webIdbKey = WebIDBKey::createNumber(primaryKey); |
| 181 WebIDBKeyPath webIdbKeyPath(keyPath); |
| 182 WebIDBValue webIdbValue(webData, webBlobInfo, webIdbKey, webIdbKeyPath); |
| 183 return IDBValue::create(webIdbValue, isolate); |
| 184 } |
| 185 |
119 TEST(IDBKeyFromValueAndKeyPathTest, TopLevelPropertyStringValue) { | 186 TEST(IDBKeyFromValueAndKeyPathTest, TopLevelPropertyStringValue) { |
120 V8TestingScope scope; | 187 V8TestingScope scope; |
121 v8::Isolate* isolate = scope.isolate(); | 188 v8::Isolate* isolate = scope.isolate(); |
122 | 189 |
123 // object = { foo: "zoo" } | 190 // object = { foo: "zoo" } |
124 v8::Local<v8::Object> object = v8::Object::New(isolate); | 191 v8::Local<v8::Object> object = v8::Object::New(isolate); |
125 ASSERT_TRUE( | 192 ASSERT_TRUE( |
126 v8CallBoolean(object->Set(scope.context(), v8AtomicString(isolate, "foo"), | 193 v8CallBoolean(object->Set(scope.context(), v8AtomicString(isolate, "foo"), |
127 v8AtomicString(isolate, "zoo")))); | 194 v8AtomicString(isolate, "zoo")))); |
128 | 195 |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
231 IDBKey::createArray(IDBKey::KeyArray()), scriptObject, | 298 IDBKey::createArray(IDBKey::KeyArray()), scriptObject, |
232 "foo.baz"); | 299 "foo.baz"); |
233 checkInjection(scope.getScriptState(), | 300 checkInjection(scope.getScriptState(), |
234 IDBKey::createArray(IDBKey::KeyArray()), scriptObject, "bar"); | 301 IDBKey::createArray(IDBKey::KeyArray()), scriptObject, "bar"); |
235 | 302 |
236 checkInjectionDisallowed(scope.getScriptState(), scriptObject, "foo.bar.baz"); | 303 checkInjectionDisallowed(scope.getScriptState(), scriptObject, "foo.bar.baz"); |
237 checkInjection(scope.getScriptState(), IDBKey::createString("zoo"), | 304 checkInjection(scope.getScriptState(), IDBKey::createString("zoo"), |
238 scriptObject, "foo.xyz.foo"); | 305 scriptObject, "foo.xyz.foo"); |
239 } | 306 } |
240 | 307 |
| 308 TEST(DeserializeIDBValueTest, CurrentVersions) { |
| 309 V8TestingScope scope; |
| 310 v8::Isolate* isolate = scope.isolate(); |
| 311 |
| 312 Vector<char> objectBytes; |
| 313 v8::Local<v8::Object> emptyObject = v8::Object::New(isolate); |
| 314 serializeV8Value(emptyObject, isolate, &objectBytes); |
| 315 RefPtr<IDBValue> idbValue = createIDBValue(isolate, objectBytes, 42.0, "foo"); |
| 316 |
| 317 v8::Local<v8::Value> v8Value = |
| 318 deserializeIDBValue(isolate, scope.context()->Global(), idbValue.get()); |
| 319 EXPECT_TRUE(!scope.getExceptionState().hadException()); |
| 320 |
| 321 ASSERT_TRUE(v8Value->IsObject()); |
| 322 v8::Local<v8::Object> v8ValueObject = v8Value.As<v8::Object>(); |
| 323 v8::Local<v8::Value> v8NumberValue = |
| 324 v8ValueObject->Get(scope.context(), v8AtomicString(isolate, "foo")) |
| 325 .ToLocalChecked(); |
| 326 ASSERT_TRUE(v8NumberValue->IsNumber()); |
| 327 v8::Local<v8::Number> v8Number = v8NumberValue.As<v8::Number>(); |
| 328 EXPECT_EQ(v8Number->Value(), 42.0); |
| 329 } |
| 330 |
| 331 TEST(DeserializeIDBValueTest, FutureV8Version) { |
| 332 V8TestingScope scope; |
| 333 v8::Isolate* isolate = scope.isolate(); |
| 334 |
| 335 // Pretend that the object was serialized by a future version of V8. |
| 336 Vector<char> objectBytes; |
| 337 v8::Local<v8::Object> emptyObject = v8::Object::New(isolate); |
| 338 serializeV8Value(emptyObject, isolate, &objectBytes); |
| 339 objectBytes[kSSVHeaderV8VersionTagOffset] += 1; |
| 340 |
| 341 // The call sequence below mimics IndexedDB's usage pattern when attempting to |
| 342 // read a value in an object store with a key generator and a key path, but |
| 343 // the serialized value uses a newer format version. |
| 344 // |
| 345 // http://crbug.com/703704 has a reproduction for this test's circumstances. |
| 346 RefPtr<IDBValue> idbValue = createIDBValue(isolate, objectBytes, 42.0, "foo"); |
| 347 |
| 348 v8::Local<v8::Value> v8Value = |
| 349 deserializeIDBValue(isolate, scope.context()->Global(), idbValue.get()); |
| 350 EXPECT_TRUE(!scope.getExceptionState().hadException()); |
| 351 EXPECT_TRUE(v8Value->IsNull()); |
| 352 } |
| 353 |
| 354 TEST(DeserializeIDBValueTest, InjectionIntoNonObject) { |
| 355 V8TestingScope scope; |
| 356 v8::Isolate* isolate = scope.isolate(); |
| 357 |
| 358 // Simulate a storage corruption where an object is read back as a number. |
| 359 // This test uses a one-segment key path. |
| 360 Vector<char> objectBytes; |
| 361 v8::Local<v8::Number> number = v8::Number::New(isolate, 42.0); |
| 362 serializeV8Value(number, isolate, &objectBytes); |
| 363 RefPtr<IDBValue> idbValue = createIDBValue(isolate, objectBytes, 42.0, "foo"); |
| 364 |
| 365 v8::Local<v8::Value> v8Value = |
| 366 deserializeIDBValue(isolate, scope.context()->Global(), idbValue.get()); |
| 367 EXPECT_TRUE(!scope.getExceptionState().hadException()); |
| 368 ASSERT_TRUE(v8Value->IsNumber()); |
| 369 v8::Local<v8::Number> v8Number = v8Value.As<v8::Number>(); |
| 370 EXPECT_EQ(v8Number->Value(), 42.0); |
| 371 } |
| 372 |
| 373 TEST(DeserializeIDBValueTest, NestedInjectionIntoNonObject) { |
| 374 V8TestingScope scope; |
| 375 v8::Isolate* isolate = scope.isolate(); |
| 376 |
| 377 // Simulate a storage corruption where an object is read back as a number. |
| 378 // This test uses a multiple-segment key path. |
| 379 Vector<char> objectBytes; |
| 380 v8::Local<v8::Number> number = v8::Number::New(isolate, 42.0); |
| 381 serializeV8Value(number, isolate, &objectBytes); |
| 382 RefPtr<IDBValue> idbValue = |
| 383 createIDBValue(isolate, objectBytes, 42.0, "foo.bar"); |
| 384 |
| 385 v8::Local<v8::Value> v8Value = |
| 386 deserializeIDBValue(isolate, scope.context()->Global(), idbValue.get()); |
| 387 EXPECT_TRUE(!scope.getExceptionState().hadException()); |
| 388 ASSERT_TRUE(v8Value->IsNumber()); |
| 389 v8::Local<v8::Number> v8Number = v8Value.As<v8::Number>(); |
| 390 EXPECT_EQ(v8Number->Value(), 42.0); |
| 391 } |
| 392 |
241 } // namespace blink | 393 } // namespace blink |
OLD | NEW |