Count cross-origin property access.

third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp

Index: third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
index bc2246fb5e015b609bec62e12df43c6b1e88ae1f..3ead54016aee13408cf62831155c2c44f19eb846 100644
--- a/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp
@@ -38,6 +38,7 @@
 #include "core/frame/LocalFrame.h"
 #include "core/frame/Location.h"
 #include "core/frame/Settings.h"
+#include "core/frame/UseCounter.h"
 #include "core/html/HTMLFrameElementBase.h"
 #include "core/workers/MainThreadWorkletGlobalScope.h"
 #include "platform/bindings/WrapperCreationSecurityCheck.h"
@@ -114,9 +115,20 @@ bool BindingSecurity::ShouldAllowAccessTo(
   const Frame* frame = target->GetFrame();
   if (!frame || !frame->GetSecurityContext())
     return false;
-  return CanAccessFrame(accessing_window,
-                        frame->GetSecurityContext()->GetSecurityOrigin(),
-                        target, exception_state);
+  bool can_access = CanAccessFrame(
+      accessing_window, frame->GetSecurityContext()->GetSecurityOrigin(),
+      target, exception_state);
+
+  if (!can_access) {
+    UseCounter::Count(accessing_window->GetFrame(),
+                      UseCounter::kCrossOriginPropertyAccess);
+    if (target->opener() == accessing_window) {
+      UseCounter::Count(accessing_window->GetFrame(),
+                        UseCounter::kCrossOriginPropertyAccessFromOpener);
+    }
+  }

[Mike West, 2017/05/16 14:54:31]

Does this do what I think it does?

[jochen (gone - plz use gerrit), 2017/05/17 07:36:06]

not sure, but kCrossOriginPropertyAccessFromOpener might undercount, if target
nulled out its opener

+
+  return can_access;
 }
 
 bool BindingSecurity::ShouldAllowAccessTo(
@@ -127,29 +139,20 @@ bool BindingSecurity::ShouldAllowAccessTo(
   const Frame* frame = target->GetFrame();
   if (!frame || !frame->GetSecurityContext())
     return false;
-  return CanAccessFrame(accessing_window,
-                        frame->GetSecurityContext()->GetSecurityOrigin(),
-                        target, reporting_option);
-}
-
-bool BindingSecurity::ShouldAllowAccessTo(
-    const LocalDOMWindow* accessing_window,
-    const EventTarget* target,
-    ExceptionState& exception_state) {
-  DCHECK(target);
-  const DOMWindow* window = target->ToDOMWindow();
-  if (!window) {
-    // We only need to check the access to Window objects which are
-    // cross-origin accessible.  If it's not a Window, the object's
-    // origin must always be the same origin (or it already leaked).
-    return true;
+  bool can_access = CanAccessFrame(
+      accessing_window, frame->GetSecurityContext()->GetSecurityOrigin(),
+      target, reporting_option);
+
+  if (!can_access) {

[Yuki, 2017/05/17 05:31:11]

If we're going to put this into CanAccessFrame, then it's fine.
Otherwise, can we define a helper function?  IIUC, I see the same code many
times.

+    UseCounter::Count(accessing_window->GetFrame(),
+                      UseCounter::kCrossOriginPropertyAccess);
+    if (target->opener() == accessing_window) {
+      UseCounter::Count(accessing_window->GetFrame(),
+                        UseCounter::kCrossOriginPropertyAccessFromOpener);
+    }
   }
-  const Frame* frame = window->GetFrame();
-  if (!frame || !frame->GetSecurityContext())
-    return false;
-  return CanAccessFrame(accessing_window,
-                        frame->GetSecurityContext()->GetSecurityOrigin(),
-                        window, exception_state);
+
+  return can_access;
 }
 
 bool BindingSecurity::ShouldAllowAccessTo(
@@ -160,9 +163,20 @@ bool BindingSecurity::ShouldAllowAccessTo(
   const Frame* frame = target->GetFrame();
   if (!frame || !frame->GetSecurityContext())
     return false;
-  return CanAccessFrame(accessing_window,
-                        frame->GetSecurityContext()->GetSecurityOrigin(),
-                        frame->DomWindow(), exception_state);
+  bool can_access = CanAccessFrame(
+      accessing_window, frame->GetSecurityContext()->GetSecurityOrigin(),
+      frame->DomWindow(), exception_state);
+
+  if (!can_access) {
+    UseCounter::Count(accessing_window->GetFrame(),
+                      UseCounter::kCrossOriginPropertyAccess);
+    if (target->DomWindow()->opener() == accessing_window) {
+      UseCounter::Count(accessing_window->GetFrame(),
+                        UseCounter::kCrossOriginPropertyAccessFromOpener);
+    }
+  }
+
+  return can_access;
 }
 
 bool BindingSecurity::ShouldAllowAccessTo(
@@ -173,9 +187,20 @@ bool BindingSecurity::ShouldAllowAccessTo(
   const Frame* frame = target->GetFrame();
   if (!frame || !frame->GetSecurityContext())
     return false;
-  return CanAccessFrame(accessing_window,
-                        frame->GetSecurityContext()->GetSecurityOrigin(),
-                        frame->DomWindow(), reporting_option);
+  bool can_access = CanAccessFrame(
+      accessing_window, frame->GetSecurityContext()->GetSecurityOrigin(),
+      frame->DomWindow(), reporting_option);
+
+  if (!can_access) {
+    UseCounter::Count(accessing_window->GetFrame(),
+                      UseCounter::kCrossOriginPropertyAccess);
+    if (target->DomWindow()->opener() == accessing_window) {
+      UseCounter::Count(accessing_window->GetFrame(),
+                        UseCounter::kCrossOriginPropertyAccessFromOpener);
+    }
+  }
+
+  return can_access;
 }
 
 bool BindingSecurity::ShouldAllowAccessTo(