Bug 854558 - Enforce __exposedProps__ for Sandboxes. r=gabor

2013-03-26 09:08:29 -07:00 · 2013-03-26 09:08:29 -07:00 · 0cdff77326
--- a/js/xpconnect/tests/chrome/test_cows.xul
+++ b/js/xpconnect/tests/chrome/test_cows.xul
@ -70,8 +70,8 @@ function COWTests() {
          is(obj[propName], value, "getting " + propName + " on " + desc);
          ok(propName in obj,
             propName + " on " + desc + " should exist");
-          //ok(Object.hasOwnProperty.call(obj, propName),
-          //   propName + " on " + desc + " should exist");
+          ok(Object.hasOwnProperty.call(obj, propName),
+             propName + " on " + desc + " should exist");
      } catch (e) {
          ok(false, "getting " + propName + " on " + desc + " threw " + e);
      }
@ -82,26 +82,24 @@ function COWTests() {
             "getting " + propName + " on " + desc + " should return undefined");
          ok(!(propName in obj),
             propName + " on " + desc + " should act as if it doesn't exist");
-          //ok(!Object.hasOwnProperty.call(obj, propName),
-          //   propName + " on " + desc + " should act as if it doesn't exist");
+          ok(!Object.hasOwnProperty.call(obj, propName),
+             propName + " on " + desc + " should act as if it doesn't exist");
      } catch (e) {
          ok(false, "getting " + propName + " on " + desc + " threw " + e);
      }
    }

-    //var cow = getCOW({ foo: "fooval", __exposedProps__: {}});
-    //Math.sin(1);
-    //is(cow.foo, undefined, "one test to rule them all");
-    //return;
-
    const PROPS_TO_TEST = ['foo', 'bar', 'prototype'];

    var empty = {};
-    // Once we flip the default for __exposedProps__, this should behave
-    // the same as for function objects below.
+    var nonempty = {foo: 42, bar: 33};
    is(getCOW(empty).foo, undefined,
       "shouldn't throw when accessing exposed properties that doesn't exist");

+    PROPS_TO_TEST.forEach(function(name) {
+        isPropHidden(getCOW(nonempty), name, "object without exposedProps");
+    });
+
    // Test function objects without __exposedProps__
    var func = function(x) { return 42; };
    func.foo = "foo property";
@ -181,7 +179,6 @@ function COWTests() {
    // Test writable property
    var writable = getCOW({ __exposedProps__: {foo: 'w'}});
    try {
-        Math.sin("foo" in writable);
        ok(!("foo" in writable),
           "non-existing write-only property shouldn't exist");
        writable.foo = 5;
--- a/js/xpconnect/tests/unit/test_bug854558.js
+++ b/js/xpconnect/tests/unit/test_bug854558.js
@ -0,0 +1,11 @@
+const Cu = Components.utils;
+function run_test() {
+
+  var chromeSB = new Cu.Sandbox(this);
+  var contentSB = new Cu.Sandbox('http://www.example.com');
+  Cu.evalInSandbox('this.foo = {a: 2}', chromeSB);
+  contentSB.foo = chromeSB.foo;
+  do_check_eq(Cu.evalInSandbox('foo.a', contentSB), undefined, "Default deny with no __exposedProps__");
+  Cu.evalInSandbox('this.foo.__exposedProps__ = {a: "r"}', chromeSB);
+  do_check_eq(Cu.evalInSandbox('foo.a', contentSB), 2, "works with __exposedProps__");
+}
--- a/js/xpconnect/tests/unit/xpcshell.ini
+++ b/js/xpconnect/tests/unit/xpcshell.ini
@ -19,6 +19,7 @@ tail =
 [test_bug845201.js]
 [test_bug849730.js]
 [test_bug851895.js]
+[test_bug854558.js]
 [test_bug_442086.js]
 [test_file.js]
 [test_blob.js]
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@ -287,14 +287,6 @@ OnlyIfSubjectIsSystem::isSafeToUnwrap()

 enum Access { READ = (1<<0), WRITE = (1<<1), NO_ACCESS = 0 };

-static bool
-IsInSandbox(JSContext *cx, JSObject *obj)
-{
-    JSAutoCompartment ac(cx, obj);
-    JSObject *global = JS_GetGlobalForObject(cx, obj);
-    return !strcmp(js::GetObjectJSClass(global)->name, "Sandbox");
-}
-
 static void
 EnterAndThrow(JSContext *cx, JSObject *wrapper, const char *msg)
 {
@ -332,26 +324,6 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:

    // If no __exposedProps__ existed, deny access.
    if (!found) {
-        // Everything below here needs to be done in the wrapper's compartment.
-        JSAutoCompartment wrapperAC(cx, wrapper);
-        // Make a temporary exception for objects in a chrome sandbox to help
-        // out jetpack. See bug 784233.
-        if (!JS_ObjectIsFunction(cx, wrappedObject) &&
-            IsInSandbox(cx, wrappedObject))
-        {
-            // This little loop hole will go away soon! See bug 553102.
-            nsCOMPtr<nsPIDOMWindow> win =
-                do_QueryInterface(nsJSUtils::GetStaticScriptGlobal(wrapper));
-            if (win) {
-                nsCOMPtr<nsIDocument> doc = win->GetExtantDoc();
-                if (doc) {
-                    doc->WarnOnceAbout(nsIDocument::eNoExposedProps,
-                                       /* asError = */ true);
-                }
-            }
-
-            return true;
-        }
        return false;
    }