зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley
This no longer permits wasm modules to being instatiated; and will perform an eval check even when no csp exists, such as for JSMs. Differential Revision: https://phabricator.services.mozilla.com/D148141
This commit is contained in:
Tom Ritter
Родитель
2383446358
Коммит
fc33a9662d
|
|
@ -451,13 +451,34 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
|||
JSContext* cx, JS::RuntimeCode aKind, JS::Handle<JSString*> aCode) {
|
||||
MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext());
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
|
||||
// Check if Eval is allowed per firefox hardening policy
|
||||
bool contextForbidsEval =
|
||||
(subjectPrincipal->IsSystemPrincipal() || XRE_IsE10sParentProcess());
|
||||
#if defined(ANDROID)
|
||||
contextForbidsEval = false;
|
||||
#endif
|
||||
|
||||
if (contextForbidsEval) {
|
||||
nsAutoJSString scriptSample;
|
||||
if (aKind == JS::RuntimeCode::JS &&
|
||||
NS_WARN_IF(!scriptSample.init(cx, aCode))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!nsContentSecurityUtils::IsEvalAllowed(
|
||||
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Get the window, if any, corresponding to the current global
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
if (nsGlobalWindowInner* win = xpc::CurrentWindowOrNull(cx)) {
|
||||
csp = win->GetCsp();
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
if (!csp) {
|
||||
// Get the CSP for addon sandboxes. If the principal is expanded and has a
|
||||
// csp, we're probably in luck.
|
||||
|
|
@ -484,29 +505,8 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
|||
|
||||
bool evalOK = true;
|
||||
bool reportViolation = false;
|
||||
nsAutoJSString scriptSample;
|
||||
if (aKind == JS::RuntimeCode::JS) {
|
||||
nsresult rv = csp->GetAllowsEval(&reportViolation, &evalOK);
|
||||
|
||||
// A little convoluted. We want the scriptSample for a) reporting a
|
||||
// violation or b) passing it to AssertEvalNotUsingSystemPrincipal or c)
|
||||
// we're in the parent process. So do the work to get it if either of those
|
||||
// cases is true.
|
||||
if (reportViolation || subjectPrincipal->IsSystemPrincipal() ||
|
||||
XRE_IsE10sParentProcess()) {
|
||||
if (NS_WARN_IF(!scriptSample.init(cx, aCode))) {
|
||||
JS_ClearPendingException(cx);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(ANDROID)
|
||||
if (!nsContentSecurityUtils::IsEvalAllowed(
|
||||
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_WARNING("CSP: failed to get allowsEval");
|
||||
return true; // fail open to not break sites.
|
||||
|
|
@ -541,6 +541,12 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
|||
MOZ_ASSERT(!JS_IsExceptionPending(cx));
|
||||
}
|
||||
|
||||
nsAutoJSString scriptSample;
|
||||
if (aKind == JS::RuntimeCode::JS &&
|
||||
NS_WARN_IF(!scriptSample.init(cx, aCode))) {
|
||||
JS_ClearPendingException(cx);
|
||||
return false;
|
||||
}
|
||||
uint16_t violationType =
|
||||
aKind == JS::RuntimeCode::JS
|
||||
? nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче