mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 

This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
This commit is contained in:
Tom Ritter 2022-06-27 19:28:05 +00:00
Родитель 2383446358
Коммит fc33a9662d
1 изменённых файлов: 28 добавлений и 22 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

50
caps/nsScriptSecurityManager.cpp
Просмотреть файл

@ -451,13 +451,34 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
JSContext* cx, JS::RuntimeCode aKind, JS::Handle<JSString*> aCode) { JSContext* cx, JS::RuntimeCode aKind, JS::Handle<JSString*> aCode) {
MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext()); MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext());
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
// Check if Eval is allowed per firefox hardening policy
bool contextForbidsEval =
(subjectPrincipal->IsSystemPrincipal() || XRE_IsE10sParentProcess());
#if defined(ANDROID)
contextForbidsEval = false;
#endif
if (contextForbidsEval) {
nsAutoJSString scriptSample;
if (aKind == JS::RuntimeCode::JS &&
NS_WARN_IF(!scriptSample.init(cx, aCode))) {
return false;
}
if (!nsContentSecurityUtils::IsEvalAllowed(
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
return false;
}
}
// Get the window, if any, corresponding to the current global // Get the window, if any, corresponding to the current global
nsCOMPtr<nsIContentSecurityPolicy> csp; nsCOMPtr<nsIContentSecurityPolicy> csp;
if (nsGlobalWindowInner* win = xpc::CurrentWindowOrNull(cx)) { if (nsGlobalWindowInner* win = xpc::CurrentWindowOrNull(cx)) {
csp = win->GetCsp(); csp = win->GetCsp();
} }
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
if (!csp) { if (!csp) {
// Get the CSP for addon sandboxes. If the principal is expanded and has a // Get the CSP for addon sandboxes. If the principal is expanded and has a
// csp, we're probably in luck. // csp, we're probably in luck.
@ -484,29 +505,8 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
bool evalOK = true; bool evalOK = true;
bool reportViolation = false; bool reportViolation = false;
nsAutoJSString scriptSample;
if (aKind == JS::RuntimeCode::JS) { if (aKind == JS::RuntimeCode::JS) {
nsresult rv = csp->GetAllowsEval(&reportViolation, &evalOK); nsresult rv = csp->GetAllowsEval(&reportViolation, &evalOK);
// A little convoluted. We want the scriptSample for a) reporting a
// violation or b) passing it to AssertEvalNotUsingSystemPrincipal or c)
// we're in the parent process. So do the work to get it if either of those
// cases is true.
if (reportViolation || subjectPrincipal->IsSystemPrincipal() ||
XRE_IsE10sParentProcess()) {
if (NS_WARN_IF(!scriptSample.init(cx, aCode))) {
JS_ClearPendingException(cx);
return false;
}
}
#if !defined(ANDROID)
if (!nsContentSecurityUtils::IsEvalAllowed(
cx, subjectPrincipal->IsSystemPrincipal(), scriptSample)) {
return false;
}
#endif
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
NS_WARNING("CSP: failed to get allowsEval"); NS_WARNING("CSP: failed to get allowsEval");
return true; // fail open to not break sites. return true; // fail open to not break sites.
@ -541,6 +541,12 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
MOZ_ASSERT(!JS_IsExceptionPending(cx)); MOZ_ASSERT(!JS_IsExceptionPending(cx));
} }
nsAutoJSString scriptSample;
if (aKind == JS::RuntimeCode::JS &&
NS_WARN_IF(!scriptSample.init(cx, aCode))) {
JS_ClearPendingException(cx);
return false;
}
uint16_t violationType = uint16_t violationType =
aKind == JS::RuntimeCode::JS aKind == JS::RuntimeCode::JS
? nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL ? nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL