diff options
| author | jeremyarcher <jeremyarcher@google.com> | 2015-08-10 03:09:55 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-08-10 10:10:35 +0000 |
| commit | 950451079244693e16f3326eb8bee9263d8276d1 (patch) | |
| tree | c095a84f2660223166cf74f9cbdba2b069f33263 | |
| parent | 1c22502f89533202d0edffa4c69847edcc82f1c0 (diff) | |
| download | chromium_src-950451079244693e16f3326eb8bee9263d8276d1.zip chromium_src-950451079244693e16f3326eb8bee9263d8276d1.tar.gz chromium_src-950451079244693e16f3326eb8bee9263d8276d1.tar.bz2 | |
Move Service Worker %2f validation logic from browser into Blink (3)
This patch ensures that a compromised renderer is still unable to
register Service Workers with an invalid scope or scriptURL (see
bug for spec details).
1. (Chromium) https://codereview.chromium.org/1259213002
2. (Blink) https://codereview.chromium.org/1260003003/
3. (Chromium) This CL.
BUG=513622
R=nhiroki, falken
Review URL: https://codereview.chromium.org/1256833004
Cr-Commit-Position: refs/heads/master@{#342601}
| -rw-r--r-- | content/browser/service_worker/service_worker_dispatcher_host.cc | 5 | ||||
| -rw-r--r-- | content/browser/service_worker/service_worker_dispatcher_host_unittest.cc | 32 |
2 files changed, 33 insertions, 4 deletions
diff --git a/content/browser/service_worker/service_worker_dispatcher_host.cc b/content/browser/service_worker/service_worker_dispatcher_host.cc index af952b8..61e0087 100644 --- a/content/browser/service_worker/service_worker_dispatcher_host.cc +++ b/content/browser/service_worker/service_worker_dispatcher_host.cc @@ -332,10 +332,7 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker( std::string error_message; if (ServiceWorkerUtils::ContainsDisallowedCharacter(pattern, script_url, &error_message)) { - Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError( - thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity, - base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) + - base::UTF8ToUTF16(error_message))); + bad_message::ReceivedBadMessage(this, bad_message::SWDH_REGISTER_CANNOT); return; } diff --git a/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc b/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc index 462d093..5e4aa27 100644 --- a/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc +++ b/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc @@ -310,6 +310,38 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) { EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_); } +TEST_F(ServiceWorkerDispatcherHostTest, Register_BadCharactersShouldFail) { + const int64 kProviderId = 99; // Dummy value + scoped_ptr<ServiceWorkerProviderHost> host( + CreateServiceWorkerProviderHost(kProviderId)); + host->SetDocumentUrl(GURL("https://www.example.com/")); + context()->AddProviderHost(host.Pass()); + + SendRegister(kProviderId, GURL("https://www.example.com/%2f"), + GURL("https://www.example.com/")); + EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_); + + SendRegister(kProviderId, GURL("https://www.example.com/%2F"), + GURL("https://www.example.com/")); + EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_); + + SendRegister(kProviderId, GURL("https://www.example.com/"), + GURL("https://www.example.com/%2f")); + EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_); + + SendRegister(kProviderId, GURL("https://www.example.com/%5c"), + GURL("https://www.example.com/")); + EXPECT_EQ(4, dispatcher_host_->bad_messages_received_count_); + + SendRegister(kProviderId, GURL("https://www.example.com/"), + GURL("https://www.example.com/%5c")); + EXPECT_EQ(5, dispatcher_host_->bad_messages_received_count_); + + SendRegister(kProviderId, GURL("https://www.example.com/"), + GURL("https://www.example.com/%5C")); + EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_); +} + TEST_F(ServiceWorkerDispatcherHostTest, Register_FileSystemDocumentShouldFail) { const int64 kProviderId = 99; // Dummy value |