[webkit-changes] [WebKit/WebKit] 863a63: Explicitly allow mutable plist types when decoding...

Alex Christensen noreply at github.com
Mon Apr 24 14:21:26 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 863a63b167a12bb76e82f8dc60d643fcb489a6e6
      https://github.com/WebKit/WebKit/commit/863a63b167a12bb76e82f8dc60d643fcb489a6e6
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-04-24 (Mon, 24 Apr 2023)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebCore/platform/RuntimeApplicationChecks.h
    M Source/WebKit/GPUProcess/GPUProcess.cpp
    M Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp
    M Source/WebKit/GPUProcess/GPUProcessCreationParameters.h
    R Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.cpp
    M Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.h
    M Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.serialization.in
    M Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
    M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.h
    M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
    M Source/WebKit/Shared/WebProcessCreationParameters.cpp
    M Source/WebKit/Shared/WebProcessCreationParameters.h
    M Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
    M Source/WebKit/UIProcess/LegacyGlobalSettings.h
    M Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj
    M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadInvalidURLRequest.mm

  Log Message:
  -----------
  Explicitly allow mutable plist types when decoding NSMutableURLRequests
https://bugs.webkit.org/show_bug.cgi?id=255826
rdar://108380807

Reviewed by Chris Dumez.

NSURLProtocol can be used to add properties to an NSMutableURLRequest,
and those properties are serialized by the ObjC serializer.  When deserializing
such a request, we need to explicitly allow the mutable plist types to prevent
bugs like rdar://108380807

Because of the large number of regressions this work has introduced and to give
time for better QA work, further progress in ObjC deserialization will be behind
a runtime flag when it is reasonable to do so.  This also introduces and uses
such a flag and the piping necessary to make it global in all auxiliary processes.

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/platform/RuntimeApplicationChecks.h:
* Source/WebKit/GPUProcess/GPUProcess.cpp:
(WebKit::GPUProcess::initializeGPUProcess):
* Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp:
(WebKit::GPUProcessCreationParameters::encode const):
(WebKit::GPUProcessCreationParameters::decode):
* Source/WebKit/GPUProcess/GPUProcessCreationParameters.h:
* Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.cpp: Removed.
* Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.h:
* Source/WebKit/NetworkProcess/NetworkProcessCreationParameters.serialization.in:
* Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm:
(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.h:
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(IPC::strictSecureDecodingForAllObjCEnabledValue):
(IPC::setStrictSecureDecodingForAllObjCEnabled):
(IPC::strictSecureDecodingForAllObjCEnabled):
(IPC::shouldEnableStrictMode):
(IPC::decodeSecureCodingInternal):
* Source/WebKit/Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Source/WebKit/Shared/WebProcessCreationParameters.h:
* Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm:
(WebKit::GPUProcessProxy::platformInitializeGPUProcessParameters):
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::WebProcessPool::platformInitializeNetworkProcess):
* Source/WebKit/UIProcess/LegacyGlobalSettings.h:
* Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
(WebKit::experimentalFeatureEnabled):
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadInvalidURLRequest.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/263334@main

More information about the webkit-changes mailing list