[webkit-changes] [WebKit/WebKit] 152e92: Implement trusted types enforcement on Function co...

Luke Warlow noreply at github.com
Mon Dec 16 13:01:13 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 152e920a5ac26047b9103bd750367343205e7752
      https://github.com/WebKit/WebKit/commit/152e920a5ac26047b9103bd750367343205e7752
  Author: Luke Warlow <lwarlow at igalia.com>
  Date:   2024-12-16 (Mon, 16 Dec 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-clips-sample.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor.html
    M LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt
    M Source/JavaScriptCore/API/JSAPIGlobalObject.cpp
    M Source/JavaScriptCore/API/JSAPIGlobalObject.mm
    M Source/JavaScriptCore/debugger/DebuggerEvalEnabler.h
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/jsc.cpp
    M Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp
    M Source/JavaScriptCore/runtime/FunctionConstructor.cpp
    M Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h
    M Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
    M Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations
    M Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
    M Source/WebCore/bindings/js/JSDOMGlobalObject.h
    M Source/WebCore/bindings/js/JSDOMWindowBase.cpp
    M Source/WebCore/bindings/js/JSDOMWindowBase.h
    M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h
    M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
    M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp
    M Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h
    M Source/WebCore/dom/TrustedType.cpp
    M Source/WebCore/dom/TrustedType.h

  Log Message:
  -----------
  Implement trusted types enforcement on Function constructor
https://bugs.webkit.org/show_bug.cgi?id=273187

Reviewed by Yusuke Suzuki.

This patch adds trusted types enforcement to the Function constructor as well as updating the eval implementation.

The canCompileStrings global method table function no longer takes a JSValue argument,
this is because it is now only called for untrusted input from eval.

The implementation of TT enforcement for both direct and indirect eval is updated to do more work in JSC.
The structure of the TrustedScript type is used by JSC to determine if an object should be evaluated,
rather than always calling codeForEval. Only if the structures don't match is codeForEval called, this can happen
if someone changes the instance properties such as for polyfills.

The canCompileStrings call is now only done if the input is known
to be untrusted (raw string rather than TrustedScript argument).

The Function constructor is now also updated such that when TT enforcement is enabled through CSP, similar logic
comparing the arguments to the TrustedScript structure is used.
If not all of the arguments match the structure then they're not trusted so we fallback to calling canCompileStrings,
with a new ArgList atgument.

The ArgList is used to check if the arguments are modified trusted script objects, which are accepted providing the
stringifier isn't modified.

DebuggerEvalEnabler is also updated to disable trusted types and re-enable it, so that
web inspector can continue working on sites with TT enforced.

* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-clips-sample.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-default-policy-mutate-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-csp-tt-no-default-policy-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-function-constructor.html:
* LayoutTests/imported/w3c/web-platform-tests/trusted-types/eval-with-permissive-csp-expected.txt:
* Source/JavaScriptCore/API/JSAPIGlobalObject.cpp:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::globalObjectMethodTable):
* Source/JavaScriptCore/debugger/DebuggerEvalEnabler.h:
(JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
(JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/jsc.cpp:
* Source/JavaScriptCore/runtime/DirectEvalExecutable.cpp:
(JSC::DirectEvalExecutable::create):
* Source/JavaScriptCore/runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
* Source/JavaScriptCore/runtime/GlobalObjectMethodTable.h:
* Source/JavaScriptCore/runtime/IndirectEvalExecutable.cpp:
(JSC::IndirectEvalExecutable::createImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::baseGlobalObjectMethodTable):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayIteratorStructure const):
(JSC::JSGlobalObject::trustedScriptStructure):
(JSC::JSGlobalObject::reportViolationForUnsafeEval):
(JSC::JSGlobalObject::canCompileStrings):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::codeForEval):
(WebCore::JSDOMGlobalObject::canCompileStrings):
(WebCore::JSDOMGlobalObject::trustedScriptStructure):
* Source/WebCore/bindings/js/JSDOMGlobalObject.h:
* Source/WebCore/bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::globalObjectMethodTable):
(WebCore::JSDOMWindowBase::reportViolationForUnsafeEval):
(WebCore::JSDOMWindowBase::codeForEval): Deleted.
(WebCore::JSDOMWindowBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSDOMWindowBase.h:
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.cpp:
(WebCore::JSShadowRealmGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSShadowRealmGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSShadowRealmGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSShadowRealmGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSShadowRealmGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkerGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSWorkerGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSWorkerGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h:
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.cpp:
(WebCore::JSWorkletGlobalScopeBase::globalObjectMethodTable):
(WebCore::JSWorkletGlobalScopeBase::reportViolationForUnsafeEval):
(WebCore::JSWorkletGlobalScopeBase::codeForEval): Deleted.
(WebCore::JSWorkletGlobalScopeBase::canCompileStrings): Deleted.
* Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h:
* Source/WebCore/dom/TrustedType.cpp:
(WebCore::canCompile):
* Source/WebCore/dom/TrustedType.h:
* Source/WebCore/SaferCPPExpectations/UncountedCallArgsCheckerExpectations: Remove TrustedType.cpp because the file has been fixed.

Canonical link: https://commits.webkit.org/287909@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list