Title: [258495] trunk
- Revision
- 258495
- Author
- pvol...@apple.com
- Date
- 2020-03-16 08:19:53 -0700 (Mon, 16 Mar 2020)
Log Message
[Cocoa] Limit set of classes that can be decoded when a preference has changed
https://bugs.webkit.org/show_bug.cgi?id=208012
Reviewed by Brent Fulgham.
Source/WebKit:
As a hardening measure, limit the set of ObjectiveC classes that can be decoded in the WebContent process
as a result of a preference change.
API tests: WebKit.PreferenceChangesDictionary
WebKit.PreferenceChangesData
WebKit.PreferenceChangesDate
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::notifyPreferencesChanged):
Tools:
* TestWebKitAPI/Tests/WebKit/PreferenceChanges.mm:
(TEST):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (258494 => 258495)
--- trunk/Source/WebKit/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
+++ trunk/Source/WebKit/ChangeLog 2020-03-16 15:19:53 UTC (rev 258495)
@@ -1,3 +1,20 @@
+2020-03-16 Per Arne Vollan <pvol...@apple.com>
+
+ [Cocoa] Limit set of classes that can be decoded when a preference has changed
+ https://bugs.webkit.org/show_bug.cgi?id=208012
+
+ Reviewed by Brent Fulgham.
+
+ As a hardening measure, limit the set of ObjectiveC classes that can be decoded in the WebContent process
+ as a result of a preference change.
+
+ API tests: WebKit.PreferenceChangesDictionary
+ WebKit.PreferenceChangesData
+ WebKit.PreferenceChangesDate
+
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::notifyPreferencesChanged):
+
2020-03-16 youenn fablet <you...@apple.com>
Unique origins should not be Potentially Trustworthy
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (258494 => 258495)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-03-16 13:15:52 UTC (rev 258494)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-03-16 15:19:53 UTC (rev 258495)
@@ -912,11 +912,12 @@
if (!encodedData)
return;
NSError *err = nil;
- auto object = retainPtr([NSKeyedUnarchiver unarchivedObjectOfClass:[NSObject class] fromData:encodedData.get() error:&err]);
+ auto classes = [NSSet setWithArray:@[[NSString class], [NSNumber class], [NSDate class], [NSDictionary class], [NSArray class], [NSData class]]];
+ id object = [NSKeyedUnarchiver unarchivedObjectOfClasses:classes fromData:encodedData.get() error:&err];
ASSERT(!err);
if (err)
return;
- [defaults setObject:object.get() forKey:key];
+ [defaults setObject:object forKey:key];
}
void WebProcess::unblockPreferenceService(const SandboxExtension::Handle& handle)
Modified: trunk/Tools/ChangeLog (258494 => 258495)
--- trunk/Tools/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
+++ trunk/Tools/ChangeLog 2020-03-16 15:19:53 UTC (rev 258495)
@@ -1,3 +1,13 @@
+2020-03-16 Per Arne Vollan <pvol...@apple.com>
+
+ [Cocoa] Limit set of classes that can be decoded when a preference has changed
+ https://bugs.webkit.org/show_bug.cgi?id=208012
+
+ Reviewed by Brent Fulgham.
+
+ * TestWebKitAPI/Tests/WebKit/PreferenceChanges.mm:
+ (TEST):
+
2020-03-16 youenn fablet <you...@apple.com>
Unique origins should not be Potentially Trustworthy
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit/PreferenceChanges.mm (258494 => 258495)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit/PreferenceChanges.mm 2020-03-16 13:15:52 UTC (rev 258494)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit/PreferenceChanges.mm 2020-03-16 15:19:53 UTC (rev 258495)
@@ -127,4 +127,104 @@
ASSERT_TRUE([object isEqual:changedArray]);
}
+TEST(WebKit, PreferenceChangesDictionary)
+{
+ NSDictionary *dict = @{
+ @"a" : @1,
+ @"b" : @2,
+ };
+
+ auto userDefaults = adoptNS([[NSUserDefaults alloc] initWithSuiteName:@"com.apple.coremedia"]);
+ [userDefaults.get() setObject:dict forKey:@"testkey"];
+
+ auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ WKRetainPtr<WKContextRef> context = adoptWK(TestWebKitAPI::Util::createContextForInjectedBundleTest("InternalsInjectedBundleTest"));
+ configuration.get().processPool = (WKProcessPool *)context.get();
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 300, 300) configuration:configuration.get() addToWindow:YES]);
+
+ auto preferenceValue = [&] {
+ return [webView stringByEvaluatingJavaScript:@"window.internals.encodedPreferenceValue(\"com.apple.coremedia\", \"testkey\")"];
+ };
+
+ preferenceValue();
+
+ NSDictionary *changedDict = @{
+ @"a" : @1,
+ @"b" : @2,
+ @"c" : @3,
+ };
+ [userDefaults.get() setObject:changedDict forKey:@"testkey"];
+
+ auto encodedString = preferenceValue();
+ auto encodedData = adoptNS([[NSData alloc] initWithBase64EncodedString:encodedString options:0]);
+ ASSERT_TRUE(encodedData);
+ NSError *err = nil;
+ auto object = retainPtr([NSKeyedUnarchiver unarchivedObjectOfClass:[NSObject class] fromData:encodedData.get() error:&err]);
+ ASSERT_TRUE(!err);
+ ASSERT_TRUE(object);
+ ASSERT_TRUE([object isEqual:changedDict]);
+}
+
+TEST(WebKit, PreferenceChangesData)
+{
+ NSData *data = "" dataWithBytes:"abc" length:3];
+
+ auto userDefaults = adoptNS([[NSUserDefaults alloc] initWithSuiteName:@"com.apple.coremedia"]);
+ [userDefaults.get() setObject:data forKey:@"testkey"];
+
+ auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ WKRetainPtr<WKContextRef> context = adoptWK(TestWebKitAPI::Util::createContextForInjectedBundleTest("InternalsInjectedBundleTest"));
+ configuration.get().processPool = (WKProcessPool *)context.get();
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 300, 300) configuration:configuration.get() addToWindow:YES]);
+
+ auto preferenceValue = [&] {
+ return [webView stringByEvaluatingJavaScript:@"window.internals.encodedPreferenceValue(\"com.apple.coremedia\", \"testkey\")"];
+ };
+
+ preferenceValue();
+
+ NSData *changedData = [NSData dataWithBytes:"abcd" length:4];
+ [userDefaults.get() setObject:changedData forKey:@"testkey"];
+
+ auto encodedString = preferenceValue();
+ auto encodedData = adoptNS([[NSData alloc] initWithBase64EncodedString:encodedString options:0]);
+ ASSERT_TRUE(encodedData);
+ NSError *err = nil;
+ auto object = retainPtr([NSKeyedUnarchiver unarchivedObjectOfClass:[NSObject class] fromData:encodedData.get() error:&err]);
+ ASSERT_TRUE(!err);
+ ASSERT_TRUE(object);
+ ASSERT_TRUE([object isEqual:changedData]);
+}
+
+TEST(WebKit, PreferenceChangesDate)
+{
+ NSDate *date = [NSDate dateWithTimeIntervalSinceNow:0];
+
+ auto userDefaults = adoptNS([[NSUserDefaults alloc] initWithSuiteName:@"com.apple.coremedia"]);
+ [userDefaults.get() setObject:date forKey:@"testkey"];
+
+ auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ WKRetainPtr<WKContextRef> context = adoptWK(TestWebKitAPI::Util::createContextForInjectedBundleTest("InternalsInjectedBundleTest"));
+ configuration.get().processPool = (WKProcessPool *)context.get();
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 300, 300) configuration:configuration.get() addToWindow:YES]);
+
+ auto preferenceValue = [&] {
+ return [webView stringByEvaluatingJavaScript:@"window.internals.encodedPreferenceValue(\"com.apple.coremedia\", \"testkey\")"];
+ };
+
+ preferenceValue();
+
+ NSDate *changedDate = [NSDate dateWithTimeIntervalSinceNow:10];
+ [userDefaults.get() setObject:changedDate forKey:@"testkey"];
+
+ auto encodedString = preferenceValue();
+ auto encodedData = adoptNS([[NSData alloc] initWithBase64EncodedString:encodedString options:0]);
+ ASSERT_TRUE(encodedData);
+ NSError *err = nil;
+ auto object = retainPtr([NSKeyedUnarchiver unarchivedObjectOfClass:[NSObject class] fromData:encodedData.get() error:&err]);
+ ASSERT_TRUE(!err);
+ ASSERT_TRUE(object);
+ ASSERT_TRUE([object isEqual:changedDate]);
+}
+
#endif // WK_HAVE_C_SPI
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
