Diff
Modified: trunk/Source/WebCore/ChangeLog (202185 => 202186)
--- trunk/Source/WebCore/ChangeLog 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Source/WebCore/ChangeLog 2016-06-18 00:03:04 UTC (rev 202186)
@@ -1,3 +1,21 @@
+2016-06-17 Pranjal Jumde <[email protected]>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Brent Fulgham.
+
+ Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canDisplay):
+ * platform/FileSystem.cpp:
+ (WebCore::platformFileStat):
+ (WebCore::filesHaveSameVolume):
+ Returns true if the files are on the same volume
+ * platform/FileSystem.h:
+
2016-06-17 Antoine Quint <[email protected]>
Web video playback controls should have RTL volume slider
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (202185 => 202186)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2016-06-18 00:03:04 UTC (rev 202186)
@@ -349,6 +349,11 @@
{
if (m_universalAccess)
return true;
+
+ if (isLocal() && url.isLocalFile()) {
+ if (!filesHaveSameVolume(m_filePath, url.path()))
+ return false;
+ }
if (isFeedWithNestedProtocolInHTTPFamily(url))
return true;
Modified: trunk/Source/WebCore/platform/FileSystem.cpp (202185 => 202186)
--- trunk/Source/WebCore/platform/FileSystem.cpp 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Source/WebCore/platform/FileSystem.cpp 2016-06-18 00:03:04 UTC (rev 202186)
@@ -319,4 +319,40 @@
#endif
}
+int platformFileStat(PlatformFileHandle handle, PlatformStat* buffer)
+{
+#if OS(WINDOW)
+ return _fstat(handle, buffer);
+#else
+ return fstat(handle, buffer);
+#endif
+}
+
+bool filesHaveSameVolume(const String& sourceFile, const String& destFile)
+{
+ CString fsRepSourceFile, fsRepDestFile;
+ PlatformStat sourceFileStat, destFileStat;
+ PlatformFileHandle sourceHandle = -1, destHandle = -1;
+ bool result = true;
+
+ fsRepSourceFile = fileSystemRepresentation(sourceFile);
+ fsRepDestFile = fileSystemRepresentation(destFile);
+
+ if (!fsRepSourceFile.isNull() && !fsRepDestFile.isNull()) {
+ sourceHandle = openFile(fsRepSourceFile.data(), OpenForRead);
+ destHandle = openFile(fsRepDestFile.data(), OpenForRead);
+ }
+
+ if (sourceHandle > -1 && destHandle > -1) {
+ if (platformFileStat(sourceHandle, &sourceFileStat) > -1 && platformFileStat(destHandle, &destFileStat) > -1) {
+ if (sourceFileStat.st_dev != destFileStat.st_dev)
+ result = false;
+ }
+ }
+
+ close(sourceHandle);
+ close(destHandle);
+ return result;
+}
+
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/FileSystem.h (202185 => 202186)
--- trunk/Source/WebCore/platform/FileSystem.h 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Source/WebCore/platform/FileSystem.h 2016-06-18 00:03:04 UTC (rev 202186)
@@ -31,6 +31,7 @@
#ifndef FileSystem_h
#define FileSystem_h
+#include <sys/stat.h>
#include <time.h>
#include <utility>
#include <wtf/Forward.h>
@@ -47,6 +48,7 @@
#endif
#if OS(WINDOWS)
+#include <io.h>
// These are to avoid including <winbase.h> in a header for Chromium
typedef void *HANDLE;
// Assuming STRICT
@@ -110,6 +112,12 @@
typedef int PlatformFileHandle;
const PlatformFileHandle invalidPlatformFileHandle = -1;
#endif
+
+#if OS(WINDOWS)
+typedef struct _stat PlatformStat;
+#else
+typedef struct stat PlatformStat;
+#endif
enum FileOpenMode {
OpenForRead = 0,
@@ -172,6 +180,8 @@
WEBCORE_EXPORT int writeToFile(PlatformFileHandle, const char* data, int length);
// Returns number of bytes actually written if successful, -1 otherwise.
int readFromFile(PlatformFileHandle, char* data, int length);
+bool filesHaveSameVolume(const String&, const String&);
+int platformFileStat(PlatformFileHandle, PlatformStat*);
// Appends the contents of the file found at 'path' to the open PlatformFileHandle.
// Returns true if the write was successful, false if it was not.
Modified: trunk/Tools/ChangeLog (202185 => 202186)
--- trunk/Tools/ChangeLog 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Tools/ChangeLog 2016-06-18 00:03:04 UTC (rev 202186)
@@ -1,3 +1,21 @@
+2016-06-17 Pranjal Jumde <[email protected]>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Brent Fulgham.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.
+ (-[CrossPartitionFileSchemeAccessNavigationDelegate webView:didFinishNavigation:]):
+ When the main page load is complete fetch the contents of the document to check if iframe was loaded
+ (createPartition):
+ Create a disk image and load the contents of the file.
+ (cleanUp):
+ (TestWebKitAPI::TEST):
+
2016-06-17 Enrique Ocaña González <[email protected]>
Unreviewed. Added myself to the list of committers.
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (202185 => 202186)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-06-17 23:31:42 UTC (rev 202185)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-06-18 00:03:04 UTC (rev 202186)
@@ -62,6 +62,8 @@
37D36ED71AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37D36ED61AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm */; };
37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; };
37E1064C1697681800B78BD0 /* DOMHTMLTableCellElementCellAbove.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */; };
+ 400B2EA51D1328DD00393CDC /* CrossPartitionFileSchemeAccess.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 400B2EA41D1328B900393CDC /* CrossPartitionFileSchemeAccess.html */; };
+ 407F29D01D10ED4D00DA63FF /* CrossPartitionFileSchemeAccess.mm in Sources */ = {isa = PBXBuildFile; fileRef = 407F29CE1D10ED4D00DA63FF /* CrossPartitionFileSchemeAccess.mm */; };
4BFDFFA71314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */; };
51393E221523952D005F39C5 /* DOMWindowExtensionBasic_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 51393E1D1523944A005F39C5 /* DOMWindowExtensionBasic_Bundle.cpp */; };
5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */; };
@@ -462,10 +464,11 @@
};
BCB9F4FB112384C000A137E0 /* Copy Resources */ = {
isa = PBXCopyFilesBuildPhase;
- buildActionMask = 2147483647;
+ buildActionMask = 12;
dstPath = TestWebKitAPI.resources;
dstSubfolderSpec = 7;
files = (
+ 400B2EA51D1328DD00393CDC /* CrossPartitionFileSchemeAccess.html in Copy Resources */,
9984FACE1CFFB090008D198C /* editable-body.html in Copy Resources */,
51714EB41CF8C78C004723C4 /* WebProcessKillIDBCleanup-1.html in Copy Resources */,
51714EB51CF8C78C004723C4 /* WebProcessKillIDBCleanup-2.html in Copy Resources */,
@@ -672,6 +675,8 @@
37E1064A1697676400B78BD0 /* DOMHTMLTableCellCellAbove.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DOMHTMLTableCellCellAbove.mm; sourceTree = "<group>"; };
37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DOMHTMLTableCellElementCellAbove.html; sourceTree = "<group>"; };
37E38C33169B7D010084C28C /* WebViewDidRemoveFrameFromHierarchy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewDidRemoveFrameFromHierarchy.mm; sourceTree = "<group>"; };
+ 400B2EA41D1328B900393CDC /* CrossPartitionFileSchemeAccess.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = CrossPartitionFileSchemeAccess.html; sourceTree = "<group>"; };
+ 407F29CE1D10ED4D00DA63FF /* CrossPartitionFileSchemeAccess.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CrossPartitionFileSchemeAccess.mm; sourceTree = "<group>"; };
41973B5A1AF2286A006C7B36 /* FileSystem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FileSystem.cpp; sourceTree = "<group>"; };
41973B5C1AF22875006C7B36 /* SharedBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SharedBuffer.cpp; sourceTree = "<group>"; };
440A1D3814A0103A008A66F2 /* URL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = URL.cpp; sourceTree = "<group>"; };
@@ -1629,6 +1634,7 @@
A5E2027215B2181900C13E14 /* WindowlessWebViewWithMedia.mm */,
764322D51B61CCA40024F801 /* WordBoundaryTypingAttributes.mm */,
536770331CC8022800D425B1 /* WebScriptObjectDescription.mm */,
+ 407F29CE1D10ED4D00DA63FF /* CrossPartitionFileSchemeAccess.mm */,
);
path = mac;
sourceTree = "<group>";
@@ -1636,6 +1642,7 @@
C07E6CB013FD737C0038B22B /* Resources */ = {
isa = PBXGroup;
children = (
+ 400B2EA41D1328B900393CDC /* CrossPartitionFileSchemeAccess.html */,
379028B814FABE49007E6B43 /* acceptsFirstMouse.html */,
B55F11B9151916E600915916 /* Ahem.ttf */,
B55F11B01517A2C400915916 /* attributedStringCustomFont.html */,
@@ -2186,6 +2193,7 @@
buildActionMask = 2147483647;
files = (
2E7765CD16C4D80A00BA2BB1 /* mainIOS.mm in Sources */,
+ 407F29D01D10ED4D00DA63FF /* CrossPartitionFileSchemeAccess.mm in Sources */,
2E7765CF16C4D81100BA2BB1 /* mainMac.mm in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
Added: trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html (0 => 202186)
--- trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html 2016-06-18 00:03:04 UTC (rev 202186)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<script>
+ var check = 0;
+ function iframeLoaded() {
+ check = 1;
+ }
+ function documentLoaded() {
+ if (check == 1)
+ document.write("Fail: A cross partition resource was loaded");
+ else
+ document.write("Pass: A cross partition resource was blocked from loading");
+ }
+</script>
+<body _onload_="documentLoaded()">
+<iframe src="" _onload_="iframeLoaded();"></iframe>
+</body>
+</html>
Added: trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm (0 => 202186)
--- trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm 2016-06-18 00:03:04 UTC (rev 202186)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "WKWebViewConfigurationExtras.h"
+#import <WebKit/WKFoundation.h>
+#import <WebKit/WKWebViewPrivate.h>
+#import <WebKit/WebKit.h>
+#import <wtf/RetainPtr.h>
+
+#define PASS "Pass: A cross partition resource was blocked from loading"
+
+@interface CrossPartitionFileSchemeAccessNavigationDelegate : NSObject <WKNavigationDelegate>
+@end
+
+@implementation CrossPartitionFileSchemeAccessNavigationDelegate
+
+static bool navigationComplete = false;
+
+- (void)webView:(WKWebView *)webView didFinishNavigation:(WKNavigation *)navigation
+{
+ [webView evaluateJavaScript: @"document.body.innerHTML" completionHandler:^(NSString *result, NSError *error)
+ {
+ EXPECT_STREQ(PASS, [result UTF8String]);
+ navigationComplete = true;
+ }];
+}
+
+@end
+
+void createPartition(const char *filePath)
+{
+ const char* fileContent = " \"<!DOCTYPE html><html><body>Hello</body></html>\" > ";
+ const char* targetFile = "resources/CrossPartitionFileSchemeAccess.html";
+
+ const char* createDirCmd = "mkdir resources";
+ const char* createDiskImage = "hdiutil create otherVolume.dmg -srcfolder resources/ -ov > /dev/null";
+ const char* attachDiskImage = "hdiutil attach otherVolume.dmg > /dev/null";
+
+ std::string createFileCmd = "echo ";
+ createFileCmd.append(fileContent);
+ createFileCmd.append(targetFile);
+
+ system(createDirCmd);
+ system(createFileCmd.c_str());
+ system(createDiskImage);
+ system(attachDiskImage);
+}
+
+void cleanUp()
+{
+ const char* detachDiskImage = "hdiutil detach /Volumes/resources > /dev/null";
+ const char* deleteFolder = "rm -rf resources/";
+ const char* deleteDiskImage = "rm -rf otherVolume.dmg";
+ system(detachDiskImage);
+ system(deleteFolder);
+ system(deleteDiskImage);
+}
+
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, CrossPartitionFileSchemeAccess)
+{
+ NSURL *url = "" mainBundle] URLForResource:@"CrossPartitionFileSchemeAccess" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+ const char *filePath = [url fileSystemRepresentation];
+ createPartition(filePath);
+
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+ CrossPartitionFileSchemeAccessNavigationDelegate *delegate = [[CrossPartitionFileSchemeAccessNavigationDelegate alloc] init];
+ [webView setNavigationDelegate:delegate];
+
+ NSURLRequest *request = [NSURLRequest requestWithURL:url];
+ [webView loadRequest:request];
+ Util::run(&navigationComplete);
+ cleanUp();
+}
+}
