WebKit Bugzilla
Attachment 369910 Details for
Bug 197898
: Only cache bytecode for API clients in data vaults
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197898-20190515015452.patch (text/plain), 3.88 KB, created by
Tadeu Zagallo
on 2019-05-14 16:54:54 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tadeu Zagallo
Created:
2019-05-14 16:54:54 PDT
Size:
3.88 KB
patch
obsolete
>Subversion Revision: 245304 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index e732524d691b3eedbc0b97a881cd68b069535e73..a16d50fcdaf516ea0e94e52d0a35e6ca849d37dd 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,18 @@ >+2019-05-14 Tadeu Zagallo <tzagallo@apple.com> >+ >+ Only cache bytecode clients for API in data vaults >+ https://bugs.webkit.org/show_bug.cgi?id=197898 >+ <rdar://problem/45945449> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ For security reasons, enforce that API clients only store cached bytecode in data vaults. >+ >+ * API/JSScript.mm: >+ (validateBytecodeCachePath): >+ (+[JSScript scriptOfType:withSource:andSourceURL:andBytecodeCache:inVirtualMachine:error:]): >+ (+[JSScript scriptOfType:memoryMappedFromASCIIFile:withSourceURL:andBytecodeCache:inVirtualMachine:error:]): >+ > 2019-05-14 Ross Kirsling <ross.kirsling@sony.com> > > Unreviewed restoration of non-unified build. >diff --git a/Source/JavaScriptCore/API/JSScript.mm b/Source/JavaScriptCore/API/JSScript.mm >index bdbd682283f36c6514cf2736ffdaa012c85120cf..da1ef3d510bd100e3f9ec4847a967fd6181f03f3 100644 >--- a/Source/JavaScriptCore/API/JSScript.mm >+++ b/Source/JavaScriptCore/API/JSScript.mm >@@ -41,6 +41,10 @@ > #include <wtf/FileSystem.h> > #include <wtf/Scope.h> > >+#if USE(APPLE_INTERNAL_SDK) >+#include <rootless.h> >+#endif >+ > #if JSC_OBJC_API_ENABLED > > @implementation JSScript { >@@ -60,9 +64,41 @@ static JSScript *createError(NSString *message, NSError** error) > return nil; > } > >+static bool validateBytecodeCachePath(NSURL* cachePath, NSError** error) >+{ >+ URL cachePathURL([cachePath absoluteURL]); >+ if (!cachePathURL.isLocalFile()) { >+ createError([NSString stringWithFormat:@"Cache path %@ is not a local file", static_cast<NSString *>(cachePathURL)], error); >+ return false; >+ } >+ >+ String systemPath = cachePathURL.fileSystemPath(); >+ String directory = FileSystem::directoryName(systemPath); >+ if (directory.isNull()) { >+ createError([NSString stringWithFormat:@"Cache path %@ does not contain in a valid directory", static_cast<NSString *>(cachePathURL)], error); >+ return false; >+ } >+ >+ if (!FileSystem::fileIsDirectory(directory, FileSystem::ShouldFollowSymbolicLinks::No)) { >+ createError([NSString stringWithFormat:@"Cache directory %s is not a directory or does not exist", directory.utf8().data()], error); >+ return false; >+ } >+ >+#if USE(APPLE_INTERNAL_SDK) >+ if (rootless_check_datavault_flag(FileSystem::fileSystemRepresentation(directory).data(), nullptr)) { >+ createError([NSString stringWithFormat:@"Cache directory %s is not a data vault", directory.utf8().data()], error); >+ return false; >+ } >+#endif >+ >+ return true; >+} >+ > + (instancetype)scriptOfType:(JSScriptType)type withSource:(NSString *)source andSourceURL:(NSURL *)sourceURL andBytecodeCache:(NSURL *)cachePath inVirtualMachine:(JSVirtualMachine *)vm error:(out NSError **)error > { >- UNUSED_PARAM(error); >+ if (!validateBytecodeCachePath(cachePath, error)) >+ return nil; >+ > JSScript *result = [[[JSScript alloc] init] autorelease]; > result->m_virtualMachine = vm; > result->m_type = type; >@@ -75,7 +111,9 @@ + (instancetype)scriptOfType:(JSScriptType)type withSource:(NSString *)source an > > + (instancetype)scriptOfType:(JSScriptType)type memoryMappedFromASCIIFile:(NSURL *)filePath withSourceURL:(NSURL *)sourceURL andBytecodeCache:(NSURL *)cachePath inVirtualMachine:(JSVirtualMachine *)vm error:(out NSError **)error > { >- UNUSED_PARAM(error); >+ if (!validateBytecodeCachePath(cachePath, error)) >+ return nil; >+ > URL filePathURL([filePath absoluteURL]); > if (!filePathURL.isLocalFile()) > return createError([NSString stringWithFormat:@"File path %@ is not a local file", static_cast<NSString *>(filePathURL)], error);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=369910">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197898
:
369910
|
369958
|
370158
|
370220
|
370300
|
370333