ServiceWorker: Make browser-side check stricter for non-HTTP(s) schemes

As a follow-up for filesystem: URL patch: https://code.google.com/p/chromium/issues/detail?id=453982 As of http://src.chromium.org/viewvc/blink?view=revision&revision=189570 we started to check non-HTTP(s) schemes in renderer process, so any requests for registering non-HTTP(s) schemes in the browser should be considererd malicious / invalid and we should just do BadMessageReceived(). BUG=455115 TEST=ServiceWorkerDispatcherHostTest.* TEST=no layout tests should crash swith this change Review URL: https://codereview.chromium.org/906453002 Cr-Commit-Position: refs/heads/master@{#315199}

ServiceWorker: Make browser-side check stricter for non-HTTP(s) schemes
As a follow-up for filesystem: URL patch: https://code.google.com/p/chromium/issues/detail?id=453982 As of http://src.chromium.org/viewvc/blink?view=revision&revision=189570 we started to check non-HTTP(s) schemes in renderer process, so any requests for registering non-HTTP(s) schemes in the browser should be considererd malicious / invalid and we should just do BadMessageReceived(). BUG=455115 TEST=ServiceWorkerDispatcherHostTest.* TEST=no layout tests should crash swith this change Review URL: https://codereview.chromium.org/906453002 Cr-Commit-Position: refs/heads/master@{#315199}
3cfec314 · kinuko · Commit bot · e27865b7 · 3cfec314 · 3cfec314
Commit 3cfec314 authored Feb 07, 2015 by kinuko Committed by Commit bot Feb 07, 2015
2 changed files
--- a/content/browser/service_worker/service_worker_dispatcher_host.cc
+++ b/content/browser/service_worker/service_worker_dispatcher_host.cc
@@ -34,8 +34,6 @@ namespace {
 const char kNoDocumentURLErrorMessage[] =
    "No URL is associated with the caller's document.";
-const char kDisallowedURLErrorMessage[] =
-    "The URL is not supported.";
 const char kShutdownErrorMessage[] =
    "The Service Worker system has shutdown.";
 const char kUserDeniedPermissionMessage[] =
@@ -301,12 +299,7 @@ void ServiceWorkerDispatcherHost::OnRegisterServiceWorker(
  if (!CanRegisterServiceWorker(
      provider_host->document_url(), pattern, script_url)) {
-    // TODO(kinuko): Change this back to BadMessageReceived() once we start
+    BadMessageReceived();
-    // to check these in the renderer too. (http://crbug.com/453982)
-    Send(new ServiceWorkerMsg_ServiceWorkerRegistrationError(
-        thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
-        base::ASCIIToUTF16(kServiceWorkerRegisterErrorPrefix) +
-            base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
    return;
  }
@@ -391,12 +384,7 @@ void ServiceWorkerDispatcherHost::OnUnregisterServiceWorker(
  }
  if (!CanUnregisterServiceWorker(provider_host->document_url(), pattern)) {
-    // TODO(kinuko): Change this back to BadMessageReceived() once we start
+    BadMessageReceived();
-    // to check these in the renderer too. (http://crbug.com/453982)
-    Send(new ServiceWorkerMsg_ServiceWorkerUnregistrationError(
-        thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
-        base::ASCIIToUTF16(kServiceWorkerUnregisterErrorPrefix) +
-            base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
    return;
  }
@@ -466,12 +454,7 @@ void ServiceWorkerDispatcherHost::OnGetRegistration(
  }
  if (!CanGetRegistration(provider_host->document_url(), document_url)) {
-    // TODO(kinuko): Change this back to BadMessageReceived() once we start
+    BadMessageReceived();
-    // to check these in the renderer too. (http://crbug.com/453982)
-    Send(new ServiceWorkerMsg_ServiceWorkerGetRegistrationError(
-        thread_id, request_id, WebServiceWorkerError::ErrorTypeSecurity,
-        base::ASCIIToUTF16(kServiceWorkerGetRegistrationErrorPrefix) +
-            base::ASCIIToUTF16(kDisallowedURLErrorMessage)));
    return;
  }

--- a/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc
+++ b/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc
@@ -212,8 +212,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_InvalidScopeShouldFail) {
  host->SetDocumentUrl(GURL("https://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  SendRegister(
+  SendRegister(kProviderId, GURL(""),
-      kProviderId, GURL(""), GURL("https://www.example.com/bar/hoge.js"));
+               GURL("https://www.example.com/bar/hoge.js"));
  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
 }
@@ -235,10 +235,10 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_NonSecureOriginShouldFail) {
  host->SetDocumentUrl(GURL("http://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("http://www.example.com/"),
+               GURL("http://www.example.com/"),
-           GURL("http://www.example.com/bar"),
+               GURL("http://www.example.com/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
 }
 TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) {
@@ -249,40 +249,40 @@ TEST_F(ServiceWorkerDispatcherHostTest, Register_CrossOriginShouldFail) {
  context()->AddProviderHost(host.Pass());
  // Script has a different host
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://www.example.com/"),
+               GURL("https://www.example.com/"),
-           GURL("https://foo.example.com/bar"),
+               GURL("https://foo.example.com/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
  // Scope has a different host
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://foo.example.com/"),
+               GURL("https://foo.example.com/"),
-           GURL("https://www.example.com/bar"),
+               GURL("https://www.example.com/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_);
  // Script has a different port
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://www.example.com/"),
+               GURL("https://www.example.com/"),
-           GURL("https://www.example.com:8080/bar"),
+               GURL("https://www.example.com:8080/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_);
  // Scope has a different transport
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("wss://www.example.com/"),
+               GURL("wss://www.example.com/"),
-           GURL("https://www.example.com/bar"),
+               GURL("https://www.example.com/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(4, dispatcher_host_->bad_messages_received_count_);
  // Script and scope have a different host but match each other
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://foo.example.com/"),
+               GURL("https://foo.example.com/"),
-           GURL("https://foo.example.com/bar"),
+               GURL("https://foo.example.com/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(5, dispatcher_host_->bad_messages_received_count_);
  // Script and scope URLs are invalid
  SendRegister(kProviderId,
               GURL(),
               GURL("h@ttps://@"));
-  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
+  EXPECT_EQ(6, dispatcher_host_->bad_messages_received_count_);
 }
 TEST_F(ServiceWorkerDispatcherHostTest,
@@ -293,20 +293,20 @@ TEST_F(ServiceWorkerDispatcherHostTest,
  host->SetDocumentUrl(GURL("filesystem:https://www.example.com/temporary/a"));
  context()->AddProviderHost(host.Pass());
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("filesystem:https://www.example.com/temporary/"),
+               GURL("filesystem:https://www.example.com/temporary/"),
-           GURL("https://www.example.com/temporary/bar"),
+               GURL("https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://www.example.com/temporary/"),
+               GURL("https://www.example.com/temporary/"),
-           GURL("filesystem:https://www.example.com/temporary/bar"),
+               GURL("filesystem:https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_);
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("filesystem:https://www.example.com/temporary/"),
+               GURL("filesystem:https://www.example.com/temporary/"),
-           GURL("filesystem:https://www.example.com/temporary/bar"),
+               GURL("filesystem:https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_);
 }
 TEST_F(ServiceWorkerDispatcherHostTest,
@@ -317,20 +317,20 @@ TEST_F(ServiceWorkerDispatcherHostTest,
  host->SetDocumentUrl(GURL("https://www.example.com/temporary/"));
  context()->AddProviderHost(host.Pass());
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("filesystem:https://www.example.com/temporary/"),
+               GURL("filesystem:https://www.example.com/temporary/"),
-           GURL("https://www.example.com/temporary/bar"),
+               GURL("https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("https://www.example.com/temporary/"),
+               GURL("https://www.example.com/temporary/"),
-           GURL("filesystem:https://www.example.com/temporary/bar"),
+               GURL("filesystem:https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(2, dispatcher_host_->bad_messages_received_count_);
-  Register(kProviderId,
+  SendRegister(kProviderId,
-           GURL("filesystem:https://www.example.com/temporary/"),
+               GURL("filesystem:https://www.example.com/temporary/"),
-           GURL("filesystem:https://www.example.com/temporary/bar"),
+               GURL("filesystem:https://www.example.com/temporary/bar"));
-           ServiceWorkerMsg_ServiceWorkerRegistrationError::ID);
+  EXPECT_EQ(3, dispatcher_host_->bad_messages_received_count_);
 }
 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_HTTPS) {
@@ -346,7 +346,7 @@ TEST_F(ServiceWorkerDispatcherHostTest, Unregister_HTTPS) {
 }
 TEST_F(ServiceWorkerDispatcherHostTest,
-       Unregister_NonSecureTransportLocalhost) {
+       Unregister_NotSecureTransportLocalhost) {
  const int64 kProviderId = 99;  // Dummy value
  scoped_ptr<ServiceWorkerProviderHost> host(
      CreateServiceWorkerProviderHost(kProviderId));
@@ -365,9 +365,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, Unregister_CrossOriginShouldFail) {
  host->SetDocumentUrl(GURL("https://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  Unregister(kProviderId,
+  SendUnregister(kProviderId, GURL("https://foo.example.com/"));
-             GURL("https://foo.example.com/"),
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-             ServiceWorkerMsg_ServiceWorkerUnregistrationError::ID);
 }
 TEST_F(ServiceWorkerDispatcherHostTest, Unregister_InvalidScopeShouldFail) {
@@ -388,9 +387,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, Unregister_NonSecureOriginShouldFail) {
  host->SetDocumentUrl(GURL("http://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  Unregister(kProviderId,
+  SendUnregister(kProviderId, GURL("http://www.example.com/"));
-             GURL("http://www.example.com/"),
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-             ServiceWorkerMsg_ServiceWorkerUnregistrationError::ID);
 }
 TEST_F(ServiceWorkerDispatcherHostTest, EarlyContextDeletion) {
@@ -455,9 +453,8 @@ TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_CrossOriginShouldFail) {
  host->SetDocumentUrl(GURL("https://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  GetRegistration(kProviderId,
+  SendGetRegistration(kProviderId, GURL("https://foo.example.com/"));
-                  GURL("https://foo.example.com/"),
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-                  ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID);
 }
 TEST_F(ServiceWorkerDispatcherHostTest,
@@ -473,16 +470,15 @@ TEST_F(ServiceWorkerDispatcherHostTest,
 }
 TEST_F(ServiceWorkerDispatcherHostTest,
-       GetRegistration_NotSecureOriginShouldFail) {
+       GetRegistration_NonSecureOriginShouldFail) {
  const int64 kProviderId = 99;  // Dummy value
  scoped_ptr<ServiceWorkerProviderHost> host(
      CreateServiceWorkerProviderHost(kProviderId));
  host->SetDocumentUrl(GURL("http://www.example.com/foo"));
  context()->AddProviderHost(host.Pass());
-  GetRegistration(kProviderId,
+  SendGetRegistration(kProviderId, GURL("http://www.example.com/"));
-                  GURL("http://www.example.com/"),
+  EXPECT_EQ(1, dispatcher_host_->bad_messages_received_count_);
-                  ServiceWorkerMsg_ServiceWorkerGetRegistrationError::ID);
 }
 TEST_F(ServiceWorkerDispatcherHostTest, GetRegistration_EarlyContextDeletion) {