[Trusted Types] De-flake trusted-types-eval-reporting test.

The WPT test trusted-types-eval-reporting was flaky, usually failing on the first run, but succeeding on the second. This was a real (and potentially serious) bug, where the CSP logic would rely on the V8 eval callback being called, but other parts would blanket-allow eval (and hence suppress the callback) because they didn't check for 'trusted types' condition. Also, minor cleanups for the test. Bug: 739170 Change-Id: I00699b115f0be474c2b6d231dcc8b884868248b7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1807218 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#698883}

[Trusted Types] De-flake trusted-types-eval-reporting test.
The WPT test trusted-types-eval-reporting was flaky, usually failing on the first run, but succeeding on the second. This was a real (and potentially serious) bug, where the CSP logic would rely on the V8 eval callback being called, but other parts would blanket-allow eval (and hence suppress the callback) because they didn't check for 'trusted types' condition. Also, minor cleanups for the test. Bug: 739170 Change-Id: I00699b115f0be474c2b6d231dcc8b884868248b7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1807218 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#698883}
5e337a86 · Daniel Vogelheim · Commit Bot · 9611515e · 5e337a86 · 5e337a86
Commit 5e337a86 authored Sep 23, 2019 by Daniel Vogelheim Committed by Commit Bot Sep 23, 2019
2 changed files
--- a/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
+++ b/third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc
@@ -182,9 +182,15 @@ void LocalWindowProxy::Initialize() {
  if (evaluate_csp_for_eval) {
    ContentSecurityPolicy* csp =
        GetFrame()->GetDocument()->GetContentSecurityPolicyForWorld();
-    context->AllowCodeGenerationFromStrings(csp->AllowEval(
-        SecurityViolationReportingPolicy::kSuppressReporting,
-        ContentSecurityPolicy::kWillNotThrowException, g_empty_string));
+    // CSP has two mechanisms for controlling eval, script-src and Trusted
+    // Types, and we need to check both.
+    // TODO(vogelheim): Provide a simple(e) API for this use case.
+    bool allow_code_generation =
+        csp->AllowEval(SecurityViolationReportingPolicy::kSuppressReporting,
+                       ContentSecurityPolicy::kWillNotThrowException,
+                       g_empty_string) &&
+        !csp->IsRequireTrustedTypes();
+    context->AllowCodeGenerationFromStrings(allow_code_generation);
    context->SetErrorMessageForCodeGenerationFromStrings(
        V8String(GetIsolate(), csp->EvalDisabledErrorMessage()));
  }

--- a/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-eval-reporting.tentative.https.html
+++ b/third_party/blink/web_tests/external/wpt/trusted-types/trusted-types-eval-reporting.tentative.https.html
 <!DOCTYPE html>
 <head>
  <script nonce="123" src="/resources/testharness.js"></script>
-  <script nonce="123"src="/resources/testharnessreport.js"></script>
-  <script nonce="123"src="/content-security-policy/support/testharness-helper.js"></script>
+  <script nonce="123" src="/resources/testharnessreport.js"></script>
 </head>
 <body>
  <script nonce="123">
@@ -23,15 +22,10 @@

  // Return function that returns a promise that resolves on the given
  // violation report.
-  //
-  // filter_arg - iff function, call it with the event object.
-  //              Else, string-ify and compare against event.originalPolicy.
  function promise_violation(filter_arg) {
    return _ => new Promise((resolve, reject) => {
      function handler(e) {
-        let matches = (filter_arg instanceof Function)
-            ? filter_arg(e)
-            : (e.originalPolicy.includes(filter_arg));
+        let matches = e.originalPolicy.includes(filter_arg);
        if (matches) {
          document.removeEventListener("securitypolicyviolation", handler);
          e.stopPropagation();
@@ -56,7 +50,6 @@
    createURL: id,
    createScript: id,
  };
-
  const scriptyPolicy = TrustedTypes.createPolicy('allowEval', a_policy);

  // Provoke/wait for a CSP violation, in order to be sure that all previous
@@ -72,33 +65,35 @@
    });
  }

-  window.script_run_beacon = 'never_overwritten';
-
  promise_test(t => {
+    let beacon = 'never_overwritten';
    let p = Promise.resolve()
        .then(promise_violation("trusted-types *"))
        .then(promise_flush());
-    expect_throws(_ => eval('script_run_beacon="should not run"'));
-    assert_equals(script_run_beacon, 'never_overwritten');
+    assert_throws(new EvalError(),
+                  _ => eval('beacon="should not run"'));
+    assert_equals(beacon, 'never_overwritten');
    flush();
    return p;
  }, "Trusted Type violation report: evaluating a string.");

  promise_test(t => {
+    let beacon = 'never_overwritten2';
    let p = promise_flush()();
-    eval(scriptyPolicy.createScript('script_run_beacon="i ran"'));
+    eval(scriptyPolicy.createScript('beacon="i ran"'));
+    assert_equals(beacon, 'i ran');
    flush();
-    assert_equals(script_run_beacon, 'i ran');
    return p;
  }, "Trusted Type violation report: evaluating a Trusted Script.");

  promise_test(t => {
+    let beacon = 'never_overwritten';
    TrustedTypes.createPolicy('default', {
      createScript: s => s.replace('payload', 'default policy'),
    }, true);
    let p = promise_flush()();
-    eval('script_run_beacon="payload"');
-    assert_equals(script_run_beacon, 'default policy');
+    eval('beacon="payload"');
+    assert_equals(beacon, 'default policy');
    flush();
    return p;
  }, "Trusted Type violation report: default policy transforms the script before CSP checks runs.");