PPAPI: Add NetworkIsolationKeys to proxy lookup requests.

This is needed to correctly isolate any DNS requests made by PPAPI in the context of one page from those made in the context of other pages. Bug: 1021661 Change-Id: Ibbca8db7df8c7e61cb9522630e70c8ccd365b5c7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2008050 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#734094}

PPAPI: Add NetworkIsolationKeys to proxy lookup requests.
This is needed to correctly isolate any DNS requests made by PPAPI in the context of one page from those made in the context of other pages. Bug: 1021661 Change-Id: Ibbca8db7df8c7e61cb9522630e70c8ccd365b5c7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2008050 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#734094}
9939a33b · Matt Menke · Commit Bot · 1e0a43e1 · 9939a33b · 9939a33b
Commit 9939a33b authored Jan 22, 2020 by Matt Menke Committed by Commit Bot Jan 22, 2020
5 changed files
--- a/chrome/test/ppapi/ppapi_browsertest.cc
+++ b/chrome/test/ppapi/ppapi_browsertest.cc
@@ -1277,7 +1277,9 @@ TEST_PPAPI_NACL_DISALLOWED_SOCKETS(UDPSocketPrivateDisallowed)
 // is present in the DNS cache with the NetworkIsolationKey associated with the
 // foreground WebContents - this is needed so as not to leak what hostnames were
 // looked up across tabs with different first party origins.
-void CheckTestHostNameUsedWithCorrectNetworkIsolationKey(Browser* browser) {
+void CheckTestHostNameUsedWithCorrectNetworkIsolationKey(
+    Browser* browser,
+    bool include_canonical_name) {
  network::mojom::NetworkContext* network_context =
      content::BrowserContext::GetDefaultStoragePartition(browser->profile())
          ->GetNetworkContext();
@@ -1289,7 +1291,7 @@ void CheckTestHostNameUsedWithCorrectNetworkIsolationKey(Browser* browser) {
  // Cache only lookup.
  params->source = net::HostResolverSource::LOCAL_ONLY;
  // Match the parameters used by the test.
-  params->include_canonical_name = true;
+  params->include_canonical_name = include_canonical_name;
  net::NetworkIsolationKey network_isolation_key =
      browser->tab_strip_model()
          ->GetActiveWebContents()
@@ -1321,7 +1323,8 @@ void CheckTestHostNameUsedWithCorrectNetworkIsolationKey(Browser* browser) {
 #define RUN_HOST_RESOLVER_SUBTESTS                                             \
  RunTestViaHTTP(LIST_TEST(HostResolver_Empty) LIST_TEST(HostResolver_Resolve) \
                     LIST_TEST(HostResolver_ResolveIPv4));                     \
-  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(browser())
+  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(                         \
+      browser(), true /* include_canonical_name */)

 IN_PROC_BROWSER_TEST_F(OutOfProcessPPAPITest, HostResolverCrash_Basic) {
  if (content::IsInProcessNetworkService())
@@ -2166,7 +2169,33 @@ TEST_PPAPI_NACL(MAYBE_MediaStreamVideoTrack)

 TEST_PPAPI_NACL(MouseCursor)

-TEST_PPAPI_NACL(NetworkProxy)
+// Proxy configuration test. The PPAPI code used by these tests is in
+// ppapi/tests/test_network_proxy.cc.
+
+IN_PROC_BROWSER_TEST_F(OutOfProcessPPAPITest, NetworkProxy) {
+  RunTestViaHTTP(STRIP_PREFIXES(NetworkProxy));
+  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(
+      browser(), false /* include_canonical_name */);
+}
+
+IN_PROC_BROWSER_TEST_F(PPAPINaClNewlibTest, NetworkProxy) {
+  RunTestViaHTTP(STRIP_PREFIXES(NetworkProxy));
+  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(
+      browser(), false /* include_canonical_name */);
+}
+
+IN_PROC_BROWSER_TEST_F(PPAPINaClPNaClTest, MAYBE_PPAPI_NACL(NetworkProxy)) {
+  RunTestViaHTTP(STRIP_PREFIXES(NetworkProxy));
+  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(
+      browser(), false /* include_canonical_name */);
+}
+
+IN_PROC_BROWSER_TEST_F(PPAPINaClPNaClNonSfiTest,
+                       MAYBE_PNACL_NONSFI(NetworkProxy)) {
+  RunTestViaHTTP(STRIP_PREFIXES(NetworkProxy));
+  CheckTestHostNameUsedWithCorrectNetworkIsolationKey(
+      browser(), false /* include_canonical_name */);
+}

 // TODO(crbug.com/619765): get working on CrOS build.
 #if defined(OS_CHROMEOS)

--- a/chrome/test/ppapi/ppapi_test.cc
+++ b/chrome/test/ppapi/ppapi_test.cc
@@ -160,9 +160,24 @@ void PPAPITestBase::SetUpCommandLine(base::CommandLine* command_line) {

  // Smooth scrolling confuses the scrollbar test.
  command_line->AppendSwitch(switches::kDisableSmoothScrolling);
+
+  // For a particular host name, resolve another specific host name (which
+  // should then be added to the DNS cache), and then return a particular proxy.
+  // Otherwise, return DIRECT.
+  command_line->AppendSwitchASCII(switches::kProxyPacUrl,
+                                  "data:,"
+                                  "function FindProxyForURL(url, host) {"
+                                  "  if (host == 'use.proxy.test') {"
+                                  "    dnsResolveEx('host_resolver.test');"
+                                  "    return 'PROXY proxy.test';"
+                                  "  }"
+                                  "  return 'DIRECT'"
+                                  "}");
 }

 void PPAPITestBase::SetUpOnMainThread() {
+  host_resolver()->AddRule("host_resolver.test",
+                           embedded_test_server()->host_port_pair().host());
  host_resolver()->AddRuleWithFlags(
      "host_resolver.test", embedded_test_server()->host_port_pair().host(),
      net::HOST_RESOLVER_CANONNAME);

--- a/content/browser/renderer_host/pepper/pepper_network_proxy_host.cc
+++ b/content/browser/renderer_host/pepper/pepper_network_proxy_host.cc
@@ -46,9 +46,9 @@ bool LookUpProxyForURLCallback(
  StoragePartition* storage_partition = BrowserContext::GetStoragePartition(
      site_instance->GetBrowserContext(), site_instance);

-  // TODO(https://crbug.com/1021661): Pass in a non-empty NetworkIsolationKey.
  storage_partition->GetNetworkContext()->LookUpProxyForURL(
-      url, net::NetworkIsolationKey::Todo(), std::move(proxy_lookup_client));
+      url, render_frame_host->GetNetworkIsolationKey(),
+      std::move(proxy_lookup_client));
  return true;
 }


--- a/content/test/ppapi/ppapi_browsertest.cc
+++ b/content/test/ppapi/ppapi_browsertest.cc
@@ -122,8 +122,6 @@ TEST_PPAPI_OUT_OF_PROCESS(MessageHandler)
 TEST_PPAPI_OUT_OF_PROCESS(MessageLoop_Basics)
 TEST_PPAPI_OUT_OF_PROCESS(MessageLoop_Post)

-TEST_PPAPI_OUT_OF_PROCESS(NetworkProxy)
-
 // TODO(danakj): http://crbug.com/115286
 TEST_PPAPI_IN_PROCESS(DISABLED_Scrollbar)
 // http://crbug.com/89961

--- a/ppapi/tests/test_network_proxy.cc
+++ b/ppapi/tests/test_network_proxy.cc
@@ -33,15 +33,12 @@ std::string TestNetworkProxy::TestGetProxyForURL() {
  // Assume no one configures a proxy for localhost.
  ASSERT_EQ("DIRECT", callback.output().AsString());

-  callback.WaitForResult(
-      pp::NetworkProxy::GetProxyForURL(instance_,
-                                       pp::Var("http://www.google.com"),
-                                       callback.GetCallback()));
+  callback.WaitForResult(pp::NetworkProxy::GetProxyForURL(
+      instance_, pp::Var("https://use.proxy.test/"), callback.GetCallback()));
  CHECK_CALLBACK_BEHAVIOR(callback);
  ASSERT_EQ(PP_OK, callback.result());
  output = callback.output();
-  // Don't know what the proxy might be, but it should be a valid result.
-  ASSERT_TRUE(output.is_string());
+  ASSERT_EQ("PROXY proxy.test:80", callback.output().AsString());

  callback.WaitForResult(
      pp::NetworkProxy::GetProxyForURL(instance_,