WebAssembly: disable some APIs under CSP
authorjfbastien@apple.com <jfbastien@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Jun 2017 18:49:18 +0000 (18:49 +0000)
committerjfbastien@apple.com <jfbastien@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Jun 2017 18:49:18 +0000 (18:49 +0000)
https://bugs.webkit.org/show_bug.cgi?id=173892
<rdar://problem/32914613>

Reviewed by Daniel Bates.

Source/JavaScriptCore:

We should disable parts of WebAssembly under Content Security
Policy as discussed here:

https://github.com/WebAssembly/design/issues/1092

Exactly what should be disabled isn't super clear, so we may as
well be conservative and disable many things if developers already
opted into CSP. It's easy to loosen what we disable later.

This patch disables:
- WebAssembly.Instance
- WebAssembly.instantiate
- WebAssembly.Memory
- WebAssembly.Table

And leaves:
- WebAssembly on the global object
- WebAssembly.Module
- WebAssembly.compile
- WebAssembly.CompileError
- WebAssembly.LinkError

Nothing because currently unimplmented:
- WebAssembly.compileStreaming
- WebAssembly.instantiateStreaming

That way it won't be possible to call WebAssembly-compiled code,
or create memories (which use fancy 4GiB allocations
sometimes). Table isn't really useful on its own, and eventually
we may make them shareable so without more details it seems benign
to disable them (and useless if we don't).

I haven't done anything with postMessage, so you can still
postMessage a WebAssembly.Module cross-CSP, but you can't
instantiate it so it's useless. Because of this I elected to leave
WebAssembly.Module and friends available.

I haven't added any new directives. It's still unsafe-eval. We can
add something else later, but it seems odd to add a WebAssembly as
a new capability and tell developers "you should have been using
this directive which we just implemented if you wanted to disable
WebAssembly which didn't exist when you adopted CSP". So IMO we
should keep unsafe-eval as it currently is, add WebAssembly to
what it disables, and later consider having two new directives
which do each individually or something.

In all cases I throw an EvalError *before* other WebAssembly
errors would be produced.

Note that, as for eval, reporting doesn't work and is tracked by
https://webkit.org/b/111869

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::webAssemblyEnabled):
(JSC::JSGlobalObject::webAssemblyDisabledErrorMessage):
(JSC::JSGlobalObject::setWebAssemblyEnabled):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::create):
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::create):
* wasm/js/JSWebAssemblyMemory.h:
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::create):
* wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::constructJSWebAssemblyMemory):

Source/WebCore:

This does the basic separation of eval-blocked and
WebAssembly-blocked, but currently only blocks neither or both. I
think we'll eventually consider allowing one to be blocked but not
the other, so this separation makes sense and means that when we
want to do the change it'll be tiny. At a minimum we want a
different error message, which this patch provides (a lot of the
code ties blocking to the error message).

Tests: http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html
       http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html
       http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html
       http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
       http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html

* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::enableWebAssembly):
(WebCore::ScriptController::disableWebAssembly):
* bindings/js/ScriptController.h:
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::disableWebAssembly):
* bindings/js/WorkerScriptController.h:
* dom/Document.cpp:
(WebCore::Document::disableWebAssembly):
* dom/Document.h:
* dom/ScriptExecutionContext.h:
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::didCreateWindowProxy):
(WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext):
* page/csp/ContentSecurityPolicy.h:
* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::create):
* page/csp/ContentSecurityPolicyDirectiveList.h:
(WebCore::ContentSecurityPolicyDirectiveList::webAssemblyDisabledErrorMessage):
(WebCore::ContentSecurityPolicyDirectiveList::setWebAssemblyDisabledErrorMessage):
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::disableWebAssembly):
* workers/WorkerGlobalScope.h:

LayoutTests:

These tests are basically the same as eval-blocked, but with
WebAssembly APIs instead of eval.

Disable all of them on iOS simulator which doesn't support
WebAssembly (whereas iOS does).

* http/tests/security/contentSecurityPolicy/WebAssembly-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html: Added.
* http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/resources/WebAssembly-blocked-in-external-script.js: Added.
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

35 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/WebAssembly-blocked-in-external-script.js [new file with mode: 0644]
LayoutTests/platform/ios-simulator/TestExpectations
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/ScriptController.cpp
Source/WebCore/bindings/js/ScriptController.h
Source/WebCore/bindings/js/WorkerScriptController.cpp
Source/WebCore/bindings/js/WorkerScriptController.h
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/dom/ScriptExecutionContext.h
Source/WebCore/page/csp/ContentSecurityPolicy.cpp
Source/WebCore/page/csp/ContentSecurityPolicy.h
Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h
Source/WebCore/workers/WorkerGlobalScope.cpp
Source/WebCore/workers/WorkerGlobalScope.h

index b4e6d29bc15e0a45d77eb3c77faf76cf7bdf580f..9405a6d7612b6f522dcd8728483e1d11ca73b08a 100644 (file)
@@ -1,3 +1,30 @@
+2017-06-29  JF Bastien  <jfbastien@apple.com>
+
+        WebAssembly: disable some APIs under CSP
+        https://bugs.webkit.org/show_bug.cgi?id=173892
+        <rdar://problem/32914613>
+
+        Reviewed by Daniel Bates.
+
+        These tests are basically the same as eval-blocked, but with
+        WebAssembly APIs instead of eval.
+
+        Disable all of them on iOS simulator which doesn't support
+        WebAssembly (whereas iOS does).
+
+        * http/tests/security/contentSecurityPolicy/WebAssembly-allowed-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html: Added.
+        * http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html: Added.
+        * http/tests/security/contentSecurityPolicy/resources/WebAssembly-blocked-in-external-script.js: Added.
+        * platform/ios-simulator/TestExpectations:
+
 2017-06-29  Antoine Quint  <graouts@apple.com>
 
         Full stop shows to the right of the picture-in-picture localised string in Hebrew
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed-expected.txt
new file mode 100644 (file)
index 0000000..95c40b9
--- /dev/null
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 13: PASS
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html
new file mode 100644 (file)
index 0000000..de7da7d
--- /dev/null
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' 'unsafe-eval'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<script>
+new WebAssembly.Instance(new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00)));
+console.log(`PASS`);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-expected.txt
new file mode 100644 (file)
index 0000000..320806b
--- /dev/null
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: line 19: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 20: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 21: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 22: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 23: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 24: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe-expected.txt
new file mode 100644 (file)
index 0000000..5e1232e
--- /dev/null
@@ -0,0 +1,4 @@
+ALERT: /PASS/
+CONSOLE MESSAGE: line 1: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+ WebAssembly should be blocked in the iframe, but inline script should be allowed.
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html
new file mode 100644 (file)
index 0000000..126ca04
--- /dev/null
@@ -0,0 +1,12 @@
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+<iframe src="about:blank"></iframe>
+WebAssembly should be blocked in the iframe, but inline script should be allowed.
+<script>
+window.onload = function() {
+    frames[0].document.write("<script>alert(/PASS/); new WebAssembly.Instance(new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00)));<\/script>");
+}
+</script>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script-expected.txt
new file mode 100644 (file)
index 0000000..bf85371
--- /dev/null
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
+
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html
new file mode 100644 (file)
index 0000000..5f77106
--- /dev/null
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<script src="resources/WebAssembly-blocked-in-external-script.js"></script>
+</head>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe-expected.txt
new file mode 100644 (file)
index 0000000..f5b5437
--- /dev/null
@@ -0,0 +1,20 @@
+CONSOLE MESSAGE: line 19: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 20: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 21: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 22: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 23: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+CONSOLE MESSAGE: line 24: EvalError: Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline'".
+
+Tests that WebAssembly is blocked in a subframe that disallows WebAssembly when the parent frame allows WebAssembly.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
new file mode 100644 (file)
index 0000000..4c04704
--- /dev/null
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+}
+</script>
+</head>
+<body>
+<p>Tests that WebAssembly is blocked in a subframe that disallows WebAssembly when the parent frame allows WebAssembly.</p>
+<iframe src="WebAssembly-blocked.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html b/LayoutTests/http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html
new file mode 100644 (file)
index 0000000..d99d115
--- /dev/null
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+const empty = Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00);
+</script>
+</head>
+<body>
+<!-- The WebAssembly global object and some of its members aren't blocked. -->
+<script>if (typeof WebAssembly !== "object") throw new Error(`Expected WebAssembly object to be accessible under CSP`)</script>
+<script>new WebAssembly.CompileError(`This is OK`)</script>
+<script>new WebAssembly.LinkError(`This is OK`)</script>
+<script>new WebAssembly.Module(empty)</script>
+<script>if (!WebAssembly.validate(empty)) throw new Error(`Expected validation to succeed`)</script>
+<!-- The following APIs aren't accessible under CSP. -->
+<script>new WebAssembly.Memory({ initial: 1 })</script>
+<script>new WebAssembly.Memory({ initial: 1, maximum: 1 })</script>
+<script>new WebAssembly.Memory({ initial: 1, maximum: 1, shared: true })</script>
+<script>new WebAssembly.Table({ element: "anyfunc", initial: 1 })</script>
+<script>new WebAssembly.Table({ element: "anyfunc", initial: 1, maximum: 1 })</script>
+<script>new WebAssembly.Instance(new WebAssembly.Module(empty))</script>
+<!-- FIXME: add WebAssembly.compile and WebAssembly.instantiate https://bugs.webkit.org/show_bug.cgi?id=173977 -->
+<!-- FIXME: add WebAssembly.compileStreaming and WebAssembly.instantiateStreaming https://bugs.webkit.org/show_bug.cgi?id=173105 -->
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/resources/WebAssembly-blocked-in-external-script.js b/LayoutTests/http/tests/security/contentSecurityPolicy/resources/WebAssembly-blocked-in-external-script.js
new file mode 100644 (file)
index 0000000..76227b3
--- /dev/null
@@ -0,0 +1 @@
+new WebAssembly.Instance(new WebAssembly.Module(Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x1, 0x00, 0x00, 0x00)));
index 082a22a8009a27b10711b872b892e21e1a456efe..afc2032aa5413a87c78db05ad022d75e9405d74a 100644 (file)
@@ -132,3 +132,10 @@ webkit.org/b/156718 storage/websql/alter-to-info-table.html [ Failure ]
 # This test relies on Arial being used to draw Arabic. However, on iOS,
 # we explicitly disallow this because this font is too slow.
 fast/text/initial-advance-in-intermediate-run-complex.html [ ImageOnlyFailure ]
+
+# Simulator doesn't support WebAssembly.
+http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html [ Failure ]
+http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html [ Failure ]
+http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html [ Failure ]
+http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html [ Failure ]
+http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html [ Failure ]
index 2ee8371ec765e0179bf59d7e11df93001dff211a..04936dd1f5651bb4b667e6fdc953d9ee28edbaa6 100644 (file)
@@ -1,3 +1,79 @@
+2017-06-29  JF Bastien  <jfbastien@apple.com>
+
+        WebAssembly: disable some APIs under CSP
+        https://bugs.webkit.org/show_bug.cgi?id=173892
+        <rdar://problem/32914613>
+
+        Reviewed by Daniel Bates.
+
+        We should disable parts of WebAssembly under Content Security
+        Policy as discussed here:
+
+        https://github.com/WebAssembly/design/issues/1092
+
+        Exactly what should be disabled isn't super clear, so we may as
+        well be conservative and disable many things if developers already
+        opted into CSP. It's easy to loosen what we disable later.
+
+        This patch disables:
+        - WebAssembly.Instance
+        - WebAssembly.instantiate
+        - WebAssembly.Memory
+        - WebAssembly.Table
+
+        And leaves:
+        - WebAssembly on the global object
+        - WebAssembly.Module
+        - WebAssembly.compile
+        - WebAssembly.CompileError
+        - WebAssembly.LinkError
+
+        Nothing because currently unimplmented:
+        - WebAssembly.compileStreaming
+        - WebAssembly.instantiateStreaming
+
+        That way it won't be possible to call WebAssembly-compiled code,
+        or create memories (which use fancy 4GiB allocations
+        sometimes). Table isn't really useful on its own, and eventually
+        we may make them shareable so without more details it seems benign
+        to disable them (and useless if we don't).
+
+        I haven't done anything with postMessage, so you can still
+        postMessage a WebAssembly.Module cross-CSP, but you can't
+        instantiate it so it's useless. Because of this I elected to leave
+        WebAssembly.Module and friends available.
+
+        I haven't added any new directives. It's still unsafe-eval. We can
+        add something else later, but it seems odd to add a WebAssembly as
+        a new capability and tell developers "you should have been using
+        this directive which we just implemented if you wanted to disable
+        WebAssembly which didn't exist when you adopted CSP". So IMO we
+        should keep unsafe-eval as it currently is, add WebAssembly to
+        what it disables, and later consider having two new directives
+        which do each individually or something.
+
+        In all cases I throw an EvalError *before* other WebAssembly
+        errors would be produced.
+
+        Note that, as for eval, reporting doesn't work and is tracked by
+        https://webkit.org/b/111869
+
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::webAssemblyEnabled):
+        (JSC::JSGlobalObject::webAssemblyDisabledErrorMessage):
+        (JSC::JSGlobalObject::setWebAssemblyEnabled):
+        * wasm/js/JSWebAssemblyInstance.cpp:
+        (JSC::JSWebAssemblyInstance::create):
+        * wasm/js/JSWebAssemblyMemory.cpp:
+        (JSC::JSWebAssemblyMemory::create):
+        * wasm/js/JSWebAssemblyMemory.h:
+        * wasm/js/JSWebAssemblyTable.cpp:
+        (JSC::JSWebAssemblyTable::create):
+        * wasm/js/WebAssemblyMemoryConstructor.cpp:
+        (JSC::constructJSWebAssemblyMemory):
+
 2017-06-28  Keith Miller  <keith_miller@apple.com>
 
         VMTraps has some races
index 6838eedad66b45ad71bb7875f1922298e7089e4f..f7cf4ae10f24e290c926304b141f1edcb371bfca 100644 (file)
@@ -330,9 +330,7 @@ JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectM
     , m_setAddWatchpoint(IsWatched)
     , m_arraySpeciesWatchpoint(ClearWatchpoint)
     , m_templateRegistry(vm)
-    , m_evalEnabled(true)
     , m_runtimeFlags()
-    , m_consoleClient(nullptr)
     , m_globalObjectMethodTable(globalObjectMethodTable ? globalObjectMethodTable : &s_globalObjectMethodTable)
 {
 }
index e1d7d7159ba69993b49cc9ace701f49e0218ea0c..1282a3bd73dfda933ce7db99d242ad84ba2ef838 100644 (file)
@@ -441,10 +441,12 @@ public:
 
     TemplateRegistry m_templateRegistry;
 
-    bool m_evalEnabled;
+    bool m_evalEnabled { true };
+    bool m_webAssemblyEnabled { true };
     String m_evalDisabledErrorMessage;
+    String m_webAssemblyDisabledErrorMessage;
     RuntimeFlags m_runtimeFlags;
-    ConsoleClient* m_consoleClient;
+    ConsoleClient* m_consoleClient { nullptr };
 
     static JS_EXPORTDATA const GlobalObjectMethodTable s_globalObjectMethodTable;
     const GlobalObjectMethodTable* m_globalObjectMethodTable;
@@ -799,12 +801,19 @@ public:
     void queueMicrotask(Ref<Microtask>&&);
 
     bool evalEnabled() const { return m_evalEnabled; }
+    bool webAssemblyEnabled() const { return m_webAssemblyEnabled; }
     const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorMessage; }
+    const String& webAssemblyDisabledErrorMessage() const { return m_webAssemblyDisabledErrorMessage; }
     void setEvalEnabled(bool enabled, const String& errorMessage = String())
     {
         m_evalEnabled = enabled;
         m_evalDisabledErrorMessage = errorMessage;
     }
+    void setWebAssemblyEnabled(bool enabled, const String& errorMessage = String())
+    {
+        m_webAssemblyEnabled = enabled;
+        m_webAssemblyDisabledErrorMessage = errorMessage;
+    }
 
     void resetPrototype(VM&, JSValue prototype);
 
index 0e87737f1a2e12d07ba0800377d438c3117c81fe..3f7440ad99b0b1ae1006eb2dc5199bb44f17151d 100644 (file)
@@ -141,6 +141,9 @@ JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, JS
         return nullptr;
     };
 
+    if (!globalObject->webAssemblyEnabled())
+        return exception(createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+
     auto importFailMessage = [&] (const Wasm::Import& import, const char* before, const char* after) {
         return makeString(before, " ", String::fromUTF8(import.module), ":", String::fromUTF8(import.field), " ", after);
     };
@@ -319,7 +322,7 @@ JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, JS
                 return exception(createOutOfMemoryError(exec));
 
             instance->m_memory.set(vm, instance,
-                JSWebAssemblyMemory::create(vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), memory.releaseNonNull()));
+                JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), memory.releaseNonNull()));
             RETURN_IF_EXCEPTION(throwScope, nullptr);
         }
     }
@@ -345,7 +348,8 @@ JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, JS
     
     if (!instance->memory()) {
         // Make sure we have a dummy memory, so that wasm -> wasm thunks avoid checking for a nullptr Memory when trying to set pinned registers.
-        instance->m_memory.set(vm, instance, JSWebAssemblyMemory::create(vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), adoptRef(*(new Wasm::Memory()))));
+        instance->m_memory.set(vm, instance, JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), adoptRef(*(new Wasm::Memory()))));
+        RETURN_IF_EXCEPTION(throwScope, nullptr);
     }
     
     // Globals
index 6530bd01b66e12c1d54deaa7a8626498f7ff4589..3ebee1462032bf72dad569970843508ef359a316 100644 (file)
@@ -37,8 +37,19 @@ namespace JSC {
 
 const ClassInfo JSWebAssemblyMemory::s_info = { "WebAssembly.Memory", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSWebAssemblyMemory) };
 
-JSWebAssemblyMemory* JSWebAssemblyMemory::create(VM& vm, Structure* structure, Ref<Wasm::Memory>&& memory)
+JSWebAssemblyMemory* JSWebAssemblyMemory::create(ExecState* exec, VM& vm, Structure* structure, Ref<Wasm::Memory>&& memory)
 {
+    auto throwScope = DECLARE_THROW_SCOPE(vm);
+    auto* globalObject = exec->lexicalGlobalObject();
+
+    auto exception = [&] (JSObject* error) {
+        throwException(exec, throwScope, error);
+        return nullptr;
+    };
+
+    if (!globalObject->webAssemblyEnabled())
+        return exception(createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+
     auto* instance = new (NotNull, allocateCell<JSWebAssemblyMemory>(vm.heap)) JSWebAssemblyMemory(vm, structure, WTFMove(memory));
     instance->m_memory->check();
     instance->finishCreation(vm);
index 21936996935c324d66fb01b1c4e171f03d0217e4..1096baae3e26efb0a8ae1d069d52644aa06171d1 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -41,7 +41,7 @@ class JSWebAssemblyMemory : public JSDestructibleObject {
 public:
     typedef JSDestructibleObject Base;
 
-    static JSWebAssemblyMemory* create(VM&, Structure*, Ref<Wasm::Memory>&&);
+    static JSWebAssemblyMemory* create(ExecState*, VM&, Structure*, Ref<Wasm::Memory>&&);
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
 
     DECLARE_EXPORT_INFO;
index 63675b41b116debc3fa10aaca436db1f01b93967..ff46d4dadc3dc16661217e337665ed39a90b403a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -39,10 +39,18 @@ const ClassInfo JSWebAssemblyTable::s_info = { "WebAssembly.Table", &Base::s_inf
 JSWebAssemblyTable* JSWebAssemblyTable::create(ExecState* exec, VM& vm, Structure* structure, uint32_t initial, std::optional<uint32_t> maximum)
 {
     auto throwScope = DECLARE_THROW_SCOPE(vm);
-    if (!isValidSize(initial)) {
-        throwException(exec, throwScope, createOutOfMemoryError(exec));
+    auto* globalObject = exec->lexicalGlobalObject();
+
+    auto exception = [&] (JSObject* error) {
+        throwException(exec, throwScope, error);
         return nullptr;
-    }
+    };
+
+    if (!globalObject->webAssemblyEnabled())
+        return exception(createEvalError(exec, globalObject->webAssemblyDisabledErrorMessage()));
+
+    if (!isValidSize(initial))
+        return exception(createOutOfMemoryError(exec));
 
     auto* instance = new (NotNull, allocateCell<JSWebAssemblyTable>(vm.heap)) JSWebAssemblyTable(vm, structure, initial, maximum);
     instance->finishCreation(vm);
index 59a44639426ed8ff8989aeaecf569b8e5dc0db56..c9899907eb6acf9a24d1694938f5eab6819648c7 100644 (file)
@@ -100,7 +100,10 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyMemory(ExecState* exec
     if (!memory)
         return JSValue::encode(throwException(exec, throwScope, createOutOfMemoryError(exec)));
 
-    return JSValue::encode(JSWebAssemblyMemory::create(vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), adoptRef(*memory.leakRef())));
+    auto* jsMemory = JSWebAssemblyMemory::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyMemoryStructure(), adoptRef(*memory.leakRef()));
+    RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
+
+    return JSValue::encode(jsMemory);
 }
 
 static EncodedJSValue JSC_HOST_CALL callJSWebAssemblyMemory(ExecState* exec)
index 4707971369c9afb89dcd6dd470935d940612da69..50caac6409c9d4fc5e46b221aa5d6b5c23295068 100644 (file)
@@ -1,3 +1,49 @@
+2017-06-29  JF Bastien  <jfbastien@apple.com>
+
+        WebAssembly: disable some APIs under CSP
+        https://bugs.webkit.org/show_bug.cgi?id=173892
+        <rdar://problem/32914613>
+
+        Reviewed by Daniel Bates.
+
+        This does the basic separation of eval-blocked and
+        WebAssembly-blocked, but currently only blocks neither or both. I
+        think we'll eventually consider allowing one to be blocked but not
+        the other, so this separation makes sense and means that when we
+        want to do the change it'll be tiny. At a minimum we want a
+        different error message, which this patch provides (a lot of the
+        code ties blocking to the error message).
+
+        Tests: http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html
+               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html
+               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html
+               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
+               http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html
+
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::enableWebAssembly):
+        (WebCore::ScriptController::disableWebAssembly):
+        * bindings/js/ScriptController.h:
+        * bindings/js/WorkerScriptController.cpp:
+        (WebCore::WorkerScriptController::disableWebAssembly):
+        * bindings/js/WorkerScriptController.h:
+        * dom/Document.cpp:
+        (WebCore::Document::disableWebAssembly):
+        * dom/Document.h:
+        * dom/ScriptExecutionContext.h:
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didCreateWindowProxy):
+        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext):
+        * page/csp/ContentSecurityPolicy.h:
+        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
+        (WebCore::ContentSecurityPolicyDirectiveList::create):
+        * page/csp/ContentSecurityPolicyDirectiveList.h:
+        (WebCore::ContentSecurityPolicyDirectiveList::webAssemblyDisabledErrorMessage):
+        (WebCore::ContentSecurityPolicyDirectiveList::setWebAssemblyDisabledErrorMessage):
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::disableWebAssembly):
+        * workers/WorkerGlobalScope.h:
+
 2017-06-29  Zalan Bujtas  <zalan@apple.com>
 
         Make InlineBox::m_topLeft and m_logicalWidth protected.
index f8b9e1bb688b78b4ee7344ef20a7205ae7daf467..6088f9f1ed0d64bc6baf08d1fef1a1e30432f49d 100644 (file)
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2006-2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2006-2017 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -446,6 +446,14 @@ void ScriptController::enableEval()
     windowProxy->window()->setEvalEnabled(true);
 }
 
+void ScriptController::enableWebAssembly()
+{
+    auto* windowProxy = existingWindowProxy(mainThreadNormalWorld());
+    if (!windowProxy)
+        return;
+    windowProxy->window()->setWebAssemblyEnabled(true);
+}
+
 void ScriptController::disableEval(const String& errorMessage)
 {
     auto* windowProxy = existingWindowProxy(mainThreadNormalWorld());
@@ -454,6 +462,14 @@ void ScriptController::disableEval(const String& errorMessage)
     windowProxy->window()->setEvalEnabled(false, errorMessage);
 }
 
+void ScriptController::disableWebAssembly(const String& errorMessage)
+{
+    auto* windowProxy = existingWindowProxy(mainThreadNormalWorld());
+    if (!windowProxy)
+        return;
+    windowProxy->window()->setWebAssemblyEnabled(false, errorMessage);
+}
+
 bool ScriptController::processingUserGesture()
 {
     return UserGestureIndicator::processingUserGesture();
index 37f489a0fd28df1090a635223527c0fa14dea8d3..ec4ed370d7197774af049920d46cca78052d0b5a 100644 (file)
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 1999 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2008-2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008-2017 Apple Inc. All rights reserved.
  *  Copyright (C) 2008 Eric Seidel <eric@webkit.org>
  *
  *  This library is free software; you can redistribute it and/or
@@ -129,7 +129,9 @@ public:
     WTF::TextPosition eventHandlerPosition() const;
 
     void enableEval();
+    void enableWebAssembly();
     void disableEval(const String& errorMessage);
+    void disableWebAssembly(const String& errorMessage);
 
     WEBCORE_EXPORT static bool processingUserGesture();
     WEBCORE_EXPORT static bool processingUserGestureForMedia();
index ac9762554d911fb78cf7fe79c34b4a6526276a2a..4dd166ad2cad958418ef32c03fab8db81522d000 100644 (file)
@@ -187,11 +187,19 @@ bool WorkerScriptController::isExecutionForbidden() const
 void WorkerScriptController::disableEval(const String& errorMessage)
 {
     initScriptIfNeeded();
-    JSLockHolder lock(vm());
+    JSLockHolder lock{vm()};
 
     m_workerGlobalScopeWrapper->setEvalEnabled(false, errorMessage);
 }
 
+void WorkerScriptController::disableWebAssembly(const String& errorMessage)
+{
+    initScriptIfNeeded();
+    JSLockHolder lock{vm()};
+
+    m_workerGlobalScopeWrapper->setWebAssemblyEnabled(false, errorMessage);
+}
+
 void WorkerScriptController::releaseHeapAccess()
 {
     m_vm->heap.releaseAccess();
index c19b164e7f4c61a0a988a9eb06f743da0d79563c..ed0c2135bd6388124f5cf4513bde350a9dd3f03b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2015, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved.
  * Copyright (C) 2012 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -75,6 +75,7 @@ namespace WebCore {
         bool isExecutionForbidden() const;
 
         void disableEval(const String& errorMessage);
+        void disableWebAssembly(const String& errorMessage);
 
         JSC::VM& vm() { return *m_vm; }
         
index e11e0ca20b6ae8878b6f26c2ddb66d4b503c13be..eb4f73c89482f2dac46e7a99cebc5818350ba0be 100644 (file)
@@ -3066,6 +3066,14 @@ void Document::disableEval(const String& errorMessage)
     frame()->script().disableEval(errorMessage);
 }
 
+void Document::disableWebAssembly(const String& errorMessage)
+{
+    if (!frame())
+        return;
+
+    frame()->script().disableWebAssembly(errorMessage);
+}
+
 #if ENABLE(INDEXED_DATABASE)
 
 IDBClient::IDBConnectionProxy* Document::idbConnectionProxy()
index 273ca92bd79a7aee74c5b6e0891d2136c59801a2..5a1a7ddefda0a8c70dfd8e74b8924293599d47a4 100644 (file)
@@ -658,6 +658,7 @@ public:
     String userAgent(const URL&) const final;
 
     void disableEval(const String& errorMessage) final;
+    void disableWebAssembly(const String& errorMessage) final;
 
 #if ENABLE(INDEXED_DATABASE)
     IDBClient::IDBConnectionProxy* idbConnectionProxy() final;
index eac41ffd7d0fb75b92d5583cd6f132b97585f00b..afbf105de95196dac47003c3085631dff399f71c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008, 2009, 2010, 2011, 2013, 2014, 2015, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved.
  * Copyright (C) 2012 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -85,6 +85,7 @@ public:
     virtual String userAgent(const URL&) const = 0;
 
     virtual void disableEval(const String& errorMessage) = 0;
+    virtual void disableWebAssembly(const String& errorMessage) = 0;
 
 #if ENABLE(INDEXED_DATABASE)
     virtual IDBClient::IDBConnectionProxy* idbConnectionProxy() = 0;
index e2771684a14175c11b573cbea9a770c706d4a131..c4521f1315ac556ff0381a9b2f874583c21d348c 100644 (file)
@@ -159,6 +159,7 @@ void ContentSecurityPolicy::didCreateWindowProxy(JSDOMWindowProxy& windowProxy)
         return;
     }
     window->setEvalEnabled(m_lastPolicyEvalDisabledErrorMessage.isNull(), m_lastPolicyEvalDisabledErrorMessage);
+    window->setWebAssemblyEnabled(m_lastPolicyWebAssemblyDisabledErrorMessage.isNull(), m_lastPolicyWebAssemblyDisabledErrorMessage);
 }
 
 ContentSecurityPolicyResponseHeaders ContentSecurityPolicy::responseHeaders() const
@@ -230,14 +231,18 @@ void ContentSecurityPolicy::applyPolicyToScriptExecutionContext()
     bool enableStrictMixedContentMode = false;
     for (auto& policy : m_policies) {
         const ContentSecurityPolicyDirective* violatedDirective = policy->violatedDirectiveForUnsafeEval();
-        if (violatedDirective && !violatedDirective->directiveList().isReportOnly())
+        if (violatedDirective && !violatedDirective->directiveList().isReportOnly()) {
             m_lastPolicyEvalDisabledErrorMessage = policy->evalDisabledErrorMessage();
+            m_lastPolicyWebAssemblyDisabledErrorMessage = policy->webAssemblyDisabledErrorMessage();
+        }
         if (policy->hasBlockAllMixedContentDirective() && !policy->isReportOnly())
             enableStrictMixedContentMode = true;
     }
 
     if (!m_lastPolicyEvalDisabledErrorMessage.isNull())
         m_scriptExecutionContext->disableEval(m_lastPolicyEvalDisabledErrorMessage);
+    if (!m_lastPolicyWebAssemblyDisabledErrorMessage.isNull())
+        m_scriptExecutionContext->disableWebAssembly(m_lastPolicyWebAssemblyDisabledErrorMessage);
     if (m_sandboxFlags != SandboxNone && is<Document>(m_scriptExecutionContext))
         m_scriptExecutionContext->enforceSandboxFlags(m_sandboxFlags);
     if (enableStrictMixedContentMode)
index 99a392f0fdd831fce27d3386599df2bafa42bfb3..b05f03701844b176f9165c5a4ede2a021a64927b 100644 (file)
@@ -207,6 +207,7 @@ private:
     String m_selfSourceProtocol;
     CSPDirectiveListVector m_policies;
     String m_lastPolicyEvalDisabledErrorMessage;
+    String m_lastPolicyWebAssemblyDisabledErrorMessage;
     SandboxFlags m_sandboxFlags;
     bool m_overrideInlineStyleAllowed { false };
     bool m_isReportingEnabled { true };
index 4bdc6f1d2895ae10a48d0e227c69ba8215dbff39..76944def00773d1ae3424ad61b0fe723b527a629 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -109,8 +109,10 @@ std::unique_ptr<ContentSecurityPolicyDirectiveList> ContentSecurityPolicyDirecti
     directives->parse(header, from);
 
     if (!checkEval(directives->operativeDirective(directives->m_scriptSrc.get()))) {
-        String message = makeString("Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"", directives->operativeDirective(directives->m_scriptSrc.get())->text(), "\".\n");
-        directives->setEvalDisabledErrorMessage(message);
+        String evalDisabledMessage = makeString("Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"", directives->operativeDirective(directives->m_scriptSrc.get())->text(), "\".\n");
+        directives->setEvalDisabledErrorMessage(evalDisabledMessage);
+        String webAssemblyDisabledMessage = makeString("Refused to create a WebAssembly object because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"", directives->operativeDirective(directives->m_scriptSrc.get())->text(), "\".\n");
+        directives->setWebAssemblyDisabledErrorMessage(webAssemblyDisabledMessage);
     }
 
     if (directives->isReportOnly() && directives->reportURIs().isEmpty())
index 3adb22fe846d034a3464471e41563876805416f1..70a24305534a2537fecd923d9ee54fe3d0346055 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -74,6 +74,7 @@ public:
     bool hasBlockAllMixedContentDirective() const { return m_hasBlockAllMixedContentDirective; }
 
     const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorMessage; }
+    const String& webAssemblyDisabledErrorMessage() const { return m_webAssemblyDisabledErrorMessage; }
     bool isReportOnly() const { return m_reportOnly; }
     const Vector<String>& reportURIs() const { return m_reportURIs; }
 
@@ -97,6 +98,7 @@ private:
     ContentSecurityPolicySourceListDirective* operativeDirective(ContentSecurityPolicySourceListDirective*) const;
 
     void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisabledErrorMessage = errorMessage; }
+    void setWebAssemblyDisabledErrorMessage(const String& errorMessage) { m_webAssemblyDisabledErrorMessage = errorMessage; }
 
     // FIXME: Make this a const reference once we teach applySandboxPolicy() to store its policy as opposed to applying it directly onto ContentSecurityPolicy.
     ContentSecurityPolicy& m_policy;
@@ -127,6 +129,7 @@ private:
     Vector<String> m_reportURIs;
     
     String m_evalDisabledErrorMessage;
+    String m_webAssemblyDisabledErrorMessage;
 };
 
 } // namespace WebCore
index 663ca7e1b6dc94396d926cde80acd44e46fba444..f40929e1207ea675b343be9547ac1b48deb59c8b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2017 Apple Inc. All Rights Reserved.
  * Copyright (C) 2009, 2011 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -152,6 +152,11 @@ void WorkerGlobalScope::disableEval(const String& errorMessage)
     m_script->disableEval(errorMessage);
 }
 
+void WorkerGlobalScope::disableWebAssembly(const String& errorMessage)
+{
+    m_script->disableWebAssembly(errorMessage);
+}
+
 #if ENABLE(WEB_SOCKETS)
 
 SocketProvider* WorkerGlobalScope::socketProvider()
index 595bad30e1839f049857309ea71601bb1485aec1..b2f69e9d9e6de042e7c3fca1fb36afe6bb31b9e0 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -134,6 +134,7 @@ private:
     URL completeURL(const String&) const final;
     String userAgent(const URL&) const final;
     void disableEval(const String& errorMessage) final;
+    void disableWebAssembly(const String& errorMessage) final;
     EventTarget* errorEventTarget() final;
     WorkerEventQueue& eventQueue() const final;
     String resourceRequestIdentifier() const final { return m_identifier; }