LCOV - code coverage report
Current view: directory - js/src - jswrapper.h (source / functions) Found Hit Coverage
Test: app.info Lines: 4 3 75.0 %
Date: 2012-04-07 Functions: 6 2 33.3 %

       1                 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
       2                 :  * vim: set ts=4 sw=4 et tw=99:
       3                 :  *
       4                 :  * ***** BEGIN LICENSE BLOCK *****
       5                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       6                 :  *
       7                 :  * The contents of this file are subject to the Mozilla Public License Version
       8                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       9                 :  * the License. You may obtain a copy of the License at
      10                 :  * http://www.mozilla.org/MPL/
      11                 :  *
      12                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      13                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      14                 :  * for the specific language governing rights and limitations under the
      15                 :  * License.
      16                 :  *
      17                 :  * The Original Code is Mozilla SpiderMonkey JavaScript 1.9 code, released
      18                 :  * May 28, 2008.
      19                 :  *
      20                 :  * The Initial Developer of the Original Code is
      21                 :  *   Mozilla Foundation
      22                 :  * Portions created by the Initial Developer are Copyright (C) 2010
      23                 :  * the Initial Developer. All Rights Reserved.
      24                 :  *
      25                 :  * Contributor(s):
      26                 :  *   Andreas Gal <gal@mozilla.com>
      27                 :  *
      28                 :  * Alternatively, the contents of this file may be used under the terms of
      29                 :  * either of the GNU General Public License Version 2 or later (the "GPL"),
      30                 :  * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      31                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      32                 :  * of those above. If you wish to allow use of your version of this file only
      33                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      34                 :  * use your version of this file under the terms of the MPL, indicate your
      35                 :  * decision by deleting the provisions above and replace them with the notice
      36                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      37                 :  * the provisions above, a recipient may use your version of this file under
      38                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      39                 :  *
      40                 :  * ***** END LICENSE BLOCK ***** */
      41                 : 
      42                 : #ifndef jswrapper_h___
      43                 : #define jswrapper_h___
      44                 : 
      45                 : #include "mozilla/Attributes.h"
      46                 : 
      47                 : #include "jsapi.h"
      48                 : #include "jsproxy.h"
      49                 : 
      50                 : namespace js {
      51                 : 
      52                 : class DummyFrameGuard;
      53                 : 
      54                 : /* No-op wrapper handler base class. */
      55                 : class JS_FRIEND_API(Wrapper) : public ProxyHandler
      56                 : {
      57                 :     unsigned mFlags;
      58                 :   public:
      59          174342 :     unsigned flags() const { return mFlags; }
      60                 : 
      61                 :     explicit Wrapper(unsigned flags);
      62                 : 
      63                 :     typedef enum { PermitObjectAccess, PermitPropertyAccess, DenyAccess } Permission;
      64                 : 
      65                 :     virtual ~Wrapper();
      66                 : 
      67                 :     /* ES5 Harmony fundamental wrapper traps. */
      68                 :     virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
      69                 :                                        PropertyDescriptor *desc) MOZ_OVERRIDE;
      70                 :     virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
      71                 :                                           PropertyDescriptor *desc) MOZ_OVERRIDE;
      72                 :     virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
      73                 :                                 PropertyDescriptor *desc) MOZ_OVERRIDE;
      74                 :     virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
      75                 :     virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
      76                 :     virtual bool enumerate(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
      77                 :     virtual bool fix(JSContext *cx, JSObject *wrapper, Value *vp) MOZ_OVERRIDE;
      78                 : 
      79                 :     /* ES5 Harmony derived wrapper traps. */
      80                 :     virtual bool has(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
      81                 :     virtual bool hasOwn(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
      82                 :     virtual bool get(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, Value *vp) MOZ_OVERRIDE;
      83                 :     virtual bool set(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, bool strict,
      84                 :                      Value *vp) MOZ_OVERRIDE;
      85                 :     virtual bool keys(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
      86                 :     virtual bool iterate(JSContext *cx, JSObject *wrapper, unsigned flags, Value *vp) MOZ_OVERRIDE;
      87                 : 
      88                 :     /* Spidermonkey extensions. */
      89                 :     virtual bool call(JSContext *cx, JSObject *wrapper, unsigned argc, Value *vp) MOZ_OVERRIDE;
      90                 :     virtual bool construct(JSContext *cx, JSObject *wrapper, unsigned argc, Value *argv, Value *rval) MOZ_OVERRIDE;
      91                 :     virtual bool nativeCall(JSContext *cx, JSObject *wrapper, Class *clasp, Native native, CallArgs args) MOZ_OVERRIDE;
      92                 :     virtual bool hasInstance(JSContext *cx, JSObject *wrapper, const Value *vp, bool *bp) MOZ_OVERRIDE;
      93                 :     virtual JSType typeOf(JSContext *cx, JSObject *proxy) MOZ_OVERRIDE;
      94                 :     virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx) MOZ_OVERRIDE;
      95                 :     virtual JSString *obj_toString(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
      96                 :     virtual JSString *fun_toString(JSContext *cx, JSObject *wrapper, unsigned indent) MOZ_OVERRIDE;
      97                 :     virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g) MOZ_OVERRIDE;
      98                 :     virtual bool defaultValue(JSContext *cx, JSObject *wrapper, JSType hint, Value *vp) MOZ_OVERRIDE;
      99                 :     virtual bool iteratorNext(JSContext *cx, JSObject *wrapper, Value *vp) MOZ_OVERRIDE;
     100                 : 
     101                 :     virtual void trace(JSTracer *trc, JSObject *wrapper) MOZ_OVERRIDE;
     102                 : 
     103                 :     /* Policy enforcement traps.
     104                 :      *
     105                 :      * enter() allows the policy to specify whether the caller may perform |act|
     106                 :      * on the underlying object's |id| property. In the case when |act| is CALL,
     107                 :      * |id| is generally JSID_VOID.
     108                 :      *
     109                 :      * leave() allows the policy to undo various scoped state changes taken in
     110                 :      * enter(). If enter() succeeds, leave() must be called upon completion of
     111                 :      * the approved action.
     112                 :      *
     113                 :      * The |act| parameter to enter() specifies the action being performed. GET,
     114                 :      * SET, and CALL are self-explanatory, but PUNCTURE requires more explanation:
     115                 :      *
     116                 :      * GET and SET allow for a very fine-grained security membrane, through
     117                 :      * which access can be granted or denied on a per-property, per-object, and
     118                 :      * per-action basis. Sometimes though, we just want to asks if we can access
     119                 :      * _everything_ behind the wrapper barrier. For example, when the structured
     120                 :      * clone algorithm runs up against a cross-compartment wrapper, it needs to
     121                 :      * know whether it can enter the compartment and keep cloning, or whether it
     122                 :      * should throw. This is the role of PUNCTURE.
     123                 :      *
     124                 :      * PUNCTURE allows the policy to specify whether the wrapper barrier may
     125                 :      * be lifted - that is to say, whether the caller is allowed to access
     126                 :      * anything that the wrapped object could access. This is a very powerful
     127                 :      * permission, and thus should generally be denied for security wrappers
     128                 :      * except under very special circumstances. When |act| is PUNCTURE, |id|
     129                 :      * should be JSID_VOID.
     130                 :      * */
     131                 :     enum Action { GET, SET, CALL, PUNCTURE };
     132                 :     virtual bool enter(JSContext *cx, JSObject *wrapper, jsid id, Action act, bool *bp);
     133                 :     virtual void leave(JSContext *cx, JSObject *wrapper);
     134                 : 
     135                 :     static Wrapper singleton;
     136                 : 
     137                 :     static JSObject *New(JSContext *cx, JSObject *obj, JSObject *proto, JSObject *parent,
     138                 :                          Wrapper *handler);
     139                 : 
     140                 :     static JSObject *wrappedObject(const JSObject *wrapper);
     141                 :     static Wrapper *wrapperHandler(const JSObject *wrapper);
     142                 : 
     143                 :     enum {
     144                 :         CROSS_COMPARTMENT = 1 << 0,
     145                 :         LAST_USED_FLAG = CROSS_COMPARTMENT
     146                 :     };
     147                 : 
     148                 :     static void *getWrapperFamily();
     149                 : };
     150                 : 
     151                 : /* Base class for all cross compartment wrapper handlers. */
     152                 : class JS_FRIEND_API(CrossCompartmentWrapper) : public Wrapper
     153                 : {
     154                 :   public:
     155                 :     CrossCompartmentWrapper(unsigned flags);
     156                 : 
     157                 :     virtual ~CrossCompartmentWrapper();
     158                 : 
     159                 :     /* ES5 Harmony fundamental wrapper traps. */
     160                 :     virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
     161                 :                                        PropertyDescriptor *desc) MOZ_OVERRIDE;
     162                 :     virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
     163                 :                                           PropertyDescriptor *desc) MOZ_OVERRIDE;
     164                 :     virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
     165                 :                                 PropertyDescriptor *desc) MOZ_OVERRIDE;
     166                 :     virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
     167                 :     virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
     168                 :     virtual bool enumerate(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
     169                 : 
     170                 :     /* ES5 Harmony derived wrapper traps. */
     171                 :     virtual bool has(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
     172                 :     virtual bool hasOwn(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
     173                 :     virtual bool get(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, Value *vp) MOZ_OVERRIDE;
     174                 :     virtual bool set(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, bool strict,
     175                 :                      Value *vp) MOZ_OVERRIDE;
     176                 :     virtual bool keys(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
     177                 :     virtual bool iterate(JSContext *cx, JSObject *wrapper, unsigned flags, Value *vp) MOZ_OVERRIDE;
     178                 : 
     179                 :     /* Spidermonkey extensions. */
     180                 :     virtual bool call(JSContext *cx, JSObject *wrapper, unsigned argc, Value *vp) MOZ_OVERRIDE;
     181                 :     virtual bool construct(JSContext *cx, JSObject *wrapper, unsigned argc, Value *argv, Value *rval) MOZ_OVERRIDE;
     182                 :     virtual bool nativeCall(JSContext *cx, JSObject *wrapper, Class *clasp, Native native, CallArgs args) MOZ_OVERRIDE;
     183                 :     virtual bool hasInstance(JSContext *cx, JSObject *wrapper, const Value *vp, bool *bp) MOZ_OVERRIDE;
     184                 :     virtual JSString *obj_toString(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
     185                 :     virtual JSString *fun_toString(JSContext *cx, JSObject *wrapper, unsigned indent) MOZ_OVERRIDE;
     186                 :     virtual bool defaultValue(JSContext *cx, JSObject *wrapper, JSType hint, Value *vp) MOZ_OVERRIDE;
     187                 :     virtual bool iteratorNext(JSContext *cx, JSObject *wrapper, Value *vp);
     188                 : 
     189                 :     virtual void trace(JSTracer *trc, JSObject *wrapper) MOZ_OVERRIDE;
     190                 : 
     191                 :     static CrossCompartmentWrapper singleton;
     192                 : };
     193                 : 
     194                 : /*
     195                 :  * Base class for security wrappers. A security wrapper is potentially hiding
     196                 :  * all or part of some wrapped object thus SecurityWrapper defaults to denying
     197                 :  * access to the wrappee. This is the opposite of Wrapper which tries to be
     198                 :  * completely transparent.
     199                 :  *
     200                 :  * NB: Currently, only a few ProxyHandler operations are overridden to deny
     201                 :  * access, relying on derived SecurityWrapper to block access when necessary.
     202                 :  */
     203                 : template <class Base>
     204                 : class JS_FRIEND_API(SecurityWrapper) : public Base
     205               0 : {
     206                 :   public:
     207                 :     SecurityWrapper(unsigned flags);
     208                 : 
     209                 :     virtual bool nativeCall(JSContext *cx, JSObject *wrapper, Class *clasp, Native native, CallArgs args) MOZ_OVERRIDE;
     210                 :     virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx) MOZ_OVERRIDE;
     211                 :     virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g) MOZ_OVERRIDE;
     212                 : };
     213                 : 
     214                 : typedef SecurityWrapper<Wrapper> SameCompartmentSecurityWrapper;
     215                 : typedef SecurityWrapper<CrossCompartmentWrapper> CrossCompartmentSecurityWrapper;
     216                 : 
     217                 : /*
     218                 :  * A hacky class that lets a friend force a fake frame. We must already be
     219                 :  * in the compartment of |target| when we enter the forced frame.
     220                 :  */
     221                 : class JS_FRIEND_API(ForceFrame)
     222                 : {
     223                 :   public:
     224                 :     JSContext * const context;
     225                 :     JSObject * const target;
     226                 :   private:
     227                 :     DummyFrameGuard *frame;
     228                 : 
     229                 :   public:
     230                 :     ForceFrame(JSContext *cx, JSObject *target);
     231                 :     ~ForceFrame();
     232                 :     bool enter();
     233                 : };
     234                 : 
     235                 : extern JSObject *
     236                 : TransparentObjectWrapper(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSObject *parent,
     237                 :                          unsigned flags);
     238                 : 
     239                 : // Proxy family for wrappers. Public so that IsWrapper() can be fully inlined by
     240                 : // jsfriendapi users.
     241                 : extern JS_FRIEND_DATA(int) sWrapperFamily;
     242                 : 
     243                 : inline bool
     244        59282117 : IsWrapper(const JSObject *obj)
     245                 : {
     246        59282117 :     return IsProxy(obj) && GetProxyHandler(obj)->family() == &sWrapperFamily;
     247                 : }
     248                 : 
     249                 : // Given a JSObject, returns that object stripped of wrappers. If
     250                 : // stopAtOuter is true, then this returns the outer window if it was
     251                 : // previously wrapped. Otherwise, this returns the first object for
     252                 : // which JSObject::isWrapper returns false.
     253                 : JS_FRIEND_API(JSObject *) UnwrapObject(JSObject *obj, bool stopAtOuter = true,
     254                 :                                        unsigned *flagsp = NULL);
     255                 : 
     256                 : // Given a JSObject, returns that object stripped of wrappers. At each stage,
     257                 : // the security wrapper has the opportunity to veto the unwrap. Since checked
     258                 : // code should never be unwrapping outer window wrappers, we always stop at
     259                 : // outer windows.
     260                 : JS_FRIEND_API(JSObject *) UnwrapObjectChecked(JSContext *cx, JSObject *obj);
     261                 : 
     262                 : bool IsCrossCompartmentWrapper(const JSObject *obj);
     263                 : 
     264                 : } /* namespace js */
     265                 : 
     266                 : #endif

Generated by: LCOV version 1.7