Bug 166624

Summary: SecurityOrigin::create triplet constructor does not canonicalize port
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebCore Misc.Assignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, commit-queue, dbates, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 166632    
Attachments:
Description Flags
Patch
none
Patch
dbates: review+
Patch
none
Patch none

Michael Catanzaro
Reported 2016-12-30 12:21:33 PST
WebCore::SecurityOrigin has four public create functions: WEBCORE_EXPORT static Ref<SecurityOrigin> create(const URL&); static Ref<SecurityOrigin> createUnique(); WEBCORE_EXPORT static Ref<SecurityOrigin> createFromString(const String&); WEBCORE_EXPORT static Ref<SecurityOrigin> create(const String& protocol, const String& host, std::optional<uint16_t> port); When a WebCore::SecurityOrigin is created using the first function, the port is canonicalized by unsetting it if it matches the default port for a protocol. That is handled by this code in the constructor: if (m_port && isDefaultPortForProtocol(m_port.value(), m_protocol)) m_port = std::nullopt; The second create function is not relevant to this bug. The third function, createFromString, converts a String to a URL and then uses this path. So, for example, the expression SecurityOrigin::createFromString("http://example.com:80").port() would return nullopt, as it would if the port was omitted from the URL string. This is correct as per RFC 6454 because http://example.com and http://example.com:80 have the same security origin. The issue lies with the fourth constructor. It does not perform this canonicalization, allowing two different nonequal SecurityOrigin objects to be created that represent the same security origin. That is, this constructor could be used to create a SecurityOrigin with protocol http, port 80, even though the other constructors would always canonicalize port 80 to nullopt. I noticed this when working on exposing WebKitSecurityOrigin in the GTK+ API. I'm performing the canonicalization at the GTK+ API level for now, but I think it makes sense to do it in WebCore instead. I wonder if changing this in WebCore would expose unexpected side effects.
Attachments
Patch (1.69 KB, patch)
2016-12-30 12:38 PST, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
Patch (7.93 KB, patch)
2016-12-30 19:40 PST, Michael Catanzaro 		dbates: review+
DetailsFormatted DiffDiff
Patch (11.50 KB, patch)
2016-12-31 13:05 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch (12.54 KB, patch)
2016-12-31 14:31 PST, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-12-30 12:28:49 PST
(In reply to comment #0) > The third function, createFromString, converts a String to a URL and then > uses this path. I meant: "and then uses the first create function"
Michael Catanzaro
Comment 2 2016-12-30 12:38:34 PST
Created attachment 297862 [details] Patch
Michael Catanzaro
Comment 3 2016-12-30 12:43:52 PST
Patch largely just to see whether it survives EWS. It does pass the GTK+ API tests I added in bug #163366 with my GTK-layer workaround removed from that patch, but it looks easy to add a cross-platform test so should probably do that....
Michael Catanzaro
Comment 4 2016-12-30 19:34:23 PST
EWS seems happy. Anyone know if this would be a bad idea? I wrote a little cross-platform test. It needs to be added to XCode build system. Shame to see that WebCore tests are listed separately for each port and so most are never built at all on most ports. :(
Michael Catanzaro
Comment 5 2016-12-30 19:40:11 PST
Created attachment 297868 [details] Patch
Daniel Bates
Comment 6 2016-12-30 21:38:08 PST
Comment on attachment 297868 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297868&action=review > Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:47 > + Ref<SecurityOrigin> o1 = SecurityOrigin::create("http", "example.com", std::optional<uint16_t>(80)); > + Ref<SecurityOrigin> o2 = SecurityOrigin::create("http", "example.com", std::optional<uint16_t>()); Can we use std::make_optional()?
Daniel Bates
Comment 7 2016-12-30 21:44:12 PST
(In reply to comment #4) > EWS seems happy. Anyone know if this would be a bad idea? > > I wrote a little cross-platform test. It needs to be added to XCode build > system. Yes, we need to add it. I do not have a clean working copy at the moment. I will look to do this tomorrow morning unless someone else beats me.
Michael Catanzaro
Comment 8 2016-12-31 09:15:30 PST
(In reply to comment #6) > Comment on attachment 297868 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=297868&action=review > > > Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:47 > > + Ref<SecurityOrigin> o1 = SecurityOrigin::create("http", "example.com", std::optional<uint16_t>(80)); > > + Ref<SecurityOrigin> o2 = SecurityOrigin::create("http", "example.com", std::optional<uint16_t>()); > > Can we use std::make_optional()? Yeah, but I don't know if there's any advantage to doing so. At least it's more typing: Ref<SecurityOrigin> o1 = SecurityOrigin::create("http", "example.com", std::make_optional<uint16_t>(80)); Ref<SecurityOrigin> o2 = SecurityOrigin::create("http", "example.com", std::optional<uint16_t>(std::nullopt)); I guess make_optional is more obviously useful when you don't need to explicitly specify the type, but here we do.
Michael Catanzaro
Comment 9 2016-12-31 09:17:03 PST
(In reply to comment #8) > Yeah, but I don't know if there's any advantage to doing so. At least it's > more typing: > > Ref<SecurityOrigin> o1 = SecurityOrigin::create("http", "example.com", > std::make_optional<uint16_t>(80)); > Ref<SecurityOrigin> o2 = SecurityOrigin::create("http", "example.com", > std::optional<uint16_t>(std::nullopt)); Um, I forgot to add the "make_" in the second call and didn't notice until I posted it on Bugzilla. I don't think there's a way to use make_optional to create an uninitialized optional, so I think only for the first one.
Daniel Bates
Comment 10 2016-12-31 13:05:16 PST
Created attachment 297870 [details] Patch Added file Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp to TestWebKitAPI Xcode project. Also substituted word "unequal" for "nonequal" (sic) in WebCore ChangeLog description so that it reads well.
Michael Catanzaro
Comment 11 2016-12-31 14:09:05 PST
Looks like we need to add WEBCORE_EXPORT to the declaration of isSameOriginAs.
Michael Catanzaro
Comment 12 2016-12-31 14:31:19 PST
Created attachment 297872 [details] Patch
Michael Catanzaro
Comment 13 2016-12-31 14:32:08 PST
(Also declared SetUp() as final instead of virtual.)
WebKit Commit Bot
Comment 14 2016-12-31 16:49:12 PST
Comment on attachment 297872 [details] Patch Clearing flags on attachment: 297872 Committed r210218: <http://trac.webkit.org/changeset/210218>
WebKit Commit Bot
Comment 15 2016-12-31 16:49:18 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.