Bug 1205095 - Unwrap getters in DevToolsUtils.hasSafeGetter. (r=fitzgen)
authorShu-yu Guo <shu@rfrn.org>
Wed, 16 Sep 2015 17:58:09 -0700
changeset 295544 eec5dceb90b18eb7714d1b5c65d6518c6ce8efc2
parent 295543 2662a1ad4cad84a6209c8116ad714d6a0c1bb302
child 295545 42e8d6b514a91adf9e9b7ea31a78e6374e0b3432
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfitzgen
bugs1205095
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1205095 - Unwrap getters in DevToolsUtils.hasSafeGetter. (r=fitzgen)
toolkit/devtools/DevToolsUtils.js
toolkit/devtools/server/tests/unit/test_safe-getter.js
toolkit/devtools/server/tests/unit/xpcshell.ini
--- a/toolkit/devtools/DevToolsUtils.js
+++ b/toolkit/devtools/DevToolsUtils.js
@@ -305,17 +305,19 @@ exports.getProperty = function getProper
  * Determines if a descriptor has a getter which doesn't call into JavaScript.
  *
  * @param Object aDesc
  *        The descriptor to check for a safe getter.
  * @return Boolean
  *         Whether a safe getter was found.
  */
 exports.hasSafeGetter = function hasSafeGetter(aDesc) {
-  let fn = aDesc.get;
+  // Scripted functions that are CCWs will not appear scripted until after
+  // unwrapping.
+  let fn = aDesc.get.unwrap();
   return fn && fn.callable && fn.class == "Function" && fn.script === undefined;
 };
 
 /**
  * Check if it is safe to read properties and execute methods from the given JS
  * object. Safety is defined as being protected from unintended code execution
  * from content scripts (or cross-compartment code).
  *
new file mode 100644
--- /dev/null
+++ b/toolkit/devtools/server/tests/unit/test_safe-getter.js
@@ -0,0 +1,25 @@
+function run_test() {
+  Components.utils.import("resource://gre/modules/jsdebugger.jsm");
+  addDebuggerToGlobal(this);
+  var g = testGlobal("test");
+  var dbg = new Debugger();
+  var gw = dbg.addDebuggee(g);
+
+  g.eval(`
+    // This is not a CCW.
+    Object.defineProperty(this, "bar", {
+      get: function() { return "bar"; },
+      configurable: true,
+      enumerable: true
+    });
+
+    Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
+    // This is a CCW.
+    XPCOMUtils.defineLazyGetter(this, "foo", function() { return "foo"; });
+  `);
+
+  // Neither scripted getter should be considered safe.
+  assert(!DevToolsUtils.hasSafeGetter(gw.getOwnPropertyDescriptor("bar")));
+  assert(!DevToolsUtils.hasSafeGetter(gw.getOwnPropertyDescriptor("foo")));
+}
--- a/toolkit/devtools/server/tests/unit/xpcshell.ini
+++ b/toolkit/devtools/server/tests/unit/xpcshell.ini
@@ -260,8 +260,9 @@ reason = bug 1014071
 [test_setBreakpoint-on-column-with-no-offsets-in-gcd-script.js]
 [test_setBreakpoint-on-line.js]
 [test_setBreakpoint-on-line-in-gcd-script.js]
 [test_setBreakpoint-on-line-with-multiple-offsets.js]
 [test_setBreakpoint-on-line-with-multiple-statements.js]
 [test_setBreakpoint-on-line-with-no-offsets.js]
 [test_setBreakpoint-on-line-with-no-offsets-at-end-of-script.js]
 [test_setBreakpoint-on-line-with-no-offsets-in-gcd-script.js]
+[test_safe-getter.js]