ur... I still can not get it. In the following modification, I changed
object x by scripts.
*Modification Three:*
TEST(EvalInAccessCheckedContext) {
v8::Isolate* isolate = CcTest::isolate();
v8::HandleScope scope(isolate);
v8::Local<v8::ObjectTemplate> obj_template =
v8::ObjectTemplate::New(isolate);
//obj_template->SetAccessCheckCallback(AccessAlwaysAllowed);
v8::Local<Context> context0 = Context::New(isolate, NULL, obj_template);
v8::Local<Context> context1 = Context::New(isolate, NULL, obj_template);
Local<Value> foo = v8_str("foo");
Local<Value> bar = v8_str("bar");
// Set to different domains.
context0->SetSecurityToken(foo);
context1->SetSecurityToken(bar);
// Set up function in context0 that uses eval from context0.
context0->Enter();
v8::Local<v8::Value> fun = CompileRun(
"var x = {a:42};"
"(function() {"
" var e = eval;"
" return function(s) { return x; }"
"})()");
context0->Exit();
// Put the function into context1 and call it. Since the access check
// callback always returns true, the call succeeds even though the tokens
// are different.
context1->Enter();
context1->Global()->Set(context1, v8_str("fun"), fun).FromJust();
v8::Local<v8::Value> x_value = CompileRun("var c = fun('x'); c.a = 43;
c.b = 45;"); //change x object by scripts
CHECK_EQ(45, x_value->Int32Value(context1).FromJust());
context1->Exit();
context0->Enter();
x_value = CompileRun("x.a");
CHECK_EQ(43, x_value->Int32Value(context0).FromJust()); // change is
allowed
x_value = CompileRun("x.b");
CHECK_EQ(45, x_value->Int32Value(context0).FromJust()); // change is
allowed
context0->Exit();
}
*Modification Four :*
TEST(EvalInAccessCheckedContext) {
v8::Isolate* isolate = CcTest::isolate();
v8::HandleScope scope(isolate);
v8::Local<v8::ObjectTemplate> obj_template =
v8::ObjectTemplate::New(isolate);
//obj_template->SetAccessCheckCallback(AccessAlwaysAllowed);
v8::Local<Context> context0 = Context::New(isolate, NULL, obj_template);
v8::Local<Context> context1 = Context::New(isolate, NULL, obj_template);
Local<Value> foo = v8_str("foo");
Local<Value> bar = v8_str("bar");
// Set to different domains.
context0->SetSecurityToken(foo);
context1->SetSecurityToken(bar);
// Set up function in context0 that uses eval from context0.
context0->Enter();
v8::Local<v8::Value> fun = CompileRun(
"var x = 42;"
"var y = function() {return x;};" // y is a function which is set up
in context0.
"(function() {"
//" var e = eval;" // this line will fail test
" var e = y;" // this line will pass test
" return function(s) { return e(s); }"
"})()");
context0->Exit();
// Put the function into context1 and call it. Since the access check
// callback always returns true, the call succeeds even though the tokens
// are different.
context1->Enter();
context1->Global()->Set(context1, v8_str("fun"), fun).FromJust();
v8::Local<v8::Value> x_value = CompileRun("fun('x');");
CHECK_EQ(42, x_value->Int32Value(context1).FromJust());
context1->Exit();
}
I also find another test case. In the test case, all operations are write
by c++ code, and SetSecurityToken can control access.
*Another test case: *
THREADED_TEST(MultiContexts) {
v8::Isolate* isolate = CcTest::isolate();
v8::HandleScope scope(isolate);
v8::Local<ObjectTemplate> templ = ObjectTemplate::New(isolate);
templ->Set(v8_str("dummy"),
v8::FunctionTemplate::New(isolate, DummyCallHandler));
Local<String> password = v8_str("Password");
Local<String> password2 = v8_str("Password2"); // another token
// Create an environment
LocalContext context0(0, templ);
context0->SetSecurityToken(password);
v8::Local<v8::Object> global0 = context0->Global();
CHECK(global0->Set(context0.local(), v8_str("custom"), v8_num(1234))
.FromJust());
CHECK_EQ(1234, global0->Get(context0.local(), v8_str("custom"))
.ToLocalChecked()
->Int32Value(context0.local())
.FromJust());
// Create an independent environment
LocalContext context1(0, templ);
context1->SetSecurityToken(password2);// set another token
v8::Local<v8::Object> global1 = context1->Global();
CHECK(global1->Set(context1.local(), v8_str("custom"), v8_num(1234))
.FromJust());
CHECK(!global0->Equals(context1.local(), global1).FromJust());
CHECK_EQ(1234, global0->Get(context1.local(), v8_str("custom")) // this
line will fail if tokens are not matched
.ToLocalChecked()
->Int32Value(context0.local())
.FromJust());
//skip some codes below
...
}
在 2018年5月30日星期三 UTC+8下午6:51:34,Ben Noordhuis写道:
>
> On Wed, May 30, 2018 at 12:41 PM, <fengx...@gmail.com <javascript:>>
> wrote:
> > thanks. But in Modification Two, I changed object x 's property a in a
> > different context successfully. is this fulfilled "Access checks are
> invoked
> > when trying to access objects" condition?
>
> Access checks are for sandboxing untrusted JS code, they don't apply
> to C++ code.
>
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
