Distinguish untrusted clients in v8 inspector and disable Profiler,...

Distinguish untrusted clients in v8 inspector and disable Profiler, HeapProfiler and Schema CDP domains for them.

Bug: chromium:1313437
Change-Id: I7544c64acb4bc368392ba5f6a87ed62176828304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616517Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80340}

include/v8-inspector.h

@@ -361,9 +361,18 @@ class V8_EXPORT V8Inspector {
     virtual void sendNotification(std::unique_ptr<StringBuffer> message) = 0;
     virtual void flushProtocolNotifications() = 0;
   };
+  V8_DEPRECATED("Use version with client_is_trusted argument")
   virtual std::unique_ptr<V8InspectorSession> connect(int contextGroupId,
-                                                      Channel*,
-                                                      StringView state) = 0;
+                                                      Channel* channel,
+                                                      StringView state) {
+    return connect(contextGroupId, channel, state, kFullyTrusted);
+  }
+  enum ClientTrustLevel { kUntrusted, kFullyTrusted };
+  virtual std::unique_ptr<V8InspectorSession> connect(
+      int contextGroupId, Channel*, StringView state,
+      ClientTrustLevel client_trust_level) {
+    return nullptr;
+  }
 
   // API methods.
   virtual std::unique_ptr<V8StackTrace> createStackTrace(

src/d8/d8.cc

@@ -3889,7 +3889,8 @@ class InspectorClient : public v8_inspector::V8InspectorClient {
     channel_.reset(new InspectorFrontend(context));
     inspector_ = v8_inspector::V8Inspector::create(isolate_, this);
     session_ =
-        inspector_->connect(1, channel_.get(), v8_inspector::StringView());
+        inspector_->connect(1, channel_.get(), v8_inspector::StringView(),
+                            v8_inspector::V8Inspector::kFullyTrusted);
     context->SetAlignedPointerInEmbedderData(kInspectorClientIndex, this);
     inspector_->contextCreated(v8_inspector::V8ContextInfo(
         context, kContextGroupId, v8_inspector::StringView()));

src/inspector/v8-inspector-impl.cc

@@ -146,11 +146,12 @@ std::unique_ptr<V8StackTrace> V8InspectorImpl::createStackTrace(
 }
 
 std::unique_ptr<V8InspectorSession> V8InspectorImpl::connect(
-    int contextGroupId, V8Inspector::Channel* channel, StringView state) {
+    int contextGroupId, V8Inspector::Channel* channel, StringView state,
+    ClientTrustLevel client_trust_level) {
   int sessionId = ++m_lastSessionId;
   std::unique_ptr<V8InspectorSessionImpl> session =
       V8InspectorSessionImpl::create(this, contextGroupId, sessionId, channel,
-                                     state);
+                                     state, client_trust_level);
   m_sessions[contextGroupId][sessionId] = session.get();
   return std::move(session);
 }

src/inspector/v8-inspector-impl.h

@@ -80,7 +80,8 @@ class V8InspectorImpl : public V8Inspector {
   // V8Inspector implementation.
   std::unique_ptr<V8InspectorSession> connect(int contextGroupId,
                                               V8Inspector::Channel*,
-                                              StringView state) override;
+                                              StringView state,
+                                              ClientTrustLevel) override;
   void contextCreated(const V8ContextInfo&) override;
   void contextDestroyed(v8::Local<v8::Context>) override;
   v8::MaybeLocal<v8::Context> contextById(int contextId) override;

src/inspector/v8-inspector-session-impl.cc

@@ -87,16 +87,16 @@ int V8ContextInfo::executionContextId(v8::Local<v8::Context> context) {
 
 std::unique_ptr<V8InspectorSessionImpl> V8InspectorSessionImpl::create(
     V8InspectorImpl* inspector, int contextGroupId, int sessionId,
-    V8Inspector::Channel* channel, StringView state) {
+    V8Inspector::Channel* channel, StringView state,
+    V8Inspector::ClientTrustLevel clientTrustLevel) {
   return std::unique_ptr<V8InspectorSessionImpl>(new V8InspectorSessionImpl(
-      inspector, contextGroupId, sessionId, channel, state));
+      inspector, contextGroupId, sessionId, channel, state, clientTrustLevel));
 }
 
-V8InspectorSessionImpl::V8InspectorSessionImpl(V8InspectorImpl* inspector,
-                                               int contextGroupId,
-                                               int sessionId,
-                                               V8Inspector::Channel* channel,
-                                               StringView savedState)
+V8InspectorSessionImpl::V8InspectorSessionImpl(
+    V8InspectorImpl* inspector, int contextGroupId, int sessionId,
+    V8Inspector::Channel* channel, StringView savedState,
+    V8Inspector::ClientTrustLevel clientTrustLevel)
     : m_contextGroupId(contextGroupId),
       m_sessionId(sessionId),
       m_inspector(inspector),
@@ -109,7 +109,8 @@ V8InspectorSessionImpl::V8InspectorSessionImpl(V8InspectorImpl* inspector,
       m_heapProfilerAgent(nullptr),
       m_profilerAgent(nullptr),
       m_consoleAgent(nullptr),
-      m_schemaAgent(nullptr) {
+      m_schemaAgent(nullptr),
+      m_clientTrustLevel(clientTrustLevel) {
   m_state->getBoolean("use_binary_protocol", &use_binary_protocol_);
 
   m_runtimeAgent.reset(new V8RuntimeAgentImpl(
@@ -120,28 +121,29 @@ V8InspectorSessionImpl::V8InspectorSessionImpl(V8InspectorImpl* inspector,
       this, this, agentState(protocol::Debugger::Metainfo::domainName)));
   protocol::Debugger::Dispatcher::wire(&m_dispatcher, m_debuggerAgent.get());
 
-  m_profilerAgent.reset(new V8ProfilerAgentImpl(
-      this, this, agentState(protocol::Profiler::Metainfo::domainName)));
-  protocol::Profiler::Dispatcher::wire(&m_dispatcher, m_profilerAgent.get());
-
-  m_heapProfilerAgent.reset(new V8HeapProfilerAgentImpl(
-      this, this, agentState(protocol::HeapProfiler::Metainfo::domainName)));
-  protocol::HeapProfiler::Dispatcher::wire(&m_dispatcher,
-                                           m_heapProfilerAgent.get());
-
   m_consoleAgent.reset(new V8ConsoleAgentImpl(
       this, this, agentState(protocol::Console::Metainfo::domainName)));
   protocol::Console::Dispatcher::wire(&m_dispatcher, m_consoleAgent.get());
 
-  m_schemaAgent.reset(new V8SchemaAgentImpl(
-      this, this, agentState(protocol::Schema::Metainfo::domainName)));
-  protocol::Schema::Dispatcher::wire(&m_dispatcher, m_schemaAgent.get());
+  if (m_clientTrustLevel == V8Inspector::kFullyTrusted) {
+    m_profilerAgent.reset(new V8ProfilerAgentImpl(
+        this, this, agentState(protocol::Profiler::Metainfo::domainName)));
+    protocol::Profiler::Dispatcher::wire(&m_dispatcher, m_profilerAgent.get());
 
+    m_heapProfilerAgent.reset(new V8HeapProfilerAgentImpl(
+        this, this, agentState(protocol::HeapProfiler::Metainfo::domainName)));
+    protocol::HeapProfiler::Dispatcher::wire(&m_dispatcher,
+                                             m_heapProfilerAgent.get());
+
+    m_schemaAgent.reset(new V8SchemaAgentImpl(
+        this, this, agentState(protocol::Schema::Metainfo::domainName)));
+    protocol::Schema::Dispatcher::wire(&m_dispatcher, m_schemaAgent.get());
+  }
   if (savedState.length()) {
     m_runtimeAgent->restore();
     m_debuggerAgent->restore();
-    m_heapProfilerAgent->restore();
-    m_profilerAgent->restore();
+    if (m_heapProfilerAgent) m_heapProfilerAgent->restore();
+    if (m_profilerAgent) m_profilerAgent->restore();
     m_consoleAgent->restore();
   }
 }
@@ -150,8 +152,8 @@ V8InspectorSessionImpl::~V8InspectorSessionImpl() {
   v8::Isolate::Scope scope(m_inspector->isolate());
   discardInjectedScripts();
   m_consoleAgent->disable();
-  m_profilerAgent->disable();
-  m_heapProfilerAgent->disable();
+  if (m_profilerAgent) m_profilerAgent->disable();
+  if (m_heapProfilerAgent) m_heapProfilerAgent->disable();
   m_debuggerAgent->disable();
   m_runtimeAgent->disable();
   m_inspector->disconnect(this);
@@ -499,7 +501,8 @@ V8InspectorSessionImpl::searchInTextByLines(StringView text, StringView query,
 
 void V8InspectorSessionImpl::triggerPreciseCoverageDeltaUpdate(
     StringView occasion) {
-  m_profilerAgent->triggerPreciseCoverageDeltaUpdate(toString16(occasion));
+  if (m_profilerAgent)
+    m_profilerAgent->triggerPreciseCoverageDeltaUpdate(toString16(occasion));
 }
 
 }  // namespace v8_inspector

src/inspector/v8-inspector-session-impl.h

@@ -32,11 +32,10 @@ using protocol::Response;
 class V8InspectorSessionImpl : public V8InspectorSession,
                                public protocol::FrontendChannel {
  public:
-  static std::unique_ptr<V8InspectorSessionImpl> create(V8InspectorImpl*,
-                                                        int contextGroupId,
-                                                        int sessionId,
-                                                        V8Inspector::Channel*,
-                                                        StringView state);
+  static std::unique_ptr<V8InspectorSessionImpl> create(
+      V8InspectorImpl*, int contextGroupId, int sessionId,
+      V8Inspector::Channel*, StringView state,
+      v8_inspector::V8Inspector::ClientTrustLevel);
   ~V8InspectorSessionImpl() override;
   V8InspectorSessionImpl(const V8InspectorSessionImpl&) = delete;
   V8InspectorSessionImpl& operator=(const V8InspectorSessionImpl&) = delete;
@@ -102,7 +101,8 @@ class V8InspectorSessionImpl : public V8InspectorSession,
 
  private:
   V8InspectorSessionImpl(V8InspectorImpl*, int contextGroupId, int sessionId,
-                         V8Inspector::Channel*, StringView state);
+                         V8Inspector::Channel*, StringView state,
+                         V8Inspector::ClientTrustLevel);
   protocol::DictionaryValue* agentState(const String16& name);
 
   // protocol::FrontendChannel implementation.
@@ -134,6 +134,7 @@ class V8InspectorSessionImpl : public V8InspectorSession,
   std::vector<std::unique_ptr<V8InspectorSession::Inspectable>>
       m_inspectedObjects;
   bool use_binary_protocol_ = false;
+  V8Inspector::ClientTrustLevel m_clientTrustLevel = V8Inspector::kUntrusted;
 };
 
 }  // namespace v8_inspector

test/cctest/test-inspector.cc

@@ -56,8 +56,8 @@ TEST(WrapInsideWrapOnInterrupt) {
   NoopChannel channel;
   const char* state = "{}";
   StringView state_view(reinterpret_cast<const uint8_t*>(state), strlen(state));
-  std::unique_ptr<V8InspectorSession> session =
-      inspector->connect(1, &channel, state_view);
+  std::unique_ptr<V8InspectorSession> session = inspector->connect(
+      1, &channel, state_view, v8_inspector::V8Inspector::kFullyTrusted);
 
   const char* object_group = "";
   StringView object_group_view(reinterpret_cast<const uint8_t*>(object_group),

test/inspector/isolate-data.cc

@@ -163,7 +163,9 @@ int InspectorIsolateData::ConnectSession(
     v8_inspector::V8Inspector::Channel* channel) {
   v8::SealHandleScope seal_handle_scope(isolate());
   int session_id = ++last_session_id_;
-  sessions_[session_id] = inspector_->connect(context_group_id, channel, state);
+  sessions_[session_id] =
+      inspector_->connect(context_group_id, channel, state,
+                          v8_inspector::V8Inspector::kFullyTrusted);
   context_group_by_session_[sessions_[session_id].get()] = context_group_id;
   return session_id;
 }