Skip to content

Commit

Permalink
Handle untrusted validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@Brandon-T
Brandon-T committed Jan 8, 2025
1 parent d4aa01d commit 6f59fdb
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 17 deletions.
3 changes: 2 additions & 1 deletion chromium_src/ios/web/public/web_client.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
#include <WebKit/WebKit.h>

#include "ios/web/webui/mojo_facade.h"
#include "ios/web/public/web_state.h"

#define IsBrowserLockdownModeEnabled \
IsWebUIMessageAllowedForFrame(WKFrameInfo* frame, const GURL& origin, \
NSString** prompt, web::MojoFacade* facade); \
NSString** prompt, web::MojoFacade* facade, web::WebState* webState); \
virtual bool IsBrowserLockdownModeEnabled

#include "src/ios/web/public/web_client.h"
Expand Down
2 changes: 1 addition & 1 deletion chromium_src/ios/web/web_client.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

#define IsBrowserLockdownModeEnabled \
IsWebUIMessageAllowedForFrame(WKFrameInfo* frame, const GURL& origin, \
NSString** prompt, web::MojoFacade* facade) { \
NSString** prompt, web::MojoFacade* facade, web::WebState* webState) { \
return false; \
} \
bool WebClient::IsBrowserLockdownModeEnabled
Expand Down
2 changes: 1 addition & 1 deletion chromium_src/ios/web/web_state/ui/crw_wk_ui_handler.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

#define IsAppSpecificURL(URL) \
IsAppSpecificURL(URL) && web::GetWebClient()->IsWebUIMessageAllowedForFrame( \
frame, origin, &prompt, self.mojoFacade)
frame, origin, &prompt, self.mojoFacade, self.webStateImpl)

#include "src/ios/web/web_state/ui/crw_wk_ui_handler.mm"

Expand Down
20 changes: 19 additions & 1 deletion ios/browser/brave_web_client.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
#include <memory>
#include <string>
#include <vector>
#include <map>
#include "base/functional/callback_forward.h"

#include "ios/chrome/browser/web/model/chrome_web_client.h"

Expand Down Expand Up @@ -41,10 +43,26 @@ class BraveWebClient : public ChromeWebClient {
bool IsWebUIMessageAllowedForFrame(WKFrameInfo* frame,
const GURL& origin,
NSString** prompt,
web::MojoFacade* facade) override;
web::MojoFacade* facade, web::WebState* webState) override;

template<typename Interface>
void RegisterUntrustedInterface(base::RepeatingCallback<void(mojo::PendingReceiver<Interface>)>
callback) {
untrusted_bindings_.emplace(std::string(Interface::Name_), base::BindRepeating(&WrapCallback<Interface>, std::move(callback)));
}

private:
std::string user_agent_;
std::map<std::string, base::RepeatingCallback<void(mojo::GenericPendingReceiver*)>> untrusted_bindings_;

template <typename Interface>
static void WrapCallback(
base::RepeatingCallback<void(mojo::PendingReceiver<Interface>)>
callback,
mojo::GenericPendingReceiver* receiver) {
if (auto typed_receiver = receiver->As<Interface>())
callback.Run(std::move(typed_receiver));
}
};

#endif // BRAVE_IOS_BROWSER_BRAVE_WEB_CLIENT_H_
62 changes: 49 additions & 13 deletions ios/browser/brave_web_client.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@
#import "ios/web/public/navigation/browser_url_rewriter.h"
#include "url/gurl.h"

#include "ios/web/public/thread/web_thread.h"
#include "ios/web/webui/mojo_facade.h"
#include "base/strings/sys_string_conversions.h"
#include "base/json/json_reader.h"
#include "net/base/apple/url_conversions.h"

#if !defined(__has_feature) || !__has_feature(objc_arc)
#error "This file requires ARC support."
#endif
Expand Down Expand Up @@ -84,26 +90,56 @@ bool WillHandleBraveURLRedirect(GURL* url, web::BrowserState* browser_state) {
bool BraveWebClient::IsWebUIMessageAllowedForFrame(WKFrameInfo* frame,
const GURL& origin,
NSString** prompt,
web::MojoFacade* facade) {
/*DCHECK_CURRENTLY_ON(WebThread::UI);
web::MojoFacade* facade,
web::WebState* webState) {
DCHECK_CURRENTLY_ON(web::WebThread::UI);
CHECK(prompt && *prompt);

MessageNameAndArguments name_and_args =
GetMessageNameAndArguments(base::SysNSStringToUTF8(*prompt));
auto GetMessageNameAndArguments = [](
const std::string& mojo_message_as_json) -> std::pair<std::string, base::Value::Dict> {
auto value_with_error = base::JSONReader::ReadAndReturnValueWithError(
mojo_message_as_json, base::JSON_PARSE_RFC);
CHECK(value_with_error.has_value());
CHECK(value_with_error->is_dict());

if (name_and_args.name == "Mojo.bindInterface") {
const base::Value::Dict& args name_and_args.args;
base::Value::Dict& dict = value_with_error->GetDict();
const std::string* name = dict.FindString("name");
CHECK(name);

const std::string* interface_name = args.FindString("interfaceName");
CHECK(interface_name);
base::Value::Dict* args = dict.FindDict("args");
CHECK(args);

// VALIDATE interface_name
return {*name, std::move(*args)};
};

}*/
auto name_and_args =
GetMessageNameAndArguments(base::SysNSStringToUTF8(*prompt));

// Must return an invalid message name
// *prompt = @"{\"name\":\"Mojo.invalidInterface\", args:{}}";
// If the scheme is untrusted
if (name_and_args.first == "Mojo.bindInterface" &&
origin.scheme() == "chrome-untrusted") {
const base::Value::Dict& args = name_and_args.second;

const std::string* interface_name = args.FindString("interfaceName");
CHECK(interface_name);

// Get the request and validate that a chrome-untrusted:// can't access chrome://
GURL request_url = net::GURLWithNSURL(frame.request.URL);
if (request_url.scheme() == "chrome") {
*prompt = @"{\"name\":\"Mojo.invalidRequest\",\"args\":{}}";
return true;
}

// Check if the requested interface is registered
if (auto it = untrusted_bindings_.find(*interface_name); it != untrusted_bindings_.end()) {
webState->GetInterfaceBinderForMainFrame()->AddInterface(it->first, it->second);
return true;
}

NSLog(@"INTERFACE NOT FOUND!\n");
*prompt = @"{\"name\":\"Mojo.invalidInterface\",\"args\":{}}";
return true;
}

NSLog(@"PROMPT RECEIVED: %@", *prompt);
return true;
}

0 comments on commit 6f59fdb

Please sign in to comment.