Adding upstream version 86.0.1.upstream/86.0.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 49 insertions, 0 deletions

diff --git a/devtools/server/tests/xpcshell/test_safe-getter.js b/devtools/server/tests/xpcshell/test_safe-getter.js
new file mode 100644
index 0000000000..32aad6f9b8
--- /dev/null
+++ b/devtools/server/tests/xpcshell/test_safe-getter.js
@@ -0,0 +1,49 @@
+/* eslint-disable strict */
+function run_test() {
+  Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+  });
+  const { addDebuggerToGlobal } = ChromeUtils.import(
+    "resource://gre/modules/jsdebugger.jsm"
+  );
+  addDebuggerToGlobal(this);
+  const g = testGlobal("test");
+  const dbg = new Debugger();
+  const gw = dbg.addDebuggee(g);
+
+  g.eval(`
+    // This is not a CCW.
+    Object.defineProperty(this, "bar", {
+      get: function() { return "bar"; },
+      configurable: true,
+      enumerable: true
+    });
+
+    Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+
+    // This is a CCW.
+    XPCOMUtils.defineLazyGetter(this, "foo", function() { return "foo"; });
+  `);
+
+  // Neither scripted getter should be considered safe.
+  assert(!DevToolsUtils.hasSafeGetter(gw.getOwnPropertyDescriptor("bar")));
+  assert(!DevToolsUtils.hasSafeGetter(gw.getOwnPropertyDescriptor("foo")));
+
+  // Create an object in a less privileged sandbox.
+  const obj = gw.makeDebuggeeValue(
+    Cu.waiveXrays(
+      Cu.Sandbox(null).eval(`
+    Object.defineProperty({}, "bar", {
+      get: function() { return "bar"; },
+      configurable: true,
+      enumerable: true
+    });
+  `)
+    )
+  );
+
+  // After waiving Xrays, the object has 2 wrappers. Both must be removed
+  // in order to detect that the getter is not safe.
+  assert(!DevToolsUtils.hasSafeGetter(obj.getOwnPropertyDescriptor("bar")));
+}