Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XRayWrapper error caused by mozRTCPeerConnection instrumentation #47

Closed
englehardt opened this issue Dec 31, 2015 · 1 comment
Closed

XRayWrapper error caused by mozRTCPeerConnection instrumentation #47

englehardt opened this issue Dec 31, 2015 · 1 comment
Labels
bug

Comments

@englehardt
Copy link
Collaborator

Instrumenting mozRTCPeerConnection.prototype causes the following error:

XrayWrapper denied access to property 0 (reason: value is callable). See https://developer.mozilla.org/en-US/docs/Xray_vision for more information. Note that only the first denied property access from a given global object will be reported.

on line 282 of content.js, which is the return statement of logFunction:

function logFunction(object, objectName, method) {
  var originalMethod = object[method];
  object[method] = function () {
    var scriptUrl = getOriginatingScriptUrl();
    logCall(objectName + '.' + method, arguments, scriptUrl);
    return originalMethod.apply(this, arguments);
  };
}

The error is triggered by line 28-30 of the test page. Specifically, the code block:

connection.createOffer(function(a) {
    connection.setLocalDescription(a)
}, function(err) {})

This only occurs when mozRTCPeerConnection.createOffer is instrumented. It seems that the Xray Vision wrapper blocks the call to apply when a page script defined function is included as an argument.

A security boundary exists between our content script (content.js) and the page script (included in webrtc_localip.html). To waive Xray Vision, we set window = unsafeWindow at the start of the content script, which is enough for editing the properties of built-in objects. This is confirmed by the Xray Vision documentation.

In Add-on SDK content scripts and GreaseMonkey user scripts, you can use the global unsafeWindow...

However, it seems that since we save the method in a function variable (i.e. var originalMethod = object[method]; from logFunction) it is saved in the elevated context. Thus when we try to call apply to it later from the page script we receive a security error. To fix this, we'll need to hook originalMethod to something in the page script's context.
@englehardt englehardt added the bug label Dec 31, 2015
@englehardt
Copy link
Collaborator Author

We were unable to fix this through the use of xray waivers. We were ultimately unable to work around the fact that originalMethod.apply(this, arguments) was operating on this object that didn't have XrayVision waived with functional arguments defined in the page script scope (which causes the: XrayWrapper denied access to property 0 (reason: value is callable). error).

Instead, we decided to inject the necessary instrumentation code into the page script, and only have the message passing functions in the content script.

Closed in c9e1ed8

motin pushed a commit to motin/OpenWPM that referenced this issue Jun 25, 2019
@englehardt
Merge pull request openwpm#47 from eriktews/mozilla-raw-post
ae4e9c0 
Handle raw HTTP POST data as well
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@englehardt