fix: bypass DOM storage quota (#15596)

2018-11-12 11:19:01 -06:00 · 2018-11-12 11:19:01 -06:00 · b21dbdb20d
commit b21dbdb20d
parent c9d0960f47
4 changed files with 113 additions and 24 deletions
--- a/patches/common/chromium/.patches
+++ b/patches/common/chromium/.patches
@ -11,7 +11,7 @@ browser_plugin_wheel.patch
 can_create_window.patch
 compositor_delegate.patch
 disable_hidden.patch
-dom_storage_map.patch
+dom_storage_limits.patch
 frame_host_manager.patch
 net_url_request_job.patch
 no_stack_dumping.patch
--- a/patches/common/chromium/dom_storage_limits.patch
+++ b/patches/common/chromium/dom_storage_limits.patch
@ -0,0 +1,98 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Jacob Quant <jacobq@gmail.com>
 Date: Tue, 6 Nov 2018 15:26:00 -0600
 Subject: dom_storage_limits.patch
 This patch circumvents the restriction on DOM storage objects,
 namely `localStorage` and `sessionStorage`, which chromium otherwise
 limits to approximately 10MiB.
 That restriction originates from a recommendation
 [in the Web Storage API specification](https://html.spec.whatwg.org/multipage/webstorage.html#disk-space-2)
 that is motivated by the concern that hostile code could abuse this
 feature to exhaust available storage capacity.
 However, in the case of  Electron, where the application developers
 have control over all of the code being executed,
 this safety precaution becomes a hindrance that does not add much value.
 For example, if a malicious developer wanted to consume disk space
 on a victim's machine they could do so via Node's native file system API.
 By disabling this restriction or increasing the quota,
 electron application developers can use `localStorage`
 as their application's "back end", without being having
 to limit the amount of data stored to 10MiB.
 There may still be some benefit to keeping this restriction for applications that load remote content.
 Although all remote data should be from a trusted source and transferred using
 a secure channel, it is nevertheless advisable to include additional layers of protection
 to mitigate risks associated with potential compromise of those other technologies.
 With that in mind, an acceptable alternative to disabling the limit at compile-time
 (as this patch currently does) would be to instead allow it to be disabled at run-time
 for a given `BrowserWindow` via a `webPreferences` option,
 similar to [`nodeIntegration`](https://electronjs.org/docs/tutorial/security#2-disable-nodejs-integration-for-remote-content).
 diff --git a/content/common/dom_storage/dom_storage_map.cc b/content/common/dom_storage/dom_storage_map.cc
 index fd088fb170be..b90b6cf9132d 100644
 --- a/content/common/dom_storage/dom_storage_map.cc
 +++ b/content/common/dom_storage/dom_storage_map.cc
@@ -185,10 +185,12 @@ bool DOMStorageMap::SetItemInternal(MapType* map_type,
   size_t new_item_size = size_in_storage(key, value);
   size_t new_storage_used = storage_used_ - old_item_size + new_item_size;
 +#if 0
   // Only check quota if the size is increasing, this allows
   // shrinking changes to pre-existing files that are over budget.
   if (new_item_size > old_item_size && new_storage_used > quota_)
     return false;
 +#endif
   (*map_type)[key] = value;
   ResetKeyIterator();
 diff --git a/content/common/dom_storage/dom_storage_types.h b/content/common/dom_storage/dom_storage_types.h
 index e87afe5b8ee0..61c9a0dfff60 100644
 --- a/content/common/dom_storage/dom_storage_types.h
 +++ b/content/common/dom_storage/dom_storage_types.h
@@ -21,6 +21,7 @@ typedef std::map<base::string16, base::NullableString16> DOMStorageValuesMap;
 // The quota for each storage area.
 // This value is enforced in renderer processes and the browser process.
 +// However, Electron's dom_storage_limits.patch removes the code that checks this limit.
 const size_t kPerStorageAreaQuota = 10 * 1024 * 1024;
 // In the browser process we allow some overage to
 diff --git a/content/renderer/dom_storage/dom_storage_cached_area.cc b/content/renderer/dom_storage/dom_storage_cached_area.cc
 index 402c27727ff1..f5908a1c55f9 100644
 --- a/content/renderer/dom_storage/dom_storage_cached_area.cc
 +++ b/content/renderer/dom_storage/dom_storage_cached_area.cc
@@ -53,11 +53,13 @@ bool DOMStorageCachedArea::SetItem(int connection_id,
                                    const base::string16& key,
                                    const base::string16& value,
                                    const GURL& page_url) {
 +#if 0
   // A quick check to reject obviously overbudget items to avoid
   // the priming the cache.
   if ((key.length() + value.length()) * sizeof(base::char16) >
       kPerStorageAreaQuota)
     return false;
 +#endif
   PrimeIfNeeded(connection_id);
   base::NullableString16 old_value;
 diff --git a/content/renderer/dom_storage/local_storage_cached_area.cc b/content/renderer/dom_storage/local_storage_cached_area.cc
 index ffa21c9200d0..0edbd6152292 100644
 --- a/content/renderer/dom_storage/local_storage_cached_area.cc
 +++ b/content/renderer/dom_storage/local_storage_cached_area.cc
@@ -141,11 +141,13 @@ bool LocalStorageCachedArea::SetItem(const base::string16& key,
                                      const base::string16& value,
                                      const GURL& page_url,
                                      const std::string& storage_area_id) {
 +#if 0
   // A quick check to reject obviously overbudget items to avoid priming the
   // cache.
   if ((key.length() + value.length()) * sizeof(base::char16) >
       kPerStorageAreaQuota)
     return false;
 +#endif
   EnsureLoaded();
   bool result = false;
--- a/patches/common/chromium/dom_storage_map.patch
+++ b/patches/common/chromium/dom_storage_map.patch
@ -1,23 +0,0 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Cheng Zhao <zcbenz@gmail.com>
 Date: Thu, 20 Sep 2018 17:45:55 -0700
 Subject: dom_storage_map.patch
 diff --git a/content/common/dom_storage/dom_storage_map.cc b/content/common/dom_storage/dom_storage_map.cc
 index fd088fb170bead6452ded14016f21f0c29659e03..a9e4b3375e9b614ed1e8b737a30f4436adb12c37 100644
 --- a/content/common/dom_storage/dom_storage_map.cc
 +++ b/content/common/dom_storage/dom_storage_map.cc
@@ -185,10 +185,12 @@ bool DOMStorageMap::SetItemInternal(MapType* map_type,
   size_t new_item_size = size_in_storage(key, value);
   size_t new_storage_used = storage_used_ - old_item_size + new_item_size;
 +#if 0  // Disable localStorage size limit for Electron.
   // Only check quota if the size is increasing, this allows
   // shrinking changes to pre-existing files that are over budget.
   if (new_item_size > old_item_size && new_storage_used > quota_)
     return false;
 +#endif
   (*map_type)[key] = value;
   ResetKeyIterator();
--- a/spec/chromium-spec.js
+++ b/spec/chromium-spec.js
@ -938,6 +938,20 @@ describe('chromium feature', () => {
  })
  describe('storage', () => {
    describe('DOM storage quota override', () => {
      ['localStorage', 'sessionStorage'].forEach((storageName) => {
        it(`allows saving at least 50MiB in ${storageName}`, () => {
          const storage = window[storageName]
          const testKeyName = '_electronDOMStorageQuotaOverrideTest'
          // 25 * 2^20 UTF-16 characters will require 50MiB
          const arraySize = 25 * Math.pow(2, 20)
          storage[testKeyName] = new Array(arraySize).fill('X').join('')
          expect(storage[testKeyName]).to.have.lengthOf(arraySize)
          delete storage[testKeyName]
        })
      })
    })
    it('requesting persitent quota works', (done) => {
      navigator.webkitPersistentStorage.requestQuota(1024 * 1024, (grantedBytes) => {
        assert.strictEqual(grantedBytes, 1048576)