From 2938a9bcc89a029aac0be464cc122267d55f8e03 Mon Sep 17 00:00:00 2001
From: Dawid Juszczak <d.juszczak@samsung.com>
Date: Mon, 13 May 2019 17:07:34 +0200
Subject: [PATCH] [Utils][fix] Privileges check

http://suprem.sec.samsung.net/jira/browse/XWALK-1909

Added new function to check if value passed to function
checkPrivilegeAccess is privilege
Also changed value of CONTENT_READ to proper

[verification]
tested on chrome console

Change-Id: I9213055621b4627d56f49c4b12227512c9d0c9d0
Signed-off-by: Dawid Juszczak <d.juszczak@samsung.com>
---
 src/utils/utils_api.js | 147 ++++++++++++++++++++++-------------------
 1 file changed, 79 insertions(+), 68 deletions(-)

diff --git a/src/utils/utils_api.js b/src/utils/utils_api.js
index a096ea39..b281cede 100644
--- a/src/utils/utils_api.js
+++ b/src/utils/utils_api.js
@@ -139,77 +139,76 @@ DateConverter.prototype.fromTZDate = function(v) {
 
 var _dateConverter = new DateConverter();
 
+/**
+ * Cynara(since tizen 3.0) only support native privilege.
+ * simply web privilege convert native privilege for checking access.
+ */
+var _privilege = {
+  ACCOUNT_READ: 'http://tizen.org/privilege/account.read',
+  ACCOUNT_WRITE: 'http://tizen.org/privilege/account.write',
+  ALARM: 'http://tizen.org/privilege/alarm.get',
+  APPLICATION_INFO: 'http://tizen.org/privilege/application.info',
+  APPLICATION_LAUNCH: 'http://tizen.org/privilege/application.launch',
+  APPMANAGER_CERTIFICATE: 'http://tizen.org/privilege/appmanager.certificate',
+  APPMANAGER_KILL: 'http://tizen.org/privilege/appmanager.kill',
+  BLUETOOTH_ADMIN: 'http://tizen.org/privilege/bluetooth.admin',
+  BLUETOOTH_GAP: 'http://tizen.org/privilege/bluetooth.gap',
+  BLUETOOTH_HEALTH: 'http://tizen.org/privilege/bluetooth.health',
+  BLUETOOTH_SPP: 'http://tizen.org/privilege/bluetooth.spp',
+  BLUETOOTHMANAGER: 'http://tizen.org/privilege/bluetoothmanager',
+  BLUETOOTH: 'http://tizen.org/privilege/bluetooth',
+  BOOKMARK_READ: 'http://tizen.org/privilege/bookmark.read',
+  BOOKMARK_WRITE: 'http://tizen.org/privilege/bookmark.write',
+  CALENDAR_READ: 'http://tizen.org/privilege/calendar.read',
+  CALENDAR_WRITE: 'http://tizen.org/privilege/calendar.write',
+  CALLHISTORY_READ: 'http://tizen.org/privilege/callhistory.read',
+  CALLHISTORY_WRITE: 'http://tizen.org/privilege/callhistory.write',
+  CONTACT_READ: 'http://tizen.org/privilege/contact.read',
+  CONTACT_WRITE: 'http://tizen.org/privilege/contact.write',
+  CONTENT_READ: 'http://tizen.org/privilege/content.read',
+  CONTENT_WRITE: 'http://tizen.org/privilege/content.write',
+  DATACONTROL_CONSUMER: 'http://tizen.org/privilege/datacontrol.consumer',
+  DATASYNC: 'http://tizen.org/privilege/datasync',
+  DOWNLOAD: 'http://tizen.org/privilege/download',
+  FILESYSTEM_READ: 'http://tizen.org/privilege/filesystem.read',
+  FILESYSTEM_WRITE: 'http://tizen.org/privilege/filesystem.write',
+  HAPTIC: 'http://tizen.org/privilege/haptic',
+  HEALTHINFO: 'http://tizen.org/privilege/healthinfo',
+  INTERNET: 'http://tizen.org/privilege/internet',
+  LED: 'http://tizen.org/privilege/led',
+  LOCATION: 'http://tizen.org/privilege/location',
+  MEDIACONTROLLER_SERVER: 'http://tizen.org/privilege/mediacontroller.server',
+  MEDIACONTROLLER_CLIENT: 'http://tizen.org/privilege/mediacontroller.client',
+  MESSAGING_READ: 'http://tizen.org/privilege/messaging.read',
+  MESSAGING_WRITE: 'http://tizen.org/privilege/messaging.write',
+  NETWORKBEARERSELECTION: 'http://tizen.org/privilege/networkbearerselection',
+  NFC_ADMIN: 'http://tizen.org/privilege/nfc.admin',
+  NFC_CARDEMULATION: 'http://tizen.org/privilege/nfc.cardemulation',
+  NFC_COMMON: 'http://tizen.org/privilege/nfc.common',
+  NFC_P2P: 'http://tizen.org/privilege/nfc.p2p',
+  NFC_TAG: 'http://tizen.org/privilege/nfc.tag',
+  NOTIFICATION: 'http://tizen.org/privilege/notification',
+  PACKAGE_INFO: 'http://tizen.org/privilege/packagemanager.info',
+  PACKAGEMANAGER_INSTALL: 'http://tizen.org/privilege/packagemanager.install',
+  POWER: 'http://tizen.org/privilege/power',
+  PUSH: 'http://tizen.org/privilege/push',
+  SECUREELEMENT: 'http://tizen.org/privilege/secureelement',
+  SETTING_ADMIN: 'http://tizen.org/privilege/systemsettings.admin',
+  SETTING: 'http://tizen.org/privilege/setting',
+  SYSTEM: 'http://tizen.org/privilege/system',
+  SYSTEMMANAGER: 'http://tizen.org/privilege/systemmanager',
+  TELEPHONY: 'http://tizen.org/privilege/telephony',
+  VOLUME_SET: 'http://tizen.org/privilege/volume.set',
+  WEBSETTING: 'http://tizen.org/privilege/websetting',
+  TV_INPUT_DEVICE: 'http://tizen.org/privilege/tv.inputdevice'
+};
+
+Object.freeze(_privilege);
+
 /** @constructor */
 function Utils() {
-
-  /**
-   * Cynara(since tizen 3.0) only support native privilege.
-   * simply web privilege convert native privilege for checking access.
-   */
-  var privilege = {
-    ACCOUNT_READ: 'http://tizen.org/privilege/account.read',
-    ACCOUNT_WRITE: 'http://tizen.org/privilege/account.write',
-    ALARM: 'http://tizen.org/privilege/alarm.get',
-    APPLICATION_INFO: 'http://tizen.org/privilege/application.info',
-    APPLICATION_LAUNCH: 'http://tizen.org/privilege/application.launch',
-    APPMANAGER_CERTIFICATE: 'http://tizen.org/privilege/appmanager.certificate',
-    APPMANAGER_KILL: 'http://tizen.org/privilege/appmanager.kill',
-    BLUETOOTH_ADMIN: 'http://tizen.org/privilege/bluetooth.admin',
-    BLUETOOTH_GAP: 'http://tizen.org/privilege/bluetooth.gap',
-    BLUETOOTH_HEALTH: 'http://tizen.org/privilege/bluetooth.health',
-    BLUETOOTH_SPP: 'http://tizen.org/privilege/bluetooth.spp',
-    BLUETOOTHMANAGER: 'http://tizen.org/privilege/bluetoothmanager',
-    BLUETOOTH: 'http://tizen.org/privilege/bluetooth',
-    BOOKMARK_READ: 'http://tizen.org/privilege/bookmark.read',
-    BOOKMARK_WRITE: 'http://tizen.org/privilege/bookmark.write',
-    CALENDAR_READ: 'http://tizen.org/privilege/calendar.read',
-    CALENDAR_WRITE: 'http://tizen.org/privilege/calendar.write',
-    CALLHISTORY_READ: 'http://tizen.org/privilege/callhistory.read',
-    CALLHISTORY_WRITE: 'http://tizen.org/privilege/callhistory.write',
-    CONTACT_READ: 'http://tizen.org/privilege/contact.read',
-    CONTACT_WRITE: 'http://tizen.org/privilege/contact.write',
-    CONTENT_READ: 'http://tizen.org/privilege/content.write',
-    CONTENT_WRITE: 'http://tizen.org/privilege/content.write',
-    DATACONTROL_CONSUMER: 'http://tizen.org/privilege/datacontrol.consumer',
-    DATASYNC: 'http://tizen.org/privilege/datasync',
-    DOWNLOAD: 'http://tizen.org/privilege/download',
-    FILESYSTEM_READ: 'http://tizen.org/privilege/filesystem.read',
-    FILESYSTEM_WRITE: 'http://tizen.org/privilege/filesystem.write',
-    HAPTIC: 'http://tizen.org/privilege/haptic',
-    HEALTHINFO: 'http://tizen.org/privilege/healthinfo',
-    INTERNET: 'http://tizen.org/privilege/internet',
-    LED: 'http://tizen.org/privilege/led',
-    LOCATION: 'http://tizen.org/privilege/location',
-    MEDIACONTROLLER_SERVER: 'http://tizen.org/privilege/mediacontroller.server',
-    MEDIACONTROLLER_CLIENT: 'http://tizen.org/privilege/mediacontroller.client',
-    MESSAGING_READ: 'http://tizen.org/privilege/messaging.read',
-    MESSAGING_WRITE: 'http://tizen.org/privilege/messaging.write',
-    NETWORKBEARERSELECTION: 'http://tizen.org/privilege/networkbearerselection',
-    NFC_ADMIN: 'http://tizen.org/privilege/nfc.admin',
-    NFC_CARDEMULATION: 'http://tizen.org/privilege/nfc.cardemulation',
-    NFC_COMMON: 'http://tizen.org/privilege/nfc.common',
-    NFC_P2P: 'http://tizen.org/privilege/nfc.p2p',
-    NFC_TAG: 'http://tizen.org/privilege/nfc.tag',
-    NOTIFICATION: 'http://tizen.org/privilege/notification',
-    PACKAGE_INFO: 'http://tizen.org/privilege/packagemanager.info',
-    PACKAGEMANAGER_INSTALL: 'http://tizen.org/privilege/packagemanager.install',
-    POWER: 'http://tizen.org/privilege/power',
-    PUSH: 'http://tizen.org/privilege/push',
-    SECUREELEMENT: 'http://tizen.org/privilege/secureelement',
-    SETTING_ADMIN: 'http://tizen.org/privilege/systemsettings.admin',
-    SETTING: 'http://tizen.org/privilege/setting',
-    SYSTEM: 'http://tizen.org/privilege/system',
-    SYSTEMMANAGER: 'http://tizen.org/privilege/systemmanager',
-    TELEPHONY: 'http://tizen.org/privilege/telephony',
-    VOLUME_SET: 'http://tizen.org/privilege/volume.set',
-    WEBSETTING: 'http://tizen.org/privilege/websetting',
-    TV_INPUT_DEVICE: 'http://tizen.org/privilege/tv.inputdevice'
-  };
-
-  Object.freeze(privilege);
-
   Object.defineProperty(this, 'privilege', {
-    value: privilege,
+    value: _privilege,
     writable: false,
     enumerable: true,
     configurable: false
@@ -303,7 +302,19 @@ Utils.prototype.getPkgApiVersion = function() {
   return native_.getResultObject(result);
 };
 
+var isPrivilege = function(toCheck) {
+  if (Object.values(_privilege).indexOf(toCheck) < 0) {
+    return false;
+  }
+  return true;
+}
+
 Utils.prototype.checkPrivilegeAccess = function(privilege) {
+  if (!isPrivilege(privilege)) {
+    xwalk.utils.error('Privilege ' + privilege + ' does not exist. Please fix your code.');
+    throw new WebAPIException(WebAPIException.SECURITY_ERR);
+  }
+
   var result = native_.callSync('Utils_checkPrivilegeAccess', {
     privilege : _toString(privilege),
   });
-- 
2.34.1