[Backport] Fix for security issue 818327

[FileAPI] Make sure to not ignore file timestamp when uploading files.

The modification timestamp ensures files can't be read after they are
modified, so make sure it is actually passed along and used when uploading
a file. On its own this change doesn't actually fix anything, since the
timestamp that is passed around isn't always set yet, so for nearly most
cases this CL will have no immediate effect. Separate
CLs will make sure the timestamp is set properly in the first place.

Note that even then, we still trust the renderer process to decide if it
should be allowed to upload a file after the file was modified; ideally we'd
further refactor the network side code to instead check the snapshot state
in the browser process, but that is a much more involved change.

Bug: 844874, 818327
Change-Id: I838d0b6996857ee691fee5b9162c75f8b2ca99c7
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#726109}
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>

8 files changed, 16 insertions, 16 deletions

diff --git a/chromium/content/renderer/loader/web_url_request_util.cc b/chromium/content/renderer/loader/web_url_request_util.cc
index 87899a703a1..5765848067c 100644
--- a/chromium/content/renderer/loader/web_url_request_util.cc
+++ b/chromium/content/renderer/loader/web_url_request_util.cc
@@ -293,7 +293,8 @@ scoped_refptr<network::ResourceRequestBody> GetRequestBodyForWebHTTPBody(
         if (element.file_length == -1) {
           request_body->AppendFileRange(
               blink::WebStringToFilePath(element.file_path), 0,
-              std::numeric_limits<uint64_t>::max(), base::Time());
+              std::numeric_limits<uint64_t>::max(),
+              element.modification_time.value_or(base::Time()));
         } else {
           request_body->AppendFileRange(
               blink::WebStringToFilePath(element.file_path),
diff --git a/chromium/third_party/blink/public/platform/web_http_body.h b/chromium/third_party/blink/public/platform/web_http_body.h
index 21c54839d47..738b7e2161d 100644
--- a/chromium/third_party/blink/public/platform/web_http_body.h
+++ b/chromium/third_party/blink/public/platform/web_http_body.h
@@ -94,7 +94,6 @@ class WebHTTPBody {
 
   // Append to the list of elements.
   BLINK_PLATFORM_EXPORT void AppendData(const WebData&);
-  BLINK_PLATFORM_EXPORT void AppendFile(const WebString&);
   // Passing -1 to |file_length| means to the end of the file.
   BLINK_PLATFORM_EXPORT void AppendFileRange(
       const WebString&,
diff --git a/chromium/third_party/blink/renderer/core/html/forms/form_data.cc b/chromium/third_party/blink/renderer/core/html/forms/form_data.cc
index 4ef6dba5b2d..1918cac770a 100644
--- a/chromium/third_party/blink/renderer/core/html/forms/form_data.cc
+++ b/chromium/third_party/blink/renderer/core/html/forms/form_data.cc
@@ -302,7 +302,7 @@ scoped_refptr<EncodedFormData> FormData::EncodeMultiPartFormData() {
         auto* file = To<File>(entry->GetBlob());
         // Do not add the file if the path is empty.
         if (!file->GetPath().IsEmpty())
-          form_data->AppendFile(file->GetPath());
+          form_data->AppendFile(file->GetPath(), file->LastModifiedTime());
       } else {
         form_data->AppendBlob(entry->GetBlob()->Uuid(),
                               entry->GetBlob()->GetBlobDataHandle());
diff --git a/chromium/third_party/blink/renderer/core/loader/ping_loader.cc b/chromium/third_party/blink/renderer/core/loader/ping_loader.cc
index 242fe044140..470749ed57b 100644
--- a/chromium/third_party/blink/renderer/core/loader/ping_loader.cc
+++ b/chromium/third_party/blink/renderer/core/loader/ping_loader.cc
@@ -101,10 +101,12 @@ class BeaconBlob final : public Beacon {
     DCHECK(data_);
 
     scoped_refptr<EncodedFormData> entity_body = EncodedFormData::Create();
-    if (data_->HasBackingFile())
-      entity_body->AppendFile(To<File>(data_.Get())->GetPath());
-    else
+    if (data_->HasBackingFile()) {
+      entity_body->AppendFile(To<File>(data_.Get())->GetPath(),
+                              To<File>(data_.Get())->LastModifiedTime());
+    } else {
       entity_body->AppendBlob(data_->Uuid(), data_->GetBlobDataHandle());
+    }
 
     request.SetHttpBody(std::move(entity_body));
 
diff --git a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
index de51aab22e8..81f859db805 100644
--- a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
+++ b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
@@ -869,7 +869,7 @@ void XMLHttpRequest::send(Blob* body, ExceptionState& exception_state) {
     if (body->HasBackingFile()) {
       auto* file = To<File>(body);
       if (!file->GetPath().IsEmpty())
-        http_body->AppendFile(file->GetPath());
+        http_body->AppendFile(file->GetPath(), file->LastModifiedTime());
       else
         NOTREACHED();
     } else {
diff --git a/chromium/third_party/blink/renderer/platform/exported/web_http_body.cc b/chromium/third_party/blink/renderer/platform/exported/web_http_body.cc
index f60fa03f4c9..83c1f68f7d3 100644
--- a/chromium/third_party/blink/renderer/platform/exported/web_http_body.cc
+++ b/chromium/third_party/blink/renderer/platform/exported/web_http_body.cc
@@ -121,11 +121,6 @@ void WebHTTPBody::AppendData(const WebData& data) {
       });
 }
 
-void WebHTTPBody::AppendFile(const WebString& file_path) {
-  EnsureMutable();
-  private_->AppendFile(file_path);
-}
-
 void WebHTTPBody::AppendFileRange(
     const WebString& file_path,
     int64_t file_start,
diff --git a/chromium/third_party/blink/renderer/platform/network/encoded_form_data.cc b/chromium/third_party/blink/renderer/platform/network/encoded_form_data.cc
index 03a6c6d3aac..eb21bafdb1f 100644
--- a/chromium/third_party/blink/renderer/platform/network/encoded_form_data.cc
+++ b/chromium/third_party/blink/renderer/platform/network/encoded_form_data.cc
@@ -175,9 +175,11 @@ void EncodedFormData::AppendData(const void* data, wtf_size_t size) {
   memcpy(e.data_.data() + old_size, data, size);
 }
 
-void EncodedFormData::AppendFile(const String& filename) {
-  elements_.push_back(
-      FormDataElement(filename, 0, BlobData::kToEndOfFile, base::nullopt));
+void EncodedFormData::AppendFile(
+    const String& filename,
+    const base::Optional<base::Time>& expected_modification_time) {
+  elements_.push_back(FormDataElement(filename, 0, BlobData::kToEndOfFile,
+                                      expected_modification_time));
 }
 
 void EncodedFormData::AppendFileRange(
diff --git a/chromium/third_party/blink/renderer/platform/network/encoded_form_data.h b/chromium/third_party/blink/renderer/platform/network/encoded_form_data.h
index a3de079f0ce..cbb1eed257e 100644
--- a/chromium/third_party/blink/renderer/platform/network/encoded_form_data.h
+++ b/chromium/third_party/blink/renderer/platform/network/encoded_form_data.h
@@ -110,7 +110,8 @@ class PLATFORM_EXPORT EncodedFormData : public RefCounted<EncodedFormData> {
   ~EncodedFormData();
 
   void AppendData(const void* data, wtf_size_t);
-  void AppendFile(const String& file_path);
+  void AppendFile(const String& file_path,
+                  const base::Optional<base::Time>& expected_modification_time);
   void AppendFileRange(
       const String& filename,
       int64_t start,