commit f8035f0af1bb508377110caa42b3eb63056c4cbd
author Danil Somsikov <dsv@chromium.org> Mon Jul 17 14:05:41 2023
committer Devtools-frontend LUCI CQ <devtools-frontend-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Jul 17 15:15:37 2023
tree 6955b5f7fea63ede449f76614c5698f2cfe8bab3
parent 2a71bc211ec9562f10c8e7d642e6726e33adb484

Fix the check in the ResourceImpl constructor.

I don't think this is actually exploitable as all the calles call
canAccessResource explicitly.

Bug: 1459836
Change-Id: I41e9d9e5175dd0ab34d9645625b671dd9a58699d
Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/4686265
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>

front_end/models/extensions/ExtensionAPI.ts

diff --git a/front_end/models/extensions/ExtensionAPI.ts b/front_end/models/extensions/ExtensionAPI.ts
index a440f5a..e76237f 100644
--- a/front_end/models/extensions/ExtensionAPI.ts
+++ b/front_end/models/extensions/ExtensionAPI.ts
@@ -1259,14 +1259,14 @@
         return new (Constructor(Resource))(resourceData);
       }
       function callbackWrapper(resources: unknown): void {
-        callback && callback((resources as APIImpl.ResourceData[]).map(wrapResource).filter(canAccessResource));
+        callback && callback((resources as APIImpl.ResourceData[]).filter(canAccessResource).map(wrapResource));
       }
       extensionServer.sendRequest({command: PrivateAPI.Commands.GetPageResources}, callback && callbackWrapper);
     },
   };
 
   function ResourceImpl(this: APIImpl.Resource, resourceData: APIImpl.ResourceData): void {
-    if (!canAccessResource) {
+    if (!canAccessResource(resourceData)) {
       throw new Error('Resource access not allowed');
     }
     this._url = resourceData.url;