| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/csp_validator.h" | 5 #include "extensions/common/csp_validator.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/strings/string_split.h" | 9 #include "base/strings/string_split.h" |
| 10 #include "base/strings/string_tokenizer.h" | 10 #include "base/strings/string_tokenizer.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 const char* directive_name; | 50 const char* directive_name; |
| 51 bool seen_in_policy; | 51 bool seen_in_policy; |
| 52 }; | 52 }; |
| 53 | 53 |
| 54 // Returns whether |url| starts with |scheme_and_separator| and does not have a | 54 // Returns whether |url| starts with |scheme_and_separator| and does not have a |
| 55 // too permissive wildcard host name. If |should_check_rcd| is true, then the | 55 // too permissive wildcard host name. If |should_check_rcd| is true, then the |
| 56 // Public suffix list is used to exclude wildcard TLDs such as "https://*.org". | 56 // Public suffix list is used to exclude wildcard TLDs such as "https://*.org". |
| 57 bool isNonWildcardTLD(const std::string& url, | 57 bool isNonWildcardTLD(const std::string& url, |
| 58 const std::string& scheme_and_separator, | 58 const std::string& scheme_and_separator, |
| 59 bool should_check_rcd) { | 59 bool should_check_rcd) { |
| 60 if (!StartsWithASCII(url, scheme_and_separator, true)) | 60 if (!base::StartsWithASCII(url, scheme_and_separator, true)) |
| 61 return false; | 61 return false; |
| 62 | 62 |
| 63 size_t start_of_host = scheme_and_separator.length(); | 63 size_t start_of_host = scheme_and_separator.length(); |
| 64 | 64 |
| 65 size_t end_of_host = url.find("/", start_of_host); | 65 size_t end_of_host = url.find("/", start_of_host); |
| 66 if (end_of_host == std::string::npos) | 66 if (end_of_host == std::string::npos) |
| 67 end_of_host = url.size(); | 67 end_of_host = url.size(); |
| 68 | 68 |
| 69 // Note: It is sufficient to only compare the first character against '*' | 69 // Note: It is sufficient to only compare the first character against '*' |
| 70 // because the CSP only allows wildcards at the start of a directive, see | 70 // because the CSP only allows wildcards at the start of a directive, see |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 std::string source = tokenizer->token(); | 126 std::string source = tokenizer->token(); |
| 127 base::StringToLowerASCII(&source); | 127 base::StringToLowerASCII(&source); |
| 128 bool is_secure_csp_token = false; | 128 bool is_secure_csp_token = false; |
| 129 | 129 |
| 130 // We might need to relax this whitelist over time. | 130 // We might need to relax this whitelist over time. |
| 131 if (source == "'self'" || source == "'none'" || | 131 if (source == "'self'" || source == "'none'" || |
| 132 source == "http://127.0.0.1" || | 132 source == "http://127.0.0.1" || |
| 133 base::LowerCaseEqualsASCII(source, "blob:") || | 133 base::LowerCaseEqualsASCII(source, "blob:") || |
| 134 base::LowerCaseEqualsASCII(source, "filesystem:") || | 134 base::LowerCaseEqualsASCII(source, "filesystem:") || |
| 135 base::LowerCaseEqualsASCII(source, "http://localhost") || | 135 base::LowerCaseEqualsASCII(source, "http://localhost") || |
| 136 StartsWithASCII(source, "http://127.0.0.1:", true) || | 136 base::StartsWithASCII(source, "http://127.0.0.1:", true) || |
| 137 StartsWithASCII(source, "http://localhost:", true) || | 137 base::StartsWithASCII(source, "http://localhost:", true) || |
| 138 isNonWildcardTLD(source, "https://", true) || | 138 isNonWildcardTLD(source, "https://", true) || |
| 139 isNonWildcardTLD(source, "chrome://", false) || | 139 isNonWildcardTLD(source, "chrome://", false) || |
| 140 isNonWildcardTLD(source, std::string(extensions::kExtensionScheme) + | 140 isNonWildcardTLD(source, std::string(extensions::kExtensionScheme) + |
| 141 url::kStandardSchemeSeparator, | 141 url::kStandardSchemeSeparator, |
| 142 false) || | 142 false) || |
| 143 StartsWithASCII(source, "chrome-extension-resource:", true)) { | 143 base::StartsWithASCII(source, "chrome-extension-resource:", true)) { |
| 144 is_secure_csp_token = true; | 144 is_secure_csp_token = true; |
| 145 } else if ((options & OPTIONS_ALLOW_UNSAFE_EVAL) && | 145 } else if ((options & OPTIONS_ALLOW_UNSAFE_EVAL) && |
| 146 source == "'unsafe-eval'") { | 146 source == "'unsafe-eval'") { |
| 147 is_secure_csp_token = true; | 147 is_secure_csp_token = true; |
| 148 } | 148 } |
| 149 | 149 |
| 150 if (is_secure_csp_token) { | 150 if (is_secure_csp_token) { |
| 151 sane_csp_parts->push_back(source); | 151 sane_csp_parts->push_back(source); |
| 152 } else if (warnings) { | 152 } else if (warnings) { |
| 153 warnings->push_back(CSPInstallWarning(ErrorUtils::FormatErrorMessage( | 153 warnings->push_back(CSPInstallWarning(ErrorUtils::FormatErrorMessage( |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 337 } | 337 } |
| 338 } | 338 } |
| 339 } | 339 } |
| 340 | 340 |
| 341 return seen_sandbox; | 341 return seen_sandbox; |
| 342 } | 342 } |
| 343 | 343 |
| 344 } // namespace csp_validator | 344 } // namespace csp_validator |
| 345 | 345 |
| 346 } // namespace extensions | 346 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1172183002:
Move StartsWith[ASCII] to base namespace. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@string_util3