OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ | 5 #ifndef CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ |
6 #define CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ | 6 #define CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
11 #include "base/gtest_prod_util.h" | 11 #include "base/gtest_prod_util.h" |
12 #include "base/memory/linked_ptr.h" | 12 #include "base/memory/linked_ptr.h" |
13 #include "base/strings/string_piece.h" | 13 #include "base/strings/string_piece.h" |
14 #include "content/common/content_export.h" | 14 #include "content/common/content_export.h" |
15 #include "content/public/common/resource_type.h" | 15 #include "content/public/common/resource_type.h" |
16 #include "url/gurl.h" | 16 #include "url/gurl.h" |
17 | 17 |
18 namespace content { | 18 namespace content { |
19 | 19 |
20 struct ResourceResponseInfo; | 20 struct ResourceResponseInfo; |
21 | 21 |
22 // SiteIsolationPolicy implements the cross-site document blocking policy (XSDP) | 22 // CrossSiteDocumentClassifier implements the cross-site document blocking |
23 // for Site Isolation. XSDP will monitor network responses to a renderer and | 23 // policy (XSDP) for Site Isolation. XSDP will monitor network responses to a |
24 // block illegal responses so that a compromised renderer cannot steal private | 24 // renderer and block illegal responses so that a compromised renderer cannot |
25 // information from other sites. For now SiteIsolationPolicy monitors responses | 25 // steal private information from other sites. |
26 // to gather various UMA stats to see the compatibility impact of actual | 26 // |
27 // deployment of the policy. The UMA stat categories SiteIsolationPolicy gathers | 27 // SiteIsolationStatsGatherer monitors responses to gather various UMA stats to |
28 // are as follows: | 28 // see the compatibility impact of actual deployment of the policy. The UMA stat |
| 29 // categories SiteIsolationStatsGatherer gathers are as follows: |
29 // | 30 // |
30 // SiteIsolation.AllResponses : # of all network responses. | 31 // SiteIsolation.AllResponses : # of all network responses. |
31 // SiteIsolation.XSD.DataLength : the length of the first packet of a response. | 32 // SiteIsolation.XSD.DataLength : the length of the first packet of a response. |
32 // SiteIsolation.XSD.MimeType (enum): | 33 // SiteIsolation.XSD.MimeType (enum): |
33 // # of responses from other sites, tagged with a document mime type. | 34 // # of responses from other sites, tagged with a document mime type. |
34 // 0:HTML, 1:XML, 2:JSON, 3:Plain, 4:Others | 35 // 0:HTML, 1:XML, 2:JSON, 3:Plain, 4:Others |
35 // SiteIsolation.XSD.[%MIMETYPE].Blocked : | 36 // SiteIsolation.XSD.[%MIMETYPE].Blocked : |
36 // blocked # of cross-site document responses grouped by sniffed MIME type. | 37 // blocked # of cross-site document responses grouped by sniffed MIME type. |
37 // SiteIsolation.XSD.[%MIMETYPE].Blocked.RenderableStatusCode : | 38 // SiteIsolation.XSD.[%MIMETYPE].Blocked.RenderableStatusCode : |
38 // # of responses with renderable status code, | 39 // # of responses with renderable status code, |
(...skipping 27 matching lines...) Expand all Loading... |
66 SiteIsolationResponseMetaData(); | 67 SiteIsolationResponseMetaData(); |
67 | 68 |
68 std::string frame_origin; | 69 std::string frame_origin; |
69 GURL response_url; | 70 GURL response_url; |
70 ResourceType resource_type; | 71 ResourceType resource_type; |
71 CanonicalMimeType canonical_mime_type; | 72 CanonicalMimeType canonical_mime_type; |
72 int http_status_code; | 73 int http_status_code; |
73 bool no_sniff; | 74 bool no_sniff; |
74 }; | 75 }; |
75 | 76 |
76 class CONTENT_EXPORT SiteIsolationPolicy { | 77 // TODO(nick): Move this class into its own file. |
| 78 class CONTENT_EXPORT SiteIsolationStatsGatherer { |
77 public: | 79 public: |
78 // Set activation flag for the UMA data collection for this renderer process. | 80 // Set activation flag for the UMA data collection for this renderer process. |
79 static void SetPolicyEnabled(bool enabled); | 81 static void SetEnabled(bool enabled); |
80 | 82 |
81 // Returns any bookkeeping data about the HTTP header information for the | 83 // Returns any bookkeeping data about the HTTP header information for a |
82 // request identified by |request_id|. Any data returned should then be | 84 // request. Any data returned should then be passed to OnReceivedFirstChunk() |
83 // passed to OnReceivedFirstChunk() with the first data chunk. | 85 // with the first data chunk. |
84 static linked_ptr<SiteIsolationResponseMetaData> OnReceivedResponse( | 86 static linked_ptr<SiteIsolationResponseMetaData> OnReceivedResponse( |
85 const GURL& frame_origin, | 87 const GURL& frame_origin, |
86 const GURL& response_url, | 88 const GURL& response_url, |
87 ResourceType resource_type, | 89 ResourceType resource_type, |
88 int origin_pid, | 90 int origin_pid, |
89 const ResourceResponseInfo& info); | 91 const ResourceResponseInfo& info); |
90 | 92 |
91 // Examines the first chunk of network data in case response_url is registered | 93 // Examines the first chunk of network data in case response_url is registered |
92 // as a cross-site document by DidReceiveResponse(). This records various | 94 // as a cross-site document by OnReceivedResponse(). This records various |
93 // kinds of UMA data stats. This function is called only if the length of | 95 // kinds of UMA data stats. This function is called only if the length of |
94 // received data is non-zero. | 96 // received data is non-zero. |
95 static bool OnReceivedFirstChunk( | 97 static bool OnReceivedFirstChunk( |
96 const linked_ptr<SiteIsolationResponseMetaData>& resp_data, | 98 const linked_ptr<SiteIsolationResponseMetaData>& resp_data, |
97 const char* payload, | 99 const char* payload, |
98 int length); | 100 int length); |
99 | 101 |
100 private: | 102 private: |
101 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsBlockableScheme); | 103 FRIEND_TEST_ALL_PREFIXES(SiteIsolationStatsGathererTest, SniffForJS); |
102 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsSameSite); | |
103 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsValidCorsHeaderSet); | |
104 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForHTML); | |
105 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForXML); | |
106 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForJSON); | |
107 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForJS); | |
108 | 104 |
| 105 SiteIsolationStatsGatherer(); // Not instantiable. |
| 106 |
| 107 // Imprecise JS sniffing; only appropriate for collecting UMA stat. |
| 108 static bool SniffForJS(base::StringPiece data); |
| 109 |
| 110 DISALLOW_COPY_AND_ASSIGN(SiteIsolationStatsGatherer); |
| 111 }; |
| 112 |
| 113 // TODO(nick): Move this class into its own file. |
| 114 class CONTENT_EXPORT CrossSiteDocumentClassifier { |
| 115 public: |
109 // Returns the representative mime type enum value of the mime type of | 116 // Returns the representative mime type enum value of the mime type of |
110 // response. For example, this returns the same value for all text/xml mime | 117 // response. For example, this returns the same value for all text/xml mime |
111 // type families such as application/xml, application/rss+xml. | 118 // type families such as application/xml, application/rss+xml. |
112 static SiteIsolationResponseMetaData::CanonicalMimeType GetCanonicalMimeType( | 119 static SiteIsolationResponseMetaData::CanonicalMimeType GetCanonicalMimeType( |
113 const std::string& mime_type); | 120 const std::string& mime_type); |
114 | 121 |
115 // Returns whether this scheme is a target of cross-site document | 122 // Returns whether this scheme is a target of cross-site document |
116 // policy(XSDP). This returns true only for http://* and https://* urls. | 123 // policy(XSDP). This returns true only for http://* and https://* urls. |
117 static bool IsBlockableScheme(const GURL& frame_origin); | 124 static bool IsBlockableScheme(const GURL& frame_origin); |
118 | 125 |
119 // Returns whether the two urls belong to the same sites. | 126 // Returns whether the two urls belong to the same sites. |
120 static bool IsSameSite(const GURL& frame_origin, const GURL& response_url); | 127 static bool IsSameSite(const GURL& frame_origin, const GURL& response_url); |
121 | 128 |
122 // Returns whether there's a valid CORS header for frame_origin. This is | 129 // Returns whether there's a valid CORS header for frame_origin. This is |
123 // simliar to CrossOriginAccessControl::passesAccessControlCheck(), but we use | 130 // simliar to CrossOriginAccessControl::passesAccessControlCheck(), but we use |
124 // sites as our security domain, not origins. | 131 // sites as our security domain, not origins. |
125 // TODO(dsjang): this must be improved to be more accurate to the actual CORS | 132 // TODO(dsjang): this must be improved to be more accurate to the actual CORS |
126 // specification. For now, this works conservatively, allowing XSDs that are | 133 // specification. For now, this works conservatively, allowing XSDs that are |
127 // not allowed by actual CORS rules by ignoring 1) credentials and 2) | 134 // not allowed by actual CORS rules by ignoring 1) credentials and 2) |
128 // methods. Preflight requests don't matter here since they are not used to | 135 // methods. Preflight requests don't matter here since they are not used to |
129 // decide whether to block a document or not on the client side. | 136 // decide whether to block a document or not on the client side. |
130 static bool IsValidCorsHeaderSet(const GURL& frame_origin, | 137 static bool IsValidCorsHeaderSet(const GURL& frame_origin, |
131 const GURL& website_origin, | 138 const GURL& website_origin, |
132 const std::string& access_control_origin); | 139 const std::string& access_control_origin); |
133 | 140 |
134 static bool SniffForHTML(base::StringPiece data); | 141 static bool SniffForHTML(base::StringPiece data); |
135 static bool SniffForXML(base::StringPiece data); | 142 static bool SniffForXML(base::StringPiece data); |
136 static bool SniffForJSON(base::StringPiece data); | 143 static bool SniffForJSON(base::StringPiece data); |
137 | 144 |
138 // TODO(dsjang): this is only needed for collecting UMA stat. Will be deleted | 145 private: |
139 // when this class is used for actual blocking. | 146 CrossSiteDocumentClassifier(); // Not instantiable. |
140 static bool SniffForJS(base::StringPiece data); | |
141 | 147 |
142 // Never needs to be constructed/destructed. | 148 DISALLOW_COPY_AND_ASSIGN(CrossSiteDocumentClassifier); |
143 SiteIsolationPolicy() {} | |
144 ~SiteIsolationPolicy() {} | |
145 | |
146 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); | |
147 }; | 149 }; |
148 | 150 |
149 } // namespace content | 151 } // namespace content |
150 | 152 |
151 #endif // CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ | 153 #endif // CONTENT_CHILD_SITE_ISOLATION_POLICY_H_ |
OLD | NEW |