Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(305)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/SubresourceIntegrity.cpp

Issue 1279163005: Initial Fetch integration for Subresource Integrity (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fix test expectations Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.h ('k') | Source/core/html/HTMLLinkElement.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/SubresourceIntegrity.h" 6 #include "core/frame/SubresourceIntegrity.h"
7 7
8 #include "core/HTMLNames.h" 8 #include "core/HTMLNames.h"
9 #include "core/dom/Document.h" 9 #include "core/dom/Document.h"
10 #include "core/dom/Element.h" 10 #include "core/dom/Element.h"
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); 107 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr);
108 if (attribute.isEmpty()) 108 if (attribute.isEmpty())
109 return true; 109 return true;
110 110
111 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { 111 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) {
112 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI neligible); 112 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI neligible);
113 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires the re quest to be CORS enabled to check the integrity, and it is not. The resource has not been blocked, but no integrity check occurred.", document); 113 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires the re quest to be CORS enabled to check the integrity, and it is not. The resource has not been blocked, but no integrity check occurred.", document);
114 return false; 114 return false;
115 } 115 }
116 116
117 String errorMessage;
118 bool result = CheckSubresourceIntegrity(attribute, source, resourceUrl, docu ment, errorMessage);
119 if (!result)
120 logErrorToConsole(errorMessage, document);
121 return result;
122 }
123
124 bool SubresourceIntegrity::CheckSubresourceIntegrity(const String& integrityMeta data, const WTF::String& source, const KURL& resourceUrl, Document& document, St ring& errorMessage)
125 {
117 WTF::Vector<IntegrityMetadata> metadataList; 126 WTF::Vector<IntegrityMetadata> metadataList;
118 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document); 127 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(integrit yMetadata, metadataList, document);
119 // On failed parsing, there's no need to log an error here, as 128 // On failed parsing, there's no need to log an error here, as
120 // parseIntegrityAttribute() will output an appropriate console message. 129 // parseIntegrityAttribute() will output an appropriate console message.
121 if (integrityParseResult != IntegrityParseValidResult) 130 if (integrityParseResult != IntegrityParseValidResult)
122 return true; 131 return true;
123 132
124 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); 133 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables);
125 134
126 if (!metadataList.size()) 135 if (!metadataList.size())
127 return true; 136 return true;
128 137
(...skipping 22 matching lines...) Expand all
151 } 160 }
152 } 161 }
153 162
154 digest.clear(); 163 digest.clear();
155 if (computeDigest(HashAlgorithmSha256, normalizedSource.data(), normalizedSo urce.length(), digest)) { 164 if (computeDigest(HashAlgorithmSha256, normalizedSource.data(), normalizedSo urce.length(), digest)) {
156 // This message exposes the digest of the resource to the console. 165 // This message exposes the digest of the resource to the console.
157 // Because this is only to the console, that's okay for now, but we 166 // Because this is only to the console, that's okay for now, but we
158 // need to be very careful not to expose this in exceptions or 167 // need to be very careful not to expose this in exceptions or
159 // JavaScript, otherwise it risks exposing information about the 168 // JavaScript, otherwise it risks exposing information about the
160 // resource cross-origin. 169 // resource cross-origin.
161 logErrorToConsole("Failed to find a valid digest in the 'integrity' attr ibute for resource '" + resourceUrl.elidedString() + "' with computed SHA-256 in tegrity '" + digestToString(digest) + "'. The resource has been blocked.", docum ent); 170 errorMessage = "Failed to find a valid digest in the 'integrity' attribu te for resource '" + resourceUrl.elidedString() + "' with computed SHA-256 integ rity '" + digestToString(digest) + "'. The resource has been blocked.";
162 } else { 171 } else {
163 logErrorToConsole("There was an error computing an integrity value for r esource '" + resourceUrl.elidedString() + "'. The resource has been blocked.", d ocument); 172 errorMessage = "There was an error computing an integrity value for reso urce '" + resourceUrl.elidedString() + "'. The resource has been blocked.";
164 } 173 }
165 UseCounter::count(document, UseCounter::SRIElementWithNonMatchingIntegrityAt tribute); 174 UseCounter::count(document, UseCounter::SRIElementWithNonMatchingIntegrityAt tribute);
166 return false; 175 return false;
167 } 176 }
168 177
169 // Before: 178 // Before:
170 // 179 //
171 // [algorithm]-[hash] 180 // [algorithm]-[hash]
172 // ^ ^ 181 // ^ ^
173 // position end 182 // position end
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 metadataList.append(integrityMetadata); 326 metadataList.append(integrityMetadata);
318 } 327 }
319 328
320 if (metadataList.size() == 0 && error) 329 if (metadataList.size() == 0 && error)
321 return IntegrityParseNoValidResult; 330 return IntegrityParseNoValidResult;
322 331
323 return IntegrityParseValidResult; 332 return IntegrityParseValidResult;
324 } 333 }
325 334
326 } // namespace blink 335 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/frame/SubresourceIntegrity.h ('k') | Source/core/html/HTMLLinkElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698