Chromium Code Reviews Chromium Code Reviews
Issue 1675183003:
Fix SRI bypass by loading same resource twice in same origin. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller <mueller@kde.org> | 3 Copyright (C) 2001 Dirk Mueller <mueller@kde.org> |
| 4 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com) | 4 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 6 | 6 |
| 7 This library is free software; you can redistribute it and/or | 7 This library is free software; you can redistribute it and/or |
| 8 modify it under the terms of the GNU Library General Public | 8 modify it under the terms of the GNU Library General Public |
| 9 License as published by the Free Software Foundation; either | 9 License as published by the Free Software Foundation; either |
| 10 version 2 of the License, or (at your option) any later version. | 10 version 2 of the License, or (at your option) any later version. |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 27 #define ScriptResource_h | 27 #define ScriptResource_h |
| 28 | 28 |
| 29 #include "core/CoreExport.h" | 29 #include "core/CoreExport.h" |
| 30 #include "core/fetch/IntegrityMetadata.h" | 30 #include "core/fetch/IntegrityMetadata.h" |
| 31 #include "core/fetch/ResourceClient.h" | 31 #include "core/fetch/ResourceClient.h" |
| 32 #include "core/fetch/TextResource.h" | 32 #include "core/fetch/TextResource.h" |
| 33 #include "platform/text/CompressibleString.h" | 33 #include "platform/text/CompressibleString.h" |
| 34 | 34 |
| 35 namespace blink { | 35 namespace blink { |
| 36 | 36 |
| 37 enum ScriptIntegrityDisposition { | |
|
dcheng
2016/02/09 01:12:46
Nit: use enum class? And just name the enum member
jww
2016/02/09 04:38:50
Done.
| |
| 38 IntegrityNotChecked = 0, | |
| 39 IntegrityFailed, | |
| 40 IntegrityPassed | |
| 41 }; | |
| 42 | |
| 37 class FetchRequest; | 43 class FetchRequest; |
| 38 class ScriptResource; | 44 class ScriptResource; |
| 39 | 45 |
| 40 class CORE_EXPORT ScriptResourceClient : public ResourceClient { | 46 class CORE_EXPORT ScriptResourceClient : public ResourceClient { |
| 41 public: | 47 public: |
| 42 ~ScriptResourceClient() override {} | 48 ~ScriptResourceClient() override {} |
| 43 static ResourceClientType expectedType() { return ScriptType; } | 49 static ResourceClientType expectedType() { return ScriptType; } |
| 44 ResourceClientType resourceClientType() const final { return expectedType(); } | 50 ResourceClientType resourceClientType() const final { return expectedType(); } |
| 45 | 51 |
| 46 virtual void notifyAppendData(ScriptResource* resource) { } | 52 virtual void notifyAppendData(ScriptResource* resource) { } |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 64 void destroyDecodedDataForFailedRevalidation() override; | 70 void destroyDecodedDataForFailedRevalidation() override; |
| 65 | 71 |
| 66 const CompressibleString& script(); | 72 const CompressibleString& script(); |
| 67 | 73 |
| 68 AtomicString mimeType() const; | 74 AtomicString mimeType() const; |
| 69 | 75 |
| 70 bool mimeTypeAllowedByNosniff() const; | 76 bool mimeTypeAllowedByNosniff() const; |
| 71 | 77 |
| 72 void setIntegrityMetadata(const IntegrityMetadataSet& metadata) { m_integrit yMetadata = metadata; } | 78 void setIntegrityMetadata(const IntegrityMetadataSet& metadata) { m_integrit yMetadata = metadata; } |
| 73 const IntegrityMetadataSet& integrityMetadata() const { return m_integrityMe tadata; } | 79 const IntegrityMetadataSet& integrityMetadata() const { return m_integrityMe tadata; } |
| 74 void setIntegrityAlreadyChecked(bool checked) { m_integrityChecked = checked ; } | 80 void setIntegrityAlreadyChecked(bool validIntegrity) { m_integrityDispositio n = (validIntegrity ? IntegrityPassed : IntegrityFailed); } |
| 75 bool integrityAlreadyChecked() { return m_integrityChecked; } | 81 ScriptIntegrityDisposition integrityDisposition() { return m_integrityDispos ition; } |
| 76 bool mustRefetchDueToIntegrityMetadata(const FetchRequest&) const override; | 82 bool mustRefetchDueToIntegrityMetadata(const FetchRequest&) const override; |
| 77 | 83 |
| 78 private: | 84 private: |
| 79 class ScriptResourceFactory : public ResourceFactory { | 85 class ScriptResourceFactory : public ResourceFactory { |
| 80 public: | 86 public: |
| 81 ScriptResourceFactory() | 87 ScriptResourceFactory() |
| 82 : ResourceFactory(Resource::Script) { } | 88 : ResourceFactory(Resource::Script) { } |
| 83 | 89 |
| 84 Resource* create(const ResourceRequest& request, const String& charset) const override | 90 Resource* create(const ResourceRequest& request, const String& charset) const override |
| 85 { | 91 { |
| 86 return new ScriptResource(request, charset); | 92 return new ScriptResource(request, charset); |
| 87 } | 93 } |
| 88 }; | 94 }; |
| 89 | 95 |
| 90 bool m_integrityChecked; | 96 ScriptIntegrityDisposition m_integrityDisposition; |
| 91 IntegrityMetadataSet m_integrityMetadata; | 97 IntegrityMetadataSet m_integrityMetadata; |
| 92 | 98 |
| 93 CompressibleString m_script; | 99 CompressibleString m_script; |
| 94 }; | 100 }; |
| 95 | 101 |
| 96 DEFINE_RESOURCE_TYPE_CASTS(Script); | 102 DEFINE_RESOURCE_TYPE_CASTS(Script); |
| 97 | 103 |
| 98 } // namespace blink | 104 } // namespace blink |
| 99 | 105 |
| 100 #endif | 106 #endif |
| OLD | NEW |
