| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 318 for (const auto& policy : m_policies) { | 318 for (const auto& policy : m_policies) { |
| 319 CSPHeaderAndType headerAndType(policy->header(), policy->headerType()); | 319 CSPHeaderAndType headerAndType(policy->header(), policy->headerType()); |
| 320 headers->append(headerAndType); | 320 headers->append(headerAndType); |
| 321 } | 321 } |
| 322 return headers.release(); | 322 return headers.release(); |
| 323 } | 323 } |
| 324 | 324 |
| 325 template<bool (CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatu
s) const> | 325 template<bool (CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatu
s) const> |
| 326 bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolic
y::ReportingStatus reportingStatus) | 326 bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolic
y::ReportingStatus reportingStatus) |
| 327 { | 327 { |
| 328 for (const auto& policy : policies) { | 328 bool isAllowed = true; |
| 329 if (!(policy.get()->*allowed)(reportingStatus)) | 329 for (const auto& policy : policies) |
| 330 return false; | 330 isAllowed &= (policy.get()->*allowed)(reportingStatus); |
| 331 } | 331 return isAllowed; |
| 332 return true; | |
| 333 } | 332 } |
| 334 | 333 |
| 335 template <bool (CSPDirectiveList::*allowed)(ScriptState* scriptState, ContentSec
urityPolicy::ReportingStatus, ContentSecurityPolicy::ExceptionStatus) const> | 334 template <bool (CSPDirectiveList::*allowed)(ScriptState* scriptState, ContentSec
urityPolicy::ReportingStatus, ContentSecurityPolicy::ExceptionStatus) const> |
| 336 bool isAllowedByAllWithStateAndExceptionStatus(const CSPDirectiveListVector& pol
icies, ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportin
gStatus, ContentSecurityPolicy::ExceptionStatus exceptionStatus) | 335 bool isAllowedByAllWithStateAndExceptionStatus(const CSPDirectiveListVector& pol
icies, ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportin
gStatus, ContentSecurityPolicy::ExceptionStatus exceptionStatus) |
| 337 { | 336 { |
| 338 for (const auto& policy : policies) { | 337 bool isAllowed = true; |
| 339 if (!(policy.get()->*allowed)(scriptState, reportingStatus, exceptionSta
tus)) | 338 for (const auto& policy : policies) |
| 340 return false; | 339 isAllowed &= (policy.get()->*allowed)(scriptState, reportingStatus, exce
ptionStatus); |
| 341 } | 340 return isAllowed; |
| 342 return true; | |
| 343 } | 341 } |
| 344 | 342 |
| 345 template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumb
er&, ContentSecurityPolicy::ReportingStatus) const> | 343 template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumb
er&, ContentSecurityPolicy::ReportingStatus) const> |
| 346 bool isAllowedByAllWithContext(const CSPDirectiveListVector& policies, const Str
ing& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::R
eportingStatus reportingStatus) | 344 bool isAllowedByAllWithContext(const CSPDirectiveListVector& policies, const Str
ing& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::R
eportingStatus reportingStatus) |
| 347 { | 345 { |
| 348 for (const auto& policy : policies) { | 346 bool isAllowed = true; |
| 349 if (!(policy.get()->*allowed)(contextURL, contextLine, reportingStatus)) | 347 for (const auto& policy : policies) |
| 350 return false; | 348 isAllowed &= (policy.get()->*allowed)(contextURL, contextLine, reporting
Status); |
| 351 } | 349 return isAllowed; |
| 352 return true; | |
| 353 } | 350 } |
| 354 | 351 |
| 355 template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumb
er&, ContentSecurityPolicy::ReportingStatus, const String& content) const> | 352 template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumb
er&, ContentSecurityPolicy::ReportingStatus, const String& content) const> |
| 356 bool isAllowedByAllWithContextAndContent(const CSPDirectiveListVector& policies,
const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurit
yPolicy::ReportingStatus reportingStatus, const String& content) | 353 bool isAllowedByAllWithContextAndContent(const CSPDirectiveListVector& policies,
const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurit
yPolicy::ReportingStatus reportingStatus, const String& content) |
| 357 { | 354 { |
| 358 for (const auto& policy : policies) { | 355 bool isAllowed = true; |
| 359 if (!(policy.get()->*allowed)(contextURL, contextLine, reportingStatus,
content)) | 356 for (const auto& policy : policies) |
| 360 return false; | 357 isAllowed &= (policy.get()->*allowed)(contextURL, contextLine, reporting
Status, content); |
| 361 } | 358 return isAllowed; |
| 362 return true; | |
| 363 } | 359 } |
| 364 | 360 |
| 365 template<bool (CSPDirectiveList::*allowed)(const String&) const> | 361 template<bool (CSPDirectiveList::*allowed)(const String&) const> |
| 366 bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const Strin
g& nonce) | 362 bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const Strin
g& nonce) |
| 367 { | 363 { |
| 368 for (const auto& policy : policies) { | 364 bool isAllowed = true; |
| 369 if (!(policy.get()->*allowed)(nonce)) | 365 for (const auto& policy : policies) |
| 370 return false; | 366 isAllowed &= (policy.get()->*allowed)(nonce); |
| 371 } | 367 return isAllowed; |
| 372 return true; | |
| 373 } | 368 } |
| 374 | 369 |
| 375 template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&, ContentSecurityP
olicy::InlineType) const> | 370 template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&, ContentSecurityP
olicy::InlineType) const> |
| 376 bool isAllowedByAllWithHash(const CSPDirectiveListVector& policies, const CSPHas
hValue& hashValue, ContentSecurityPolicy::InlineType type) | 371 bool isAllowedByAllWithHash(const CSPDirectiveListVector& policies, const CSPHas
hValue& hashValue, ContentSecurityPolicy::InlineType type) |
| 377 { | 372 { |
| 378 for (const auto& policy : policies) { | 373 bool isAllowed = true; |
| 379 if (!(policy.get()->*allowed)(hashValue, type)) | 374 for (const auto& policy : policies) |
| 380 return false; | 375 isAllowed &= (policy.get()->*allowed)(hashValue, type); |
| 381 } | 376 return isAllowed; |
| 382 return true; | |
| 383 } | 377 } |
| 384 | 378 |
| 385 template <bool (CSPDirectiveList::*allowFromURL)(const KURL&, ContentSecurityPol
icy::RedirectStatus, ContentSecurityPolicy::ReportingStatus) const> | 379 template <bool (CSPDirectiveList::*allowFromURL)(const KURL&, ContentSecurityPol
icy::RedirectStatus, ContentSecurityPolicy::ReportingStatus) const> |
| 386 bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy:
:ReportingStatus reportingStatus) | 380 bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus, ContentSecurityPolicy:
:ReportingStatus reportingStatus) |
| 387 { | 381 { |
| 388 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) | 382 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) |
| 389 return true; | 383 return true; |
| 390 | 384 |
| 391 for (const auto& policy : policies) { | 385 bool isAllowed = true; |
| 392 if (!(policy.get()->*allowFromURL)(url, redirectStatus, reportingStatus)
) | 386 for (const auto& policy : policies) |
| 393 return false; | 387 isAllowed &= (policy.get()->*allowFromURL)(url, redirectStatus, reportin
gStatus); |
| 394 } | 388 return isAllowed; |
| 395 return true; | |
| 396 } | 389 } |
| 397 | 390 |
| 398 template<bool (CSPDirectiveList::*allowed)(LocalFrame*, const KURL&, ContentSecu
rityPolicy::ReportingStatus) const> | 391 template<bool (CSPDirectiveList::*allowed)(LocalFrame*, const KURL&, ContentSecu
rityPolicy::ReportingStatus) const> |
| 399 bool isAllowedByAllWithFrame(const CSPDirectiveListVector& policies, LocalFrame*
frame, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) | 392 bool isAllowedByAllWithFrame(const CSPDirectiveListVector& policies, LocalFrame*
frame, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) |
| 400 { | 393 { |
| 401 for (const auto& policy : policies) { | 394 bool isAllowed = true; |
| 402 if (!(policy.get()->*allowed)(frame, url, reportingStatus)) | 395 for (const auto& policy : policies) |
| 403 return false; | 396 isAllowed &= (policy.get()->*allowed)(frame, url, reportingStatus); |
| 404 } | 397 return isAllowed; |
| 405 return true; | |
| 406 } | 398 } |
| 407 | 399 |
| 408 template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&, ContentSecurityP
olicy::InlineType) const> | 400 template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&, ContentSecurityP
olicy::InlineType) const> |
| 409 bool checkDigest(const String& source, ContentSecurityPolicy::InlineType type, u
int8_t hashAlgorithmsUsed, const CSPDirectiveListVector& policies) | 401 bool checkDigest(const String& source, ContentSecurityPolicy::InlineType type, u
int8_t hashAlgorithmsUsed, const CSPDirectiveListVector& policies) |
| 410 { | 402 { |
| 411 // Any additions or subtractions from this struct should also modify the | 403 // Any additions or subtractions from this struct should also modify the |
| 412 // respective entries in the kSupportedPrefixes array in | 404 // respective entries in the kSupportedPrefixes array in |
| 413 // CSPSourceList::parseHash(). | 405 // CSPSourceList::parseHash(). |
| 414 static const struct { | 406 static const struct { |
| 415 ContentSecurityPolicyHashAlgorithm cspHashAlgorithm; | 407 ContentSecurityPolicyHashAlgorithm cspHashAlgorithm; |
| (...skipping 651 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1067 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1059 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 1068 return !m_violationReportsSent.contains(report.impl()->hash()); | 1060 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 1069 } | 1061 } |
| 1070 | 1062 |
| 1071 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1063 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 1072 { | 1064 { |
| 1073 m_violationReportsSent.add(report.impl()->hash()); | 1065 m_violationReportsSent.add(report.impl()->hash()); |
| 1074 } | 1066 } |
| 1075 | 1067 |
| 1076 } // namespace blink | 1068 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1869063003:
Check all CSPs rather than exiting early if a resource is blocked (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master