OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSourceList.h" | 5 #include "core/frame/csp/CSPSourceList.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/ParsingUtilities.h" | 9 #include "platform/ParsingUtilities.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 21 matching lines...) Expand all Loading... |
32 } | 32 } |
33 | 33 |
34 CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct
iveName) | 34 CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct
iveName) |
35 : m_policy(policy) | 35 : m_policy(policy) |
36 , m_directiveName(directiveName) | 36 , m_directiveName(directiveName) |
37 , m_allowSelf(false) | 37 , m_allowSelf(false) |
38 , m_allowStar(false) | 38 , m_allowStar(false) |
39 , m_allowInline(false) | 39 , m_allowInline(false) |
40 , m_allowEval(false) | 40 , m_allowEval(false) |
41 , m_allowDynamic(false) | 41 , m_allowDynamic(false) |
| 42 , m_allowHashedAttributes(false) |
42 , m_hashAlgorithmsUsed(0) | 43 , m_hashAlgorithmsUsed(0) |
43 { | 44 { |
44 } | 45 } |
45 | 46 |
46 bool CSPSourceList::matches(const KURL& url, ContentSecurityPolicy::RedirectStat
us redirectStatus) const | 47 bool CSPSourceList::matches(const KURL& url, ContentSecurityPolicy::RedirectStat
us redirectStatus) const |
47 { | 48 { |
48 // The CSP spec specifically states that data:, blob:, and filesystem URLs | 49 // The CSP spec specifically states that data:, blob:, and filesystem URLs |
49 // should not be captured by a '*" source | 50 // should not be captured by a '*" source |
50 // (http://www.w3.org/TR/CSP2/#source-list-guid-matching). Thus, in the | 51 // (http://www.w3.org/TR/CSP2/#source-list-guid-matching). Thus, in the |
51 // case of a full wildcard, data:, blob:, and filesystem: URLs are | 52 // case of a full wildcard, data:, blob:, and filesystem: URLs are |
(...skipping 30 matching lines...) Expand all Loading... |
82 bool CSPSourceList::allowNonce(const String& nonce) const | 83 bool CSPSourceList::allowNonce(const String& nonce) const |
83 { | 84 { |
84 return !nonce.isNull() && m_nonces.contains(nonce); | 85 return !nonce.isNull() && m_nonces.contains(nonce); |
85 } | 86 } |
86 | 87 |
87 bool CSPSourceList::allowHash(const CSPHashValue& hashValue) const | 88 bool CSPSourceList::allowHash(const CSPHashValue& hashValue) const |
88 { | 89 { |
89 return m_hashes.contains(hashValue); | 90 return m_hashes.contains(hashValue); |
90 } | 91 } |
91 | 92 |
| 93 bool CSPSourceList::allowHashedAttributes() const |
| 94 { |
| 95 return m_allowHashedAttributes; |
| 96 } |
| 97 |
92 uint8_t CSPSourceList::hashAlgorithmsUsed() const | 98 uint8_t CSPSourceList::hashAlgorithmsUsed() const |
93 { | 99 { |
94 return m_hashAlgorithmsUsed; | 100 return m_hashAlgorithmsUsed; |
95 } | 101 } |
96 | 102 |
97 bool CSPSourceList::isHashOrNoncePresent() const | 103 bool CSPSourceList::isHashOrNoncePresent() const |
98 { | 104 { |
99 return !m_nonces.isEmpty() || m_hashAlgorithmsUsed != ContentSecurityPolicyH
ashAlgorithmNone; | 105 return !m_nonces.isEmpty() || m_hashAlgorithmsUsed != ContentSecurityPolicyH
ashAlgorithmNone; |
100 } | 106 } |
101 | 107 |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 if (equalIgnoringCase("'unsafe-eval'", begin, end - begin)) { | 174 if (equalIgnoringCase("'unsafe-eval'", begin, end - begin)) { |
169 addSourceUnsafeEval(); | 175 addSourceUnsafeEval(); |
170 return true; | 176 return true; |
171 } | 177 } |
172 | 178 |
173 if (equalIgnoringCase("'unsafe-dynamic'", begin, end - begin)) { | 179 if (equalIgnoringCase("'unsafe-dynamic'", begin, end - begin)) { |
174 addSourceUnsafeDynamic(); | 180 addSourceUnsafeDynamic(); |
175 return true; | 181 return true; |
176 } | 182 } |
177 | 183 |
| 184 if (equalIgnoringCase("'unsafe-hashed-attributes'", begin, end - begin)) { |
| 185 addSourceUnsafeHashedAttributes(); |
| 186 return true; |
| 187 } |
| 188 |
178 String nonce; | 189 String nonce; |
179 if (!parseNonce(begin, end, nonce)) | 190 if (!parseNonce(begin, end, nonce)) |
180 return false; | 191 return false; |
181 | 192 |
182 if (!nonce.isNull()) { | 193 if (!nonce.isNull()) { |
183 addSourceNonce(nonce); | 194 addSourceNonce(nonce); |
184 return true; | 195 return true; |
185 } | 196 } |
186 | 197 |
187 DigestValue hash; | 198 DigestValue hash; |
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
490 void CSPSourceList::addSourceUnsafeEval() | 501 void CSPSourceList::addSourceUnsafeEval() |
491 { | 502 { |
492 m_allowEval = true; | 503 m_allowEval = true; |
493 } | 504 } |
494 | 505 |
495 void CSPSourceList::addSourceUnsafeDynamic() | 506 void CSPSourceList::addSourceUnsafeDynamic() |
496 { | 507 { |
497 m_allowDynamic = true; | 508 m_allowDynamic = true; |
498 } | 509 } |
499 | 510 |
| 511 void CSPSourceList::addSourceUnsafeHashedAttributes() |
| 512 { |
| 513 m_allowHashedAttributes = true; |
| 514 } |
| 515 |
500 void CSPSourceList::addSourceNonce(const String& nonce) | 516 void CSPSourceList::addSourceNonce(const String& nonce) |
501 { | 517 { |
502 m_nonces.add(nonce); | 518 m_nonces.add(nonce); |
503 } | 519 } |
504 | 520 |
505 void CSPSourceList::addSourceHash(const ContentSecurityPolicyHashAlgorithm& algo
rithm, const DigestValue& hash) | 521 void CSPSourceList::addSourceHash(const ContentSecurityPolicyHashAlgorithm& algo
rithm, const DigestValue& hash) |
506 { | 522 { |
507 m_hashes.add(CSPHashValue(algorithm, hash)); | 523 m_hashes.add(CSPHashValue(algorithm, hash)); |
508 m_hashAlgorithmsUsed |= algorithm; | 524 m_hashAlgorithmsUsed |= algorithm; |
509 } | 525 } |
510 | 526 |
511 bool CSPSourceList::hasSourceMatchInList(const KURL& url, ContentSecurityPolicy:
:RedirectStatus redirectStatus) const | 527 bool CSPSourceList::hasSourceMatchInList(const KURL& url, ContentSecurityPolicy:
:RedirectStatus redirectStatus) const |
512 { | 528 { |
513 for (size_t i = 0; i < m_list.size(); ++i) { | 529 for (size_t i = 0; i < m_list.size(); ++i) { |
514 if (m_list[i]->matches(url, redirectStatus)) | 530 if (m_list[i]->matches(url, redirectStatus)) |
515 return true; | 531 return true; |
516 } | 532 } |
517 | 533 |
518 return false; | 534 return false; |
519 } | 535 } |
520 | 536 |
521 DEFINE_TRACE(CSPSourceList) | 537 DEFINE_TRACE(CSPSourceList) |
522 { | 538 { |
523 visitor->trace(m_policy); | 539 visitor->trace(m_policy); |
524 visitor->trace(m_list); | 540 visitor->trace(m_list); |
525 } | 541 } |
526 | 542 |
527 } // namespace blink | 543 } // namespace blink |
OLD | NEW |