Chromium Code Reviews Chromium Code Reviews
Issue 2254533002:
[FeaturePolicy] Initial implementation of Feature Policy (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@fp-flag| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "platform/feature_policy/FeaturePolicy.h" | |
| 6 | |
| 7 #include "platform/json/JSONValues.h" | |
| 8 #include "platform/network/HTTPParsers.h" | |
| 9 #include "platform/weborigin/KURL.h" | |
| 10 #include "platform/weborigin/SecurityOrigin.h" | |
| 11 #include "wtf/PtrUtil.h" | |
| 12 #include "wtf/text/StringBuilder.h" | |
| 13 | |
| 14 namespace blink { | |
| 15 | |
| 16 namespace { | |
| 17 | |
| 18 // Given a string name, return the matching feature struct, or nullptr if it is | |
| 19 // not the name of a policy-controlled feature. | |
| 20 const FeaturePolicy::Feature* featureForName( | |
| 21 const String& featureName, | |
| 22 FeaturePolicy::FeatureList& features) { | |
| 23 for (const FeaturePolicy::Feature* feature : features) { | |
| 24 if (featureName == feature->featureName) | |
| 25 return feature; | |
| 26 } | |
| 27 return nullptr; | |
| 28 } | |
| 29 | |
| 30 // Converts a list of JSON feature policy items into a mapping of features to | |
| 31 // whitelists. For future compatibility, unrecognized features are simply | |
| 32 // ignored, as are unparseable origins. Any errors in the input will cause an | |
| 33 // error message appended to |messages|. | |
| 34 HashMap<const FeaturePolicy::Feature*, | |
| 35 std::unique_ptr<FeaturePolicy::Whitelist>> | |
| 36 parseFeaturePolicyString(std::unique_ptr<JSONArray> policyItems, | |
|
dcheng
2016/10/24 19:16:45
parseFeaturePolicyFromJson?
(Also, I wonder if we
iclelland
2016/10/25 18:34:33
Changed.
| |
| 37 RefPtr<SecurityOrigin> origin, | |
| 38 FeaturePolicy::FeatureList& features, | |
| 39 Vector<String>& messages) { | |
| 40 HashMap<const FeaturePolicy::Feature*, | |
| 41 std::unique_ptr<FeaturePolicy::Whitelist>> | |
| 42 whitelists; | |
| 43 | |
| 44 for (size_t i = 0; i < policyItems->size(); ++i) { | |
| 45 JSONObject* item = JSONObject::cast(policyItems->at(i)); | |
| 46 if (!item) { | |
| 47 messages.append("Policy is not an object"); | |
| 48 continue; // Array element is not an object; skip | |
| 49 } | |
| 50 | |
| 51 for (size_t j = 0; j < item->size(); ++j) { | |
| 52 JSONObject::Entry entry = item->at(j); | |
| 53 String featureName = entry.first; | |
| 54 JSONArray* targets = JSONArray::cast(entry.second); | |
| 55 if (!targets) { | |
| 56 messages.append("Whitelist is not an array of strings."); | |
| 57 continue; | |
| 58 } | |
| 59 | |
| 60 const FeaturePolicy::Feature* feature = | |
| 61 featureForName(featureName, features); | |
| 62 if (!feature) | |
| 63 continue; // Feature is not recognized; skip | |
| 64 | |
| 65 std::unique_ptr<FeaturePolicy::Whitelist> whitelist( | |
| 66 new FeaturePolicy::Whitelist); | |
| 67 String targetString; | |
| 68 for (size_t j = 0; j < targets->size(); ++j) { | |
| 69 if (targets->at(j)->asString(&targetString)) { | |
| 70 if (equalIgnoringCase(targetString, "self")) { | |
| 71 whitelist->add(origin); | |
| 72 } else if (targetString == "*") { | |
| 73 whitelist->addAll(); | |
| 74 } else { | |
| 75 KURL originUrl = KURL(KURL(), targetString); | |
| 76 if (originUrl.isValid()) { | |
| 77 whitelist->add(SecurityOrigin::create(originUrl)); | |
| 78 } | |
| 79 } | |
| 80 } else { | |
| 81 messages.append("Whitelist is not an array of strings."); | |
| 82 } | |
| 83 } | |
| 84 whitelists.set(feature, std::move(whitelist)); | |
| 85 } | |
| 86 } | |
| 87 return whitelists; | |
| 88 } | |
| 89 | |
| 90 } // namespace | |
| 91 | |
| 92 // Definitions of all features controlled by Feature Policy should appear here. | |
| 93 const FeaturePolicy::Feature kDocumentCookie{ | |
| 94 "cookie", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 95 const FeaturePolicy::Feature kDocumentDomain{ | |
| 96 "domain", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 97 const FeaturePolicy::Feature kDocumentWrite{ | |
| 98 "docwrite", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 99 const FeaturePolicy::Feature kGeolocationFeature{ | |
| 100 "geolocation", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 101 const FeaturePolicy::Feature kMidiFeature{ | |
| 102 "midi", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 103 const FeaturePolicy::Feature kNotificationsFeature{ | |
| 104 "notifications", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 105 const FeaturePolicy::Feature kPaymentFeature{ | |
| 106 "payment", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 107 const FeaturePolicy::Feature kPushFeature{ | |
| 108 "push", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 109 const FeaturePolicy::Feature kSyncScript{ | |
| 110 "sync-script", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 111 const FeaturePolicy::Feature kSyncXHR{ | |
| 112 "sync-xhr", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 113 const FeaturePolicy::Feature kUsermedia{ | |
| 114 "usermedia", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 115 const FeaturePolicy::Feature kVibrateFeature{ | |
| 116 "vibrate", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 117 const FeaturePolicy::Feature kWebRTC{ | |
| 118 "webrtc", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 119 | |
| 120 FeaturePolicy::Whitelist::Whitelist() : m_matchesAllOrigins(false) {} | |
| 121 | |
| 122 void FeaturePolicy::Whitelist::addAll() { | |
| 123 m_matchesAllOrigins = true; | |
| 124 } | |
| 125 | |
| 126 void FeaturePolicy::Whitelist::add(RefPtr<SecurityOrigin> origin) { | |
| 127 m_origins.append(std::move(origin)); | |
| 128 } | |
| 129 | |
| 130 bool FeaturePolicy::Whitelist::contains(const SecurityOrigin& origin) const { | |
| 131 if (m_matchesAllOrigins) | |
| 132 return true; | |
| 133 for (const auto& targetOrigin : m_origins) { | |
| 134 if (targetOrigin->isSameSchemeHostPortAndSuborigin(&origin)) | |
| 135 return true; | |
| 136 } | |
| 137 return false; | |
| 138 } | |
| 139 | |
| 140 String FeaturePolicy::Whitelist::toString() { | |
| 141 StringBuilder sb; | |
| 142 sb.append("["); | |
| 143 if (m_matchesAllOrigins) { | |
| 144 sb.append("*"); | |
| 145 } else { | |
| 146 for (size_t i = 0; i < m_origins.size(); ++i) { | |
| 147 if (i > 0) { | |
| 148 sb.append(", "); | |
| 149 } | |
| 150 sb.append(m_origins[i]->toString()); | |
| 151 } | |
| 152 } | |
| 153 sb.append("]"); | |
| 154 return sb.toString(); | |
| 155 } | |
| 156 | |
| 157 // static | |
| 158 const FeaturePolicy::FeatureList& FeaturePolicy::getDefaultFeatureList() { | |
| 159 DEFINE_STATIC_LOCAL( | |
| 160 Vector<const FeaturePolicy::Feature*>, defaultFeatureList, | |
| 161 ({&kDocumentCookie, &kDocumentDomain, &kDocumentWrite, | |
| 162 &kGeolocationFeature, &kMidiFeature, &kNotificationsFeature, | |
| 163 &kPaymentFeature, &kPushFeature, &kSyncScript, &kSyncXHR, &kUsermedia, | |
| 164 &kVibrateFeature, &kWebRTC})); | |
| 165 return defaultFeatureList; | |
| 166 } | |
| 167 | |
| 168 // static | |
| 169 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( | |
| 170 const FeaturePolicy* parent, | |
| 171 RefPtr<SecurityOrigin> currentOrigin, | |
| 172 FeaturePolicy::FeatureList& features) { | |
| 173 DCHECK(currentOrigin); | |
| 174 std::unique_ptr<FeaturePolicy> newPolicy = | |
| 175 wrapUnique(new FeaturePolicy(currentOrigin, features)); | |
| 176 for (const FeaturePolicy::Feature* feature : features) { | |
| 177 if (!parent || parent->isFeatureEnabledForOrigin(feature, *currentOrigin)) { | |
| 178 newPolicy->m_inheritedFeatures.set(feature, true); | |
| 179 } else { | |
| 180 newPolicy->m_inheritedFeatures.set(feature, false); | |
| 181 } | |
| 182 } | |
| 183 return newPolicy; | |
| 184 } | |
| 185 | |
| 186 // static | |
| 187 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( | |
| 188 const FeaturePolicy* parent, | |
| 189 RefPtr<SecurityOrigin> currentOrigin) { | |
| 190 return createFromParentPolicy(parent, currentOrigin, getDefaultFeatureList()); | |
|
dcheng
2016/10/24 19:16:45
Nit: std::move(currentOrigin)
iclelland
2016/10/25 18:34:33
Done.
| |
| 191 } | |
| 192 | |
| 193 void FeaturePolicy::setHeaderPolicy(const String& policy, | |
| 194 Vector<String>& messages) { | |
| 195 DCHECK(m_headerWhitelists.isEmpty()); | |
| 196 std::unique_ptr<JSONArray> policyJSON = parseJSONHeader(policy); | |
| 197 if (!policyJSON) { | |
| 198 messages.append("Unable to parse header"); | |
| 199 return; | |
| 200 } | |
| 201 m_headerWhitelists = parseFeaturePolicyString(std::move(policyJSON), m_origin, | |
| 202 m_features, messages); | |
| 203 } | |
| 204 | |
| 205 bool FeaturePolicy::isFeatureEnabledForOrigin( | |
| 206 const FeaturePolicy::Feature* feature, | |
|
dcheng
2016/10/24 19:16:45
Nit: I'd suggest passing this by ref, since it's n
iclelland
2016/10/25 18:34:33
Done.
| |
| 207 const SecurityOrigin& origin) const { | |
| 208 DCHECK(m_inheritedFeatures.contains(feature)); | |
| 209 if (!m_inheritedFeatures.get(feature)) { | |
| 210 return false; | |
| 211 } | |
| 212 if (m_headerWhitelists.contains(feature)) { | |
| 213 return m_headerWhitelists.get(feature)->contains(origin); | |
| 214 } | |
| 215 if (feature->defaultPolicy == FeaturePolicy::FeatureDefault::EnableForAll) { | |
| 216 return true; | |
| 217 } | |
| 218 if (feature->defaultPolicy == FeaturePolicy::FeatureDefault::EnableForSelf) { | |
| 219 return m_origin->isSameSchemeHostPortAndSuborigin(&origin); | |
| 220 } | |
| 221 return false; | |
| 222 } | |
| 223 | |
| 224 bool FeaturePolicy::isFeatureEnabled( | |
| 225 const FeaturePolicy::Feature* feature) const { | |
| 226 DCHECK(m_origin); | |
| 227 return isFeatureEnabledForOrigin(feature, *m_origin); | |
| 228 } | |
| 229 | |
| 230 FeaturePolicy::FeaturePolicy(RefPtr<SecurityOrigin> currentOrigin, | |
| 231 FeaturePolicy::FeatureList& features) | |
| 232 : m_origin(std::move(currentOrigin)), m_features(features) {} | |
| 233 | |
| 234 String FeaturePolicy::toString() { | |
| 235 StringBuilder sb; | |
| 236 sb.append("Feature Policy for frame in origin: "); | |
| 237 sb.append(m_origin->toString()); | |
| 238 sb.append("\n"); | |
| 239 sb.append("Inherited features:\n"); | |
| 240 for (const auto& inheritedFeature : m_inheritedFeatures) { | |
| 241 sb.append(" "); | |
| 242 sb.append(inheritedFeature.key->featureName); | |
| 243 sb.append(": "); | |
| 244 sb.append(inheritedFeature.value ? "true" : "false"); | |
| 245 sb.append("\n"); | |
| 246 } | |
| 247 sb.append("Header whitelists:\n"); | |
| 248 for (const auto& whitelist : m_headerWhitelists) { | |
| 249 sb.append(" "); | |
| 250 sb.append(whitelist.key->featureName); | |
| 251 sb.append(": "); | |
| 252 sb.append(whitelist.value->toString()); | |
| 253 sb.append("\n"); | |
| 254 } | |
| 255 return sb.toString(); | |
| 256 } | |
| 257 | |
| 258 } // namespace blink | |
| OLD | NEW |
