OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/frame/UseCounter.h" | 7 #include "core/frame/UseCounter.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
10 #include "platform/weborigin/KnownPorts.h" | 10 #include "platform/weborigin/KnownPorts.h" |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
98 | 98 |
99 if (!port) | 99 if (!port) |
100 return isDefaultPortForProtocol(m_port, protocol); | 100 return isDefaultPortForProtocol(m_port, protocol); |
101 | 101 |
102 if (!m_port) | 102 if (!m_port) |
103 return isDefaultPortForProtocol(port, protocol); | 103 return isDefaultPortForProtocol(port, protocol); |
104 | 104 |
105 return false; | 105 return false; |
106 } | 106 } |
107 | 107 |
108 bool CSPSource::isSimilar(CSPSource* other) { | |
109 bool schemesMatch = | |
110 schemeMatches(other->m_scheme) || other->schemeMatches(m_scheme); | |
111 if (!schemesMatch || isSchemeOnly() || other->isSchemeOnly()) | |
112 return schemesMatch; | |
113 bool hostsMatch = (m_host == other->m_host) || hostMatches(other->m_host) || | |
114 other->hostMatches(m_host); | |
115 bool portsMatch = (other->m_portWildcard == HasWildcard) || | |
116 portMatches(other->m_port, other->m_scheme); | |
jochen (gone - plz use gerrit)
2016/11/02 11:11:32
why not also other->portMatches(m_port, m_scheme)?
amalika
2016/11/02 12:31:41
Two parts A and B match if either:
1. one or both
| |
117 bool pathsMatch = pathMatches(other->m_path) || other->pathMatches(m_path); | |
118 if (hostsMatch && portsMatch && pathsMatch) | |
119 return true; | |
120 | |
121 return false; | |
122 } | |
123 | |
124 bool CSPSource::isSubsumedBy(CSPSource* other) { | |
125 if (!isSimilar(other) || !isSchemeSubsumedBy(other) || | |
126 !isWildcardsSubsumedBy(other) || !isPortSubsumedBy(other) || | |
127 !isPathSubsumedBy(other)) | |
jochen (gone - plz use gerrit)
2016/11/02 11:11:33
add { } around if body
| |
128 return false; | |
129 | |
130 return true; | |
131 } | |
132 | |
133 bool CSPSource::isWildcardsSubsumedBy(CSPSource* other) { | |
134 if ((m_hostWildcard == HasWildcard && other->m_hostWildcard == NoWildcard) || | |
135 (m_portWildcard == HasWildcard && other->m_portWildcard == NoWildcard)) { | |
136 return false; | |
137 } | |
138 return true; | |
jochen (gone - plz use gerrit)
2016/11/02 11:11:33
isn't that the same as
return m_hostWildcard == o
amalika
2016/11/02 12:31:41
It would not hold for example, when m_hostWildcard
| |
139 } | |
140 | |
141 bool CSPSource::isSchemeSubsumedBy(CSPSource* other) { | |
142 if (other->isSchemeOnly()) { | |
143 if (other->m_scheme.length() == m_scheme.length()) | |
144 return true; | |
145 return m_scheme.length() == 3 || m_scheme.length() == 5 ? true : false; | |
jochen (gone - plz use gerrit)
2016/11/02 11:11:32
you really want something like isSchemeSecure(m_sc
amalika
2016/11/02 12:31:41
Yes!
But I could not find it in the codebase or d
| |
146 } | |
147 if (isSchemeOnly()) | |
148 return false; | |
149 | |
150 if (m_scheme.length() == other->m_scheme.length()) | |
151 return true; | |
152 | |
153 // If the schemes match but their lengths are not equal, that means one of the | |
154 // schemes is 'https' or 'wss' and the other one is 'http' or 'ws'. | |
155 return m_scheme.length() > 3 ? (m_scheme == "https") : (m_scheme == "wss"); | |
156 } | |
157 | |
158 bool CSPSource::isPortSubsumedBy(CSPSource* other) { | |
159 bool otherIsMoreRestrictive = | |
160 (other->m_portWildcard == NoWildcard) && (!m_port && other->m_port); | |
161 return !otherIsMoreRestrictive; | |
162 } | |
163 | |
164 bool CSPSource::isPathSubsumedBy(CSPSource* other) { | |
165 bool otherIsMoreRestrictive = | |
166 (isPathEmptyOrSlashOnly() && !other->isPathEmptyOrSlashOnly()) || | |
167 (!isPathEmptyOrSlashOnly() && m_path.endsWith("/") && | |
168 !other->m_path.endsWith("/")); | |
169 return !otherIsMoreRestrictive; | |
170 } | |
171 | |
108 bool CSPSource::isSchemeOnly() const { | 172 bool CSPSource::isSchemeOnly() const { |
109 return m_host.isEmpty(); | 173 return m_host.isEmpty(); |
110 } | 174 } |
111 | 175 |
176 bool CSPSource::isPathEmptyOrSlashOnly() const { | |
177 return m_path.isEmpty() || m_path == "/"; | |
178 } | |
179 | |
112 DEFINE_TRACE(CSPSource) { | 180 DEFINE_TRACE(CSPSource) { |
113 visitor->trace(m_policy); | 181 visitor->trace(m_policy); |
114 } | 182 } |
115 | 183 |
116 } // namespace blink | 184 } // namespace blink |
OLD | NEW |