OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CSPSourceList_h | |
6 #define CSPSourceList_h | |
7 | |
8 #include "core/CoreExport.h" | |
9 #include "core/frame/csp/CSPSource.h" | |
10 #include "platform/Crypto.h" | |
11 #include "platform/heap/Handle.h" | |
12 #include "platform/network/ContentSecurityPolicyParsers.h" | |
13 #include "platform/network/ResourceRequest.h" | |
14 #include "wtf/HashSet.h" | |
15 #include "wtf/text/WTFString.h" | |
16 | |
17 namespace blink { | |
18 | |
19 class ContentSecurityPolicy; | |
20 class KURL; | |
21 | |
22 class CORE_EXPORT CSPSourceList { | |
23 DISALLOW_NEW(); | |
24 WTF_MAKE_NONCOPYABLE(CSPSourceList); | |
25 | |
26 public: | |
27 CSPSourceList(ContentSecurityPolicy*, const String& directiveName); | |
28 DECLARE_TRACE(); | |
29 | |
30 void parse(const UChar* begin, const UChar* end); | |
31 | |
32 bool matches(const KURL&, | |
33 ResourceRequest::RedirectStatus = | |
34 ResourceRequest::RedirectStatus::NoRedirect) const; | |
35 bool allowInline() const; | |
36 bool allowEval() const; | |
37 bool allowDynamic() const; | |
38 bool allowNonce(const String&) const; | |
39 bool allowHash(const CSPHashValue&) const; | |
40 bool allowHashedAttributes() const; | |
41 uint8_t hashAlgorithmsUsed() const; | |
42 | |
43 bool isHashOrNoncePresent() const; | |
44 | |
45 private: | |
46 bool parseSource(const UChar* begin, | |
47 const UChar* end, | |
48 String& scheme, | |
49 String& host, | |
50 int& port, | |
51 String& path, | |
52 CSPSource::WildcardDisposition&, | |
53 CSPSource::WildcardDisposition&); | |
54 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); | |
55 bool parseHost(const UChar* begin, | |
56 const UChar* end, | |
57 String& host, | |
58 CSPSource::WildcardDisposition&); | |
59 bool parsePort(const UChar* begin, | |
60 const UChar* end, | |
61 int& port, | |
62 CSPSource::WildcardDisposition&); | |
63 bool parsePath(const UChar* begin, const UChar* end, String& path); | |
64 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); | |
65 bool parseHash(const UChar* begin, | |
66 const UChar* end, | |
67 DigestValue& hash, | |
68 ContentSecurityPolicyHashAlgorithm&); | |
69 | |
70 void addSourceSelf(); | |
71 void addSourceStar(); | |
72 void addSourceUnsafeInline(); | |
73 void addSourceUnsafeEval(); | |
74 void addSourceStrictDynamic(); | |
75 void addSourceUnsafeHashedAttributes(); | |
76 void addSourceNonce(const String& nonce); | |
77 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, | |
78 const DigestValue& hash); | |
79 | |
80 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; | |
81 | |
82 Member<ContentSecurityPolicy> m_policy; | |
83 HeapVector<Member<CSPSource>> m_list; | |
84 String m_directiveName; | |
85 bool m_allowSelf; | |
86 bool m_allowStar; | |
87 bool m_allowInline; | |
88 bool m_allowEval; | |
89 bool m_allowDynamic; | |
90 bool m_allowHashedAttributes; | |
91 HashSet<String> m_nonces; | |
92 HashSet<CSPHashValue> m_hashes; | |
93 uint8_t m_hashAlgorithmsUsed; | |
94 }; | |
95 | |
96 } // namespace blink | |
97 | |
98 #endif | |
OLD | NEW |