OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SourceListDirective_h | 5 #ifndef SourceListDirective_h |
6 #define SourceListDirective_h | 6 #define SourceListDirective_h |
7 | 7 |
| 8 #include "core/CoreExport.h" |
8 #include "core/frame/csp/CSPDirective.h" | 9 #include "core/frame/csp/CSPDirective.h" |
9 #include "core/frame/csp/CSPSourceList.h" | 10 #include "core/frame/csp/CSPSource.h" |
| 11 #include "platform/Crypto.h" |
10 #include "platform/network/ContentSecurityPolicyParsers.h" | 12 #include "platform/network/ContentSecurityPolicyParsers.h" |
11 #include "platform/network/ResourceRequest.h" | 13 #include "platform/network/ResourceRequest.h" |
12 #include "wtf/HashSet.h" | 14 #include "wtf/HashSet.h" |
13 #include "wtf/text/WTFString.h" | 15 #include "wtf/text/WTFString.h" |
14 | 16 |
15 namespace blink { | 17 namespace blink { |
16 | 18 |
17 class ContentSecurityPolicy; | 19 class ContentSecurityPolicy; |
18 class KURL; | 20 class KURL; |
19 | 21 |
20 class SourceListDirective final : public CSPDirective { | 22 class CORE_EXPORT SourceListDirective final : public CSPDirective { |
21 WTF_MAKE_NONCOPYABLE(SourceListDirective); | 23 WTF_MAKE_NONCOPYABLE(SourceListDirective); |
22 | 24 |
23 public: | 25 public: |
24 SourceListDirective(const String& name, | 26 SourceListDirective(const String& name, |
25 const String& value, | 27 const String& value, |
26 ContentSecurityPolicy*); | 28 ContentSecurityPolicy*); |
27 DECLARE_TRACE(); | 29 DECLARE_TRACE(); |
28 | 30 |
29 bool allows(const KURL&, ResourceRequest::RedirectStatus) const; | 31 void parse(const UChar* begin, const UChar* end); |
| 32 |
| 33 bool matches(const KURL&, |
| 34 ResourceRequest::RedirectStatus = |
| 35 ResourceRequest::RedirectStatus::NoRedirect) const; |
| 36 |
| 37 bool allows(const KURL&, |
| 38 ResourceRequest::RedirectStatus = |
| 39 ResourceRequest::RedirectStatus::NoRedirect) const; |
30 bool allowInline() const; | 40 bool allowInline() const; |
31 bool allowEval() const; | 41 bool allowEval() const; |
32 bool allowDynamic() const; | 42 bool allowDynamic() const; |
33 bool allowNonce(const String& nonce) const; | 43 bool allowNonce(const String& nonce) const; |
34 bool allowHash(const CSPHashValue&) const; | 44 bool allowHash(const CSPHashValue&) const; |
35 bool allowHashedAttributes() const; | 45 bool allowHashedAttributes() const; |
36 bool isHashOrNoncePresent() const; | 46 bool isHashOrNoncePresent() const; |
37 uint8_t hashAlgorithmsUsed() const; | 47 uint8_t hashAlgorithmsUsed() const; |
38 | 48 |
39 private: | 49 private: |
40 CSPSourceList m_sourceList; | 50 bool parseSource(const UChar* begin, |
| 51 const UChar* end, |
| 52 String& scheme, |
| 53 String& host, |
| 54 int& port, |
| 55 String& path, |
| 56 CSPSource::WildcardDisposition&, |
| 57 CSPSource::WildcardDisposition&); |
| 58 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); |
| 59 bool parseHost(const UChar* begin, |
| 60 const UChar* end, |
| 61 String& host, |
| 62 CSPSource::WildcardDisposition&); |
| 63 bool parsePort(const UChar* begin, |
| 64 const UChar* end, |
| 65 int& port, |
| 66 CSPSource::WildcardDisposition&); |
| 67 bool parsePath(const UChar* begin, const UChar* end, String& path); |
| 68 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); |
| 69 bool parseHash(const UChar* begin, |
| 70 const UChar* end, |
| 71 DigestValue& hash, |
| 72 ContentSecurityPolicyHashAlgorithm&); |
| 73 |
| 74 void addSourceSelf(); |
| 75 void addSourceStar(); |
| 76 void addSourceUnsafeInline(); |
| 77 void addSourceUnsafeEval(); |
| 78 void addSourceStrictDynamic(); |
| 79 void addSourceUnsafeHashedAttributes(); |
| 80 void addSourceNonce(const String& nonce); |
| 81 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, |
| 82 const DigestValue& hash); |
| 83 |
| 84 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; |
| 85 |
| 86 Member<ContentSecurityPolicy> m_policy; |
| 87 HeapVector<Member<CSPSource>> m_list; |
| 88 String m_directiveName; |
| 89 bool m_allowSelf; |
| 90 bool m_allowStar; |
| 91 bool m_allowInline; |
| 92 bool m_allowEval; |
| 93 bool m_allowDynamic; |
| 94 bool m_allowHashedAttributes; |
| 95 HashSet<String> m_nonces; |
| 96 HashSet<CSPHashValue> m_hashes; |
| 97 uint8_t m_hashAlgorithmsUsed; |
41 }; | 98 }; |
42 | 99 |
43 } // namespace blink | 100 } // namespace blink |
44 | 101 |
45 #endif | 102 #endif |
OLD | NEW |