Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(373)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2474903002: Part 3.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Comments Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
11 #include "core/frame/csp/SourceListDirective.h" 11 #include "core/frame/csp/SourceListDirective.h"
12 #include "platform/heap/Handle.h" 12 #include "platform/heap/Handle.h"
13 #include "platform/network/ContentSecurityPolicyParsers.h" 13 #include "platform/network/ContentSecurityPolicyParsers.h"
14 #include "platform/network/HTTPParsers.h" 14 #include "platform/network/HTTPParsers.h"
15 #include "platform/network/ResourceRequest.h" 15 #include "platform/network/ResourceRequest.h"
16 #include "platform/weborigin/KURL.h" 16 #include "platform/weborigin/KURL.h"
17 #include "wtf/Vector.h" 17 #include "wtf/Vector.h"
18 #include "wtf/text/AtomicString.h" 18 #include "wtf/text/AtomicString.h"
19 #include "wtf/text/WTFString.h" 19 #include "wtf/text/WTFString.h"
20 20
21 namespace blink { 21 namespace blink {
22 22
23 class ContentSecurityPolicy; 23 class ContentSecurityPolicy;
24 24
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector;
26
25 class CORE_EXPORT CSPDirectiveList 27 class CORE_EXPORT CSPDirectiveList
26 : public GarbageCollectedFinalized<CSPDirectiveList> { 28 : public GarbageCollectedFinalized<CSPDirectiveList> {
27 WTF_MAKE_NONCOPYABLE(CSPDirectiveList); 29 WTF_MAKE_NONCOPYABLE(CSPDirectiveList);
28 30
29 public: 31 public:
30 static CSPDirectiveList* create(ContentSecurityPolicy*, 32 static CSPDirectiveList* create(ContentSecurityPolicy*,
31 const UChar* begin, 33 const UChar* begin,
32 const UChar* end, 34 const UChar* end,
33 ContentSecurityPolicyHeaderType, 35 ContentSecurityPolicyHeaderType,
34 ContentSecurityPolicyHeaderSource); 36 ContentSecurityPolicyHeaderSource);
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
149 return m_frameAncestors.get() && !isReportOnly(); 151 return m_frameAncestors.get() && !isReportOnly();
150 } 152 }
151 153
152 // Used to copy plugin-types into a plugin document in a nested 154 // Used to copy plugin-types into a plugin document in a nested
153 // browsing context. 155 // browsing context.
154 bool hasPluginTypes() const { return !!m_pluginTypes; } 156 bool hasPluginTypes() const { return !!m_pluginTypes; }
155 const String& pluginTypesText() const; 157 const String& pluginTypesText() const;
156 158
157 bool shouldSendCSPHeader(Resource::Type) const; 159 bool shouldSendCSPHeader(Resource::Type) const;
158 160
161 // The algorithm is described here:
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
163 bool subsumes(CSPDirectiveListVector);
164
159 DECLARE_TRACE(); 165 DECLARE_TRACE();
160 166
161 private: 167 private:
162 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); 168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
163 169
164 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; 170 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 };
165 171
166 CSPDirectiveList(ContentSecurityPolicy*, 172 CSPDirectiveList(ContentSecurityPolicy*,
167 ContentSecurityPolicyHeaderType, 173 ContentSecurityPolicyHeaderType,
168 ContentSecurityPolicyHeaderSource); 174 ContentSecurityPolicyHeaderSource);
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
258 bool checkAncestorsAndReportViolation(SourceListDirective*, 264 bool checkAncestorsAndReportViolation(SourceListDirective*,
259 LocalFrame*, 265 LocalFrame*,
260 const KURL&) const; 266 const KURL&) const;
261 bool checkRequestWithoutIntegrityAndReportViolation( 267 bool checkRequestWithoutIntegrityAndReportViolation(
262 WebURLRequest::RequestContext, 268 WebURLRequest::RequestContext,
263 const KURL&, 269 const KURL&,
264 ResourceRequest::RedirectStatus) const; 270 ResourceRequest::RedirectStatus) const;
265 271
266 bool denyIfEnforcingPolicy() const { return isReportOnly(); } 272 bool denyIfEnforcingPolicy() const { return isReportOnly(); }
267 273
274 static SourceListDirectiveVector getSourceList(
275 const char* name,
276 CSPDirectiveListVector policies);
277
268 Member<ContentSecurityPolicy> m_policy; 278 Member<ContentSecurityPolicy> m_policy;
269 279
270 String m_header; 280 String m_header;
271 ContentSecurityPolicyHeaderType m_headerType; 281 ContentSecurityPolicyHeaderType m_headerType;
272 ContentSecurityPolicyHeaderSource m_headerSource; 282 ContentSecurityPolicyHeaderSource m_headerSource;
273 283
274 bool m_hasSandboxPolicy; 284 bool m_hasSandboxPolicy;
275 285
276 bool m_strictMixedContentCheckingEnforced; 286 bool m_strictMixedContentCheckingEnforced;
277 287
(...skipping 20 matching lines...) Expand all
298 uint8_t m_requireSRIFor; 308 uint8_t m_requireSRIFor;
299 309
300 Vector<String> m_reportEndpoints; 310 Vector<String> m_reportEndpoints;
301 311
302 String m_evalDisabledErrorMessage; 312 String m_evalDisabledErrorMessage;
303 }; 313 };
304 314
305 } // namespace blink 315 } // namespace blink
306 316
307 #endif 317 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698