Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(812)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2474903002: Part 3.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Rebasing on enums changes Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
11 #include "core/frame/csp/SourceListDirective.h" 11 #include "core/frame/csp/SourceListDirective.h"
12 #include "platform/heap/Handle.h" 12 #include "platform/heap/Handle.h"
13 #include "platform/network/ContentSecurityPolicyParsers.h" 13 #include "platform/network/ContentSecurityPolicyParsers.h"
14 #include "platform/network/HTTPParsers.h" 14 #include "platform/network/HTTPParsers.h"
15 #include "platform/network/ResourceRequest.h" 15 #include "platform/network/ResourceRequest.h"
16 #include "platform/weborigin/KURL.h" 16 #include "platform/weborigin/KURL.h"
17 #include "wtf/Vector.h" 17 #include "wtf/Vector.h"
18 #include "wtf/text/AtomicString.h" 18 #include "wtf/text/AtomicString.h"
19 #include "wtf/text/WTFString.h" 19 #include "wtf/text/WTFString.h"
20 20
21 namespace blink { 21 namespace blink {
22 22
23 class ContentSecurityPolicy; 23 class ContentSecurityPolicy;
24 24
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector;
26
25 class CORE_EXPORT CSPDirectiveList 27 class CORE_EXPORT CSPDirectiveList
26 : public GarbageCollectedFinalized<CSPDirectiveList> { 28 : public GarbageCollectedFinalized<CSPDirectiveList> {
27 WTF_MAKE_NONCOPYABLE(CSPDirectiveList); 29 WTF_MAKE_NONCOPYABLE(CSPDirectiveList);
28 30
29 public: 31 public:
30 static CSPDirectiveList* create(ContentSecurityPolicy*, 32 static CSPDirectiveList* create(ContentSecurityPolicy*,
31 const UChar* begin, 33 const UChar* begin,
32 const UChar* end, 34 const UChar* end,
33 ContentSecurityPolicyHeaderType, 35 ContentSecurityPolicyHeaderType,
34 ContentSecurityPolicyHeaderSource); 36 ContentSecurityPolicyHeaderSource);
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
149 return m_frameAncestors.get() && !isReportOnly(); 151 return m_frameAncestors.get() && !isReportOnly();
150 } 152 }
151 153
152 // Used to copy plugin-types into a plugin document in a nested 154 // Used to copy plugin-types into a plugin document in a nested
153 // browsing context. 155 // browsing context.
154 bool hasPluginTypes() const { return !!m_pluginTypes; } 156 bool hasPluginTypes() const { return !!m_pluginTypes; }
155 const String& pluginTypesText() const; 157 const String& pluginTypesText() const;
156 158
157 bool shouldSendCSPHeader(Resource::Type) const; 159 bool shouldSendCSPHeader(Resource::Type) const;
158 160
161 // The algorithm is described here:
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
163 bool subsumes(CSPDirectiveListVector);
164
159 DECLARE_TRACE(); 165 DECLARE_TRACE();
160 166
161 private: 167 private:
162 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); 168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
169 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
163 170
164 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; 171 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 };
165 172
166 CSPDirectiveList(ContentSecurityPolicy*, 173 CSPDirectiveList(ContentSecurityPolicy*,
167 ContentSecurityPolicyHeaderType, 174 ContentSecurityPolicyHeaderType,
168 ContentSecurityPolicyHeaderSource); 175 ContentSecurityPolicyHeaderSource);
169 176
170 bool parseDirective(const UChar* begin, 177 bool parseDirective(const UChar* begin,
171 const UChar* end, 178 const UChar* end,
172 String& name, 179 String& name,
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
259 bool checkAncestorsAndReportViolation(SourceListDirective*, 266 bool checkAncestorsAndReportViolation(SourceListDirective*,
260 LocalFrame*, 267 LocalFrame*,
261 const KURL&) const; 268 const KURL&) const;
262 bool checkRequestWithoutIntegrityAndReportViolation( 269 bool checkRequestWithoutIntegrityAndReportViolation(
263 WebURLRequest::RequestContext, 270 WebURLRequest::RequestContext,
264 const KURL&, 271 const KURL&,
265 ResourceRequest::RedirectStatus) const; 272 ResourceRequest::RedirectStatus) const;
266 273
267 bool denyIfEnforcingPolicy() const { return isReportOnly(); } 274 bool denyIfEnforcingPolicy() const { return isReportOnly(); }
268 275
276 SourceListDirective* operativeDirective(
Mike West 2016/11/24 13:07:46 Please add unit tests, especially for the cascade
amalika 2016/11/24 14:32:29 Added!
277 const ContentSecurityPolicy::DirectiveType&);
278 static SourceListDirectiveVector getSourceVector(
Mike West 2016/11/24 13:07:46 Can you add a comment explaining what these functi
amalika 2016/11/24 14:32:29 Added!
279 const ContentSecurityPolicy::DirectiveType&,
280 CSPDirectiveListVector policies);
281
269 Member<ContentSecurityPolicy> m_policy; 282 Member<ContentSecurityPolicy> m_policy;
270 283
271 String m_header; 284 String m_header;
272 ContentSecurityPolicyHeaderType m_headerType; 285 ContentSecurityPolicyHeaderType m_headerType;
273 ContentSecurityPolicyHeaderSource m_headerSource; 286 ContentSecurityPolicyHeaderSource m_headerSource;
274 287
275 bool m_hasSandboxPolicy; 288 bool m_hasSandboxPolicy;
276 289
277 bool m_strictMixedContentCheckingEnforced; 290 bool m_strictMixedContentCheckingEnforced;
278 291
(...skipping 20 matching lines...) Expand all
299 uint8_t m_requireSRIFor; 312 uint8_t m_requireSRIFor;
300 313
301 Vector<String> m_reportEndpoints; 314 Vector<String> m_reportEndpoints;
302 315
303 String m_evalDisabledErrorMessage; 316 String m_evalDisabledErrorMessage;
304 }; 317 };
305 318
306 } // namespace blink 319 } // namespace blink
307 320
308 #endif 321 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698