Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2474903002: Part 3.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Rebasing Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
11 #include "core/frame/csp/SourceListDirective.h" 11 #include "core/frame/csp/SourceListDirective.h"
12 #include "platform/heap/Handle.h" 12 #include "platform/heap/Handle.h"
13 #include "platform/network/ContentSecurityPolicyParsers.h" 13 #include "platform/network/ContentSecurityPolicyParsers.h"
14 #include "platform/network/HTTPParsers.h" 14 #include "platform/network/HTTPParsers.h"
15 #include "platform/network/ResourceRequest.h" 15 #include "platform/network/ResourceRequest.h"
16 #include "platform/weborigin/KURL.h" 16 #include "platform/weborigin/KURL.h"
17 #include "wtf/Vector.h" 17 #include "wtf/Vector.h"
18 #include "wtf/text/AtomicString.h" 18 #include "wtf/text/AtomicString.h"
19 #include "wtf/text/WTFString.h" 19 #include "wtf/text/WTFString.h"
20 20
21 namespace blink { 21 namespace blink {
22 22
23 class ContentSecurityPolicy; 23 class ContentSecurityPolicy;
24 24
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector;
26
25 class CORE_EXPORT CSPDirectiveList 27 class CORE_EXPORT CSPDirectiveList
26 : public GarbageCollectedFinalized<CSPDirectiveList> { 28 : public GarbageCollectedFinalized<CSPDirectiveList> {
27 WTF_MAKE_NONCOPYABLE(CSPDirectiveList); 29 WTF_MAKE_NONCOPYABLE(CSPDirectiveList);
28 30
29 public: 31 public:
30 static CSPDirectiveList* create(ContentSecurityPolicy*, 32 static CSPDirectiveList* create(ContentSecurityPolicy*,
31 const UChar* begin, 33 const UChar* begin,
32 const UChar* end, 34 const UChar* end,
33 ContentSecurityPolicyHeaderType, 35 ContentSecurityPolicyHeaderType,
34 ContentSecurityPolicyHeaderSource); 36 ContentSecurityPolicyHeaderSource);
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
149 return m_frameAncestors.get() && !isReportOnly(); 151 return m_frameAncestors.get() && !isReportOnly();
150 } 152 }
151 153
152 // Used to copy plugin-types into a plugin document in a nested 154 // Used to copy plugin-types into a plugin document in a nested
153 // browsing context. 155 // browsing context.
154 bool hasPluginTypes() const { return !!m_pluginTypes; } 156 bool hasPluginTypes() const { return !!m_pluginTypes; }
155 const String& pluginTypesText() const; 157 const String& pluginTypesText() const;
156 158
157 bool shouldSendCSPHeader(Resource::Type) const; 159 bool shouldSendCSPHeader(Resource::Type) const;
158 160
161 // The algorithm is described here:
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
163 bool subsumes(const CSPDirectiveListVector&);
164
159 DECLARE_TRACE(); 165 DECLARE_TRACE();
160 166
161 private: 167 private:
162 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); 168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
169 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
170 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
163 171
164 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; 172 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 };
165 173
166 CSPDirectiveList(ContentSecurityPolicy*, 174 CSPDirectiveList(ContentSecurityPolicy*,
167 ContentSecurityPolicyHeaderType, 175 ContentSecurityPolicyHeaderType,
168 ContentSecurityPolicyHeaderSource); 176 ContentSecurityPolicyHeaderSource);
169 177
170 bool parseDirective(const UChar* begin, 178 bool parseDirective(const UChar* begin,
171 const UChar* end, 179 const UChar* end,
172 String& name, 180 String& name,
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
259 bool checkAncestorsAndReportViolation(SourceListDirective*, 267 bool checkAncestorsAndReportViolation(SourceListDirective*,
260 LocalFrame*, 268 LocalFrame*,
261 const KURL&) const; 269 const KURL&) const;
262 bool checkRequestWithoutIntegrityAndReportViolation( 270 bool checkRequestWithoutIntegrityAndReportViolation(
263 WebURLRequest::RequestContext, 271 WebURLRequest::RequestContext,
264 const KURL&, 272 const KURL&,
265 ResourceRequest::RedirectStatus) const; 273 ResourceRequest::RedirectStatus) const;
266 274
267 bool denyIfEnforcingPolicy() const { return isReportOnly(); } 275 bool denyIfEnforcingPolicy() const { return isReportOnly(); }
268 276
277 // Tthis function returns a SourceListDirective of a given type
278 // or if it is not defined, the default SourceListDirective for that type.
279 SourceListDirective* operativeDirective(
280 const ContentSecurityPolicy::DirectiveType&);
281
282 // This function aggregates from a vector of policies all operative
283 // SourceListDirectives of a given type into a vector.
284 static SourceListDirectiveVector getSourceVector(
285 const ContentSecurityPolicy::DirectiveType&,
286 const CSPDirectiveListVector& policies);
287
269 Member<ContentSecurityPolicy> m_policy; 288 Member<ContentSecurityPolicy> m_policy;
270 289
271 String m_header; 290 String m_header;
272 ContentSecurityPolicyHeaderType m_headerType; 291 ContentSecurityPolicyHeaderType m_headerType;
273 ContentSecurityPolicyHeaderSource m_headerSource; 292 ContentSecurityPolicyHeaderSource m_headerSource;
274 293
275 bool m_hasSandboxPolicy; 294 bool m_hasSandboxPolicy;
276 295
277 bool m_strictMixedContentCheckingEnforced; 296 bool m_strictMixedContentCheckingEnforced;
278 297
(...skipping 20 matching lines...) Expand all
299 uint8_t m_requireSRIFor; 318 uint8_t m_requireSRIFor;
300 319
301 Vector<String> m_reportEndpoints; 320 Vector<String> m_reportEndpoints;
302 321
303 String m_evalDisabledErrorMessage; 322 String m_evalDisabledErrorMessage;
304 }; 323 };
305 324
306 } // namespace blink 325 } // namespace blink
307 326
308 #endif 327 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698