OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 551 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
562 const KURL& url, | 562 const KURL& url, |
563 ResourceRequest::RedirectStatus redirectStatus) const { | 563 ResourceRequest::RedirectStatus redirectStatus) const { |
564 for (size_t i = 0; i < m_list.size(); ++i) { | 564 for (size_t i = 0; i < m_list.size(); ++i) { |
565 if (m_list[i]->matches(url, redirectStatus)) | 565 if (m_list[i]->matches(url, redirectStatus)) |
566 return true; | 566 return true; |
567 } | 567 } |
568 | 568 |
569 return false; | 569 return false; |
570 } | 570 } |
571 | 571 |
572 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | |
573 HeapVector<Member<CSPSource>> other) { | |
Mike West
2016/11/23 09:19:18
Why is this a vector of `Member<CSPSource>` and no
amalika
2016/11/24 14:50:33
Will be answered in overall comments.
| |
574 HashMap<String, CSPSource *> schemesA, intersect; | |
Mike West
2016/11/23 09:19:18
Style nits:
1. Please don't use `,` to declare mo
amalika
2016/11/24 14:50:33
Done.
| |
575 for (const auto& sourceA : m_list) { | |
576 if (sourceA->isSchemeOnly()) | |
577 sourceA->addToMap(schemesA); | |
578 } | |
579 // Add schemes only sources if they are present in both `this` and `other`, | |
580 // allowing upgrading `http` to `https` and `ws` to `wss`. | |
581 for (const auto& sourceB : other) { | |
582 if (sourceB->isSchemeOnly()) { | |
583 if (schemesA.contains(sourceB->getScheme())) | |
584 sourceB->addToMap(intersect); | |
585 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) | |
586 intersect.add("https", schemesA.get("https")); | |
587 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) | |
588 intersect.add("wss", schemesA.get("wss")); | |
589 } | |
590 } | |
591 | |
592 return intersect; | |
593 } | |
594 | |
572 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( | 595 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
573 HeapVector<Member<CSPSource>> otherVector) { | 596 HeapVector<Member<CSPSource>> other) { |
Mike West
2016/11/23 09:19:18
Why is this a vector of `Member<CSPSource>` and no
amalika
2016/11/24 14:50:33
Similarly as above for `getIntersectCSPSourcesSche
| |
597 HashMap<String, CSPSource*> schemesMap = getIntersectSchemesOnly(other); | |
574 HeapVector<Member<CSPSource>> normalized; | 598 HeapVector<Member<CSPSource>> normalized; |
575 for (const auto& aCspSource : m_list) { | 599 // Add all normalized scheme source expressions. |
576 Member<CSPSource> matchedCspSource(nullptr); | 600 for (HashMap<String, CSPSource*>::iterator it = schemesMap.begin(); |
577 for (const auto& bCspSource : otherVector) { | 601 it != schemesMap.end(); ++it) { |
Mike West
2016/11/23 09:19:18
`const auto&`. It's clear from context that it's g
| |
578 if ((matchedCspSource = bCspSource->intersect(aCspSource))) | 602 // We do not "https:" if "http:" is present. |
Mike West
2016/11/23 09:19:18
1. I don't understand this comment.
2. If you're s
| |
603 if (it->key != "https" || !schemesMap.contains("http")) | |
604 normalized.append(it->value); | |
605 } | |
606 | |
607 for (const auto& sourceA : m_list) { | |
608 if (schemesMap.contains(sourceA->getScheme())) | |
Mike West
2016/11/23 09:19:18
Should you check |schemesMap| here, or |normalized
amalika
2016/11/24 13:25:30
|schemesMap| because we want to skip scheme source
| |
609 continue; | |
610 | |
611 Member<CSPSource> match(nullptr), localMatch(nullptr); | |
Mike West
2016/11/23 09:19:18
Style: Two lines, no comma.
Also, `CSPSource*` is
amalika
2016/11/24 14:50:33
Addressed!
| |
612 for (const auto& sourceB : other) { | |
613 // No need to add a host source expression if it is subsumed by the | |
614 // matching scheme source epxression. | |
Mike West
2016/11/23 09:19:18
Nit: s/epxression/expression/
| |
615 if (schemesMap.contains(sourceB->getScheme())) | |
Mike West
2016/11/23 09:19:18
Should you check |schemesMap| here, or |normalized
amalika
2016/11/24 13:25:30
As above, I was intending on checking |schemesMap|
| |
616 continue; | |
617 // If sourceA is scheme only but there was no intersection for it in the | |
618 // `other` list, we add all the sourceB with that scheme. | |
619 if (sourceA->isSchemeOnly()) { | |
620 if ((localMatch = sourceB->intersect(sourceA))) | |
621 normalized.append(localMatch); | |
622 continue; | |
623 } | |
624 if (sourceB->subsumes(sourceA)) { | |
625 match = sourceA; | |
579 break; | 626 break; |
627 } | |
628 if ((localMatch = sourceB->intersect(sourceA))) | |
629 match = localMatch; | |
580 } | 630 } |
581 if (matchedCspSource) | 631 if (match) |
582 normalized.append(matchedCspSource); | 632 normalized.append(match); |
583 } | 633 } |
584 return normalized; | 634 return normalized; |
585 } | 635 } |
586 | 636 |
587 DEFINE_TRACE(SourceListDirective) { | 637 DEFINE_TRACE(SourceListDirective) { |
588 visitor->trace(m_policy); | 638 visitor->trace(m_policy); |
589 visitor->trace(m_list); | 639 visitor->trace(m_list); |
590 CSPDirective::trace(visitor); | 640 CSPDirective::trace(visitor); |
591 } | 641 } |
592 | 642 |
593 } // namespace blink | 643 } // namespace blink |
OLD | NEW |