OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
551 m_nonces.add(nonce); | 551 m_nonces.add(nonce); |
552 } | 552 } |
553 | 553 |
554 void SourceListDirective::addSourceHash( | 554 void SourceListDirective::addSourceHash( |
555 const ContentSecurityPolicyHashAlgorithm& algorithm, | 555 const ContentSecurityPolicyHashAlgorithm& algorithm, |
556 const DigestValue& hash) { | 556 const DigestValue& hash) { |
557 m_hashes.add(CSPHashValue(algorithm, hash)); | 557 m_hashes.add(CSPHashValue(algorithm, hash)); |
558 m_hashAlgorithmsUsed |= algorithm; | 558 m_hashAlgorithmsUsed |= algorithm; |
559 } | 559 } |
560 | 560 |
| 561 void SourceListDirective::addSourceToMap(HashMap<String, CSPSource*>& hashMap, |
| 562 CSPSource* source) { |
| 563 hashMap.add(source->getScheme(), source); |
| 564 if (source->getScheme() == "http") |
| 565 hashMap.add("https", source); |
| 566 else if (source->getScheme() == "ws") |
| 567 hashMap.add("wss", source); |
| 568 } |
| 569 |
561 bool SourceListDirective::hasSourceMatchInList( | 570 bool SourceListDirective::hasSourceMatchInList( |
562 const KURL& url, | 571 const KURL& url, |
563 ResourceRequest::RedirectStatus redirectStatus) const { | 572 ResourceRequest::RedirectStatus redirectStatus) const { |
564 for (size_t i = 0; i < m_list.size(); ++i) { | 573 for (size_t i = 0; i < m_list.size(); ++i) { |
565 if (m_list[i]->matches(url, redirectStatus)) | 574 if (m_list[i]->matches(url, redirectStatus)) |
566 return true; | 575 return true; |
567 } | 576 } |
568 | 577 |
569 return false; | 578 return false; |
570 } | 579 } |
571 | 580 |
572 bool SourceListDirective::subsumes( | 581 bool SourceListDirective::subsumes( |
573 HeapVector<Member<SourceListDirective>> other) { | 582 HeapVector<Member<SourceListDirective>> other) { |
574 // TODO(amalika): Handle here special keywords. | 583 // TODO(amalika): Handle here special keywords. |
575 if (!m_list.size() || !other.size()) | 584 if (!m_list.size() || !other.size()) |
576 return !m_list.size(); | 585 return !m_list.size(); |
577 | 586 |
578 HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list; | 587 HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list; |
579 for (size_t i = 1; i < other.size(); i++) { | 588 for (size_t i = 1; i < other.size(); i++) { |
580 normalizedA = other[i]->getIntersectCSPSources(normalizedA); | 589 normalizedA = other[i]->getIntersectCSPSources(normalizedA); |
581 } | 590 } |
582 | 591 |
583 return CSPSource::firstSubsumesSecond(m_list, normalizedA); | 592 return CSPSource::firstSubsumesSecond(m_list, normalizedA); |
584 } | 593 } |
585 | 594 |
| 595 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( |
| 596 HeapVector<Member<CSPSource>> other) { |
| 597 HashMap<String, CSPSource*> schemesA; |
| 598 for (const auto& sourceA : m_list) { |
| 599 if (sourceA->isSchemeOnly()) |
| 600 addSourceToMap(schemesA, sourceA); |
| 601 } |
| 602 // Add schemes only sources if they are present in both `this` and `other`, |
| 603 // allowing upgrading `http` to `https` and `ws` to `wss`. |
| 604 HashMap<String, CSPSource*> intersect; |
| 605 for (const auto& sourceB : other) { |
| 606 if (sourceB->isSchemeOnly()) { |
| 607 if (schemesA.contains(sourceB->getScheme())) |
| 608 addSourceToMap(intersect, sourceB); |
| 609 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) |
| 610 intersect.add("https", schemesA.get("https")); |
| 611 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) |
| 612 intersect.add("wss", schemesA.get("wss")); |
| 613 } |
| 614 } |
| 615 |
| 616 return intersect; |
| 617 } |
| 618 |
586 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( | 619 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
587 HeapVector<Member<CSPSource>> otherVector) { | 620 HeapVector<Member<CSPSource>> other) { |
| 621 HashMap<String, CSPSource*> schemesMap = getIntersectSchemesOnly(other); |
588 HeapVector<Member<CSPSource>> normalized; | 622 HeapVector<Member<CSPSource>> normalized; |
589 for (const auto& aCspSource : m_list) { | 623 // Add all normalized scheme source expressions. |
590 Member<CSPSource> matchedCspSource(nullptr); | 624 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { |
591 for (const auto& bCspSource : otherVector) { | 625 // We do not add secure versions if insecure schemes are present. |
592 if ((matchedCspSource = bCspSource->intersect(aCspSource))) | 626 if ((it->key != "https" || !schemesMap.contains("http")) && |
| 627 (it->key != "wss" || !schemesMap.contains("ws"))) { |
| 628 normalized.append(it->value); |
| 629 } |
| 630 } |
| 631 |
| 632 for (const auto& sourceA : m_list) { |
| 633 if (schemesMap.contains(sourceA->getScheme())) |
| 634 continue; |
| 635 |
| 636 CSPSource* match(nullptr); |
| 637 for (const auto& sourceB : other) { |
| 638 // No need to add a host source expression if it is subsumed by the |
| 639 // matching scheme source expression. |
| 640 if (schemesMap.contains(sourceB->getScheme())) |
| 641 continue; |
| 642 // If sourceA is scheme only but there was no intersection for it in the |
| 643 // `other` list, we add all the sourceB with that scheme. |
| 644 if (sourceA->isSchemeOnly()) { |
| 645 if (CSPSource* localMatch = sourceB->intersect(sourceA)) |
| 646 normalized.append(localMatch); |
| 647 continue; |
| 648 } |
| 649 if (sourceB->subsumes(sourceA)) { |
| 650 match = sourceA; |
593 break; | 651 break; |
| 652 } |
| 653 if (CSPSource* localMatch = sourceB->intersect(sourceA)) |
| 654 match = localMatch; |
594 } | 655 } |
595 if (matchedCspSource) | 656 if (match) |
596 normalized.append(matchedCspSource); | 657 normalized.append(match); |
597 } | 658 } |
598 return normalized; | 659 return normalized; |
599 } | 660 } |
600 | 661 |
601 DEFINE_TRACE(SourceListDirective) { | 662 DEFINE_TRACE(SourceListDirective) { |
602 visitor->trace(m_policy); | 663 visitor->trace(m_policy); |
603 visitor->trace(m_list); | 664 visitor->trace(m_list); |
604 CSPDirective::trace(visitor); | 665 CSPDirective::trace(visitor); |
605 } | 666 } |
606 | 667 |
607 } // namespace blink | 668 } // namespace blink |
OLD | NEW |