Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Issue 2487983003: Part 2.3: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Adding a comment Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SourceListDirective_h 5 #ifndef SourceListDirective_h
6 #define SourceListDirective_h 6 #define SourceListDirective_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPDirective.h" 9 #include "core/frame/csp/CSPDirective.h"
10 #include "core/frame/csp/CSPSource.h" 10 #include "core/frame/csp/CSPSource.h"
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
44 bool allowHash(const CSPHashValue&) const; 44 bool allowHash(const CSPHashValue&) const;
45 bool allowHashedAttributes() const; 45 bool allowHashedAttributes() const;
46 bool isHashOrNoncePresent() const; 46 bool isHashOrNoncePresent() const;
47 uint8_t hashAlgorithmsUsed() const; 47 uint8_t hashAlgorithmsUsed() const;
48 // The algorothm is described more extensively here: 48 // The algorothm is described more extensively here:
49 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list 49 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
50 bool subsumes(HeapVector<Member<SourceListDirective>>); 50 bool subsumes(HeapVector<Member<SourceListDirective>>);
51 51
52 private: 52 private:
53 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); 53 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
54 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,
55 GetIntersectCSPSourcesSchemes);
54 56
55 bool parseSource(const UChar* begin, 57 bool parseSource(const UChar* begin,
56 const UChar* end, 58 const UChar* end,
57 String& scheme, 59 String& scheme,
58 String& host, 60 String& host,
59 int& port, 61 int& port,
60 String& path, 62 String& path,
61 CSPSource::WildcardDisposition&, 63 CSPSource::WildcardDisposition&,
62 CSPSource::WildcardDisposition&); 64 CSPSource::WildcardDisposition&);
63 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); 65 bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
(...skipping 15 matching lines...) Expand all
79 void addSourceSelf(); 81 void addSourceSelf();
80 void addSourceStar(); 82 void addSourceStar();
81 void addSourceUnsafeInline(); 83 void addSourceUnsafeInline();
82 void addSourceUnsafeEval(); 84 void addSourceUnsafeEval();
83 void addSourceStrictDynamic(); 85 void addSourceStrictDynamic();
84 void addSourceUnsafeHashedAttributes(); 86 void addSourceUnsafeHashedAttributes();
85 void addSourceNonce(const String& nonce); 87 void addSourceNonce(const String& nonce);
86 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, 88 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&,
87 const DigestValue& hash); 89 const DigestValue& hash);
88 90
91 static void addSourceToMap(HashMap<String, CSPSource*>&, CSPSource*);
sof 2016/12/01 16:15:52 HeapHashMap<String, Member<CSPSource>> is what's p
92
89 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; 93 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const;
90 HeapVector<Member<CSPSource>> getIntersectCSPSources( 94 HeapVector<Member<CSPSource>> getIntersectCSPSources(
91 HeapVector<Member<CSPSource>> other); 95 HeapVector<Member<CSPSource>> other);
96 HashMap<String, CSPSource*> getIntersectSchemesOnly(
97 HeapVector<Member<CSPSource>> other);
92 98
93 Member<ContentSecurityPolicy> m_policy; 99 Member<ContentSecurityPolicy> m_policy;
94 HeapVector<Member<CSPSource>> m_list; 100 HeapVector<Member<CSPSource>> m_list;
95 String m_directiveName; 101 String m_directiveName;
96 bool m_allowSelf; 102 bool m_allowSelf;
97 bool m_allowStar; 103 bool m_allowStar;
98 bool m_allowInline; 104 bool m_allowInline;
99 bool m_allowEval; 105 bool m_allowEval;
100 bool m_allowDynamic; 106 bool m_allowDynamic;
101 bool m_allowHashedAttributes; 107 bool m_allowHashedAttributes;
102 HashSet<String> m_nonces; 108 HashSet<String> m_nonces;
103 HashSet<CSPHashValue> m_hashes; 109 HashSet<CSPHashValue> m_hashes;
104 uint8_t m_hashAlgorithmsUsed; 110 uint8_t m_hashAlgorithmsUsed;
105 }; 111 };
106 112
107 } // namespace blink 113 } // namespace blink
108 114
109 #endif 115 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp ('k') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698