Chromium Code Reviews Chromium Code Reviews
Issue 2519103005:
Part 3.2: Is policy list subsumed under subsuming policy? (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 578 | 578 |
| 579 return false; | 579 return false; |
| 580 } | 580 } |
| 581 | 581 |
| 582 bool SourceListDirective::subsumes( | 582 bool SourceListDirective::subsumes( |
| 583 HeapVector<Member<SourceListDirective>> other) { | 583 HeapVector<Member<SourceListDirective>> other) { |
| 584 // TODO(amalika): Handle here special keywords. | 584 // TODO(amalika): Handle here special keywords. |
| 585 if (!m_list.size() || !other.size()) | 585 if (!m_list.size() || !other.size()) |
| 586 return !m_list.size(); | 586 return !m_list.size(); |
| 587 | 587 |
| 588 HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list; | 588 HeapVector<Member<CSPSource>> normalizedA = m_list; |
| 589 for (size_t i = 1; i < other.size(); i++) { | 589 if (m_allowSelf && other[0]->m_policy->getSelfSource()) |
| 590 normalizedA = other[i]->getIntersectCSPSources(normalizedA); | 590 normalizedA.append(other[0]->m_policy->getSelfSource()); |
|
amalika
2016/11/30 10:37:23
This way, we do not even have to set 'self' on Emb
| |
| 591 } | |
| 592 | 591 |
| 593 return CSPSource::firstSubsumesSecond(m_list, normalizedA); | 592 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; |
| 593 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) | |
| 594 normalizedB.append(other[0]->m_policy->getSelfSource()); | |
| 595 for (size_t i = 1; i < other.size(); i++) | |
| 596 normalizedB = other[i]->getIntersectCSPSources(normalizedB); | |
| 597 | |
| 598 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | |
| 594 } | 599 } |
| 595 | 600 |
| 596 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | 601 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( |
| 597 HeapVector<Member<CSPSource>> other) { | 602 HeapVector<Member<CSPSource>> other) { |
| 598 HashMap<String, CSPSource*> schemesA; | 603 HashMap<String, CSPSource*> schemesA; |
| 599 for (const auto& sourceA : m_list) { | 604 for (const auto& sourceA : m_list) { |
| 600 if (sourceA->isSchemeOnly()) | 605 if (sourceA->isSchemeOnly()) |
| 601 addSourceToMap(schemesA, sourceA); | 606 addSourceToMap(schemesA, sourceA); |
| 602 } | 607 } |
| 603 // Add schemes only sources if they are present in both `this` and `other`, | 608 // Add schemes only sources if they are present in both `this` and `other`, |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 623 HeapVector<Member<CSPSource>> normalized; | 628 HeapVector<Member<CSPSource>> normalized; |
| 624 // Add all normalized scheme source expressions. | 629 // Add all normalized scheme source expressions. |
| 625 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { | 630 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { |
| 626 // We do not add secure versions if insecure schemes are present. | 631 // We do not add secure versions if insecure schemes are present. |
| 627 if ((it->key != "https" || !schemesMap.contains("http")) && | 632 if ((it->key != "https" || !schemesMap.contains("http")) && |
| 628 (it->key != "wss" || !schemesMap.contains("ws"))) { | 633 (it->key != "wss" || !schemesMap.contains("ws"))) { |
| 629 normalized.append(it->value); | 634 normalized.append(it->value); |
| 630 } | 635 } |
| 631 } | 636 } |
| 632 | 637 |
| 633 for (const auto& sourceA : m_list) { | 638 HeapVector<Member<CSPSource>> thisVector = m_list; |
| 639 if (m_allowSelf) | |
| 640 thisVector.append(m_policy->getSelfSource()); | |
| 641 for (const auto& sourceA : thisVector) { | |
| 634 if (schemesMap.contains(sourceA->getScheme())) | 642 if (schemesMap.contains(sourceA->getScheme())) |
| 635 continue; | 643 continue; |
| 636 | 644 |
| 637 CSPSource* match(nullptr); | 645 CSPSource* match(nullptr); |
| 638 for (const auto& sourceB : other) { | 646 for (const auto& sourceB : other) { |
| 639 // No need to add a host source expression if it is subsumed by the | 647 // No need to add a host source expression if it is subsumed by the |
| 640 // matching scheme source expression. | 648 // matching scheme source expression. |
| 641 if (schemesMap.contains(sourceB->getScheme())) | 649 if (schemesMap.contains(sourceB->getScheme())) |
| 642 continue; | 650 continue; |
| 643 // If sourceA is scheme only but there was no intersection for it in the | 651 // If sourceA is scheme only but there was no intersection for it in the |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 660 return normalized; | 668 return normalized; |
| 661 } | 669 } |
| 662 | 670 |
| 663 DEFINE_TRACE(SourceListDirective) { | 671 DEFINE_TRACE(SourceListDirective) { |
| 664 visitor->trace(m_policy); | 672 visitor->trace(m_policy); |
| 665 visitor->trace(m_list); | 673 visitor->trace(m_list); |
| 666 CSPDirective::trace(visitor); | 674 CSPDirective::trace(visitor); |
| 667 } | 675 } |
| 668 | 676 |
| 669 } // namespace blink | 677 } // namespace blink |
| OLD | NEW |
