OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
578 | 578 |
579 return false; | 579 return false; |
580 } | 580 } |
581 | 581 |
582 bool SourceListDirective::subsumes( | 582 bool SourceListDirective::subsumes( |
583 HeapVector<Member<SourceListDirective>> other) { | 583 HeapVector<Member<SourceListDirective>> other) { |
584 // TODO(amalika): Handle here special keywords. | 584 // TODO(amalika): Handle here special keywords. |
585 if (!m_list.size() || !other.size()) | 585 if (!m_list.size() || !other.size()) |
586 return !m_list.size(); | 586 return !m_list.size(); |
587 | 587 |
588 HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list; | 588 HeapVector<Member<CSPSource>> normalizedA = m_list; |
589 for (size_t i = 1; i < other.size(); i++) { | 589 if (m_allowSelf && other[0]->m_policy->getSelfSource()) |
590 normalizedA = other[i]->getIntersectCSPSources(normalizedA); | 590 normalizedA.append(other[0]->m_policy->getSelfSource()); |
amalika
2016/11/30 10:37:23
This way, we do not even have to set 'self' on Emb
| |
591 } | |
592 | 591 |
593 return CSPSource::firstSubsumesSecond(m_list, normalizedA); | 592 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; |
593 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) | |
594 normalizedB.append(other[0]->m_policy->getSelfSource()); | |
595 for (size_t i = 1; i < other.size(); i++) | |
596 normalizedB = other[i]->getIntersectCSPSources(normalizedB); | |
597 | |
598 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | |
594 } | 599 } |
595 | 600 |
596 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | 601 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( |
597 HeapVector<Member<CSPSource>> other) { | 602 HeapVector<Member<CSPSource>> other) { |
598 HashMap<String, CSPSource*> schemesA; | 603 HashMap<String, CSPSource*> schemesA; |
599 for (const auto& sourceA : m_list) { | 604 for (const auto& sourceA : m_list) { |
600 if (sourceA->isSchemeOnly()) | 605 if (sourceA->isSchemeOnly()) |
601 addSourceToMap(schemesA, sourceA); | 606 addSourceToMap(schemesA, sourceA); |
602 } | 607 } |
603 // Add schemes only sources if they are present in both `this` and `other`, | 608 // Add schemes only sources if they are present in both `this` and `other`, |
(...skipping 19 matching lines...) Expand all Loading... | |
623 HeapVector<Member<CSPSource>> normalized; | 628 HeapVector<Member<CSPSource>> normalized; |
624 // Add all normalized scheme source expressions. | 629 // Add all normalized scheme source expressions. |
625 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { | 630 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { |
626 // We do not add secure versions if insecure schemes are present. | 631 // We do not add secure versions if insecure schemes are present. |
627 if ((it->key != "https" || !schemesMap.contains("http")) && | 632 if ((it->key != "https" || !schemesMap.contains("http")) && |
628 (it->key != "wss" || !schemesMap.contains("ws"))) { | 633 (it->key != "wss" || !schemesMap.contains("ws"))) { |
629 normalized.append(it->value); | 634 normalized.append(it->value); |
630 } | 635 } |
631 } | 636 } |
632 | 637 |
633 for (const auto& sourceA : m_list) { | 638 HeapVector<Member<CSPSource>> thisVector = m_list; |
639 if (m_allowSelf) | |
640 thisVector.append(m_policy->getSelfSource()); | |
641 for (const auto& sourceA : thisVector) { | |
634 if (schemesMap.contains(sourceA->getScheme())) | 642 if (schemesMap.contains(sourceA->getScheme())) |
635 continue; | 643 continue; |
636 | 644 |
637 CSPSource* match(nullptr); | 645 CSPSource* match(nullptr); |
638 for (const auto& sourceB : other) { | 646 for (const auto& sourceB : other) { |
639 // No need to add a host source expression if it is subsumed by the | 647 // No need to add a host source expression if it is subsumed by the |
640 // matching scheme source expression. | 648 // matching scheme source expression. |
641 if (schemesMap.contains(sourceB->getScheme())) | 649 if (schemesMap.contains(sourceB->getScheme())) |
642 continue; | 650 continue; |
643 // If sourceA is scheme only but there was no intersection for it in the | 651 // If sourceA is scheme only but there was no intersection for it in the |
(...skipping 16 matching lines...) Expand all Loading... | |
660 return normalized; | 668 return normalized; |
661 } | 669 } |
662 | 670 |
663 DEFINE_TRACE(SourceListDirective) { | 671 DEFINE_TRACE(SourceListDirective) { |
664 visitor->trace(m_policy); | 672 visitor->trace(m_policy); |
665 visitor->trace(m_list); | 673 visitor->trace(m_list); |
666 CSPDirective::trace(visitor); | 674 CSPDirective::trace(visitor); |
667 } | 675 } |
668 | 676 |
669 } // namespace blink | 677 } // namespace blink |
OLD | NEW |