Revert of Embedding-CSP: Refactoring directive strings into enum

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 55 matching lines @@
 #include "wtf/NotFound.h"
 #include "wtf/PtrUtil.h"
 #include "wtf/StringHasher.h"
 #include "wtf/text/ParsingUtilities.h"
 #include "wtf/text/StringBuilder.h"
 #include "wtf/text/StringUTF8Adaptor.h"
 #include <memory>
 
 namespace blink {
 
+// CSP Level 1 Directives
+const char ContentSecurityPolicy::ConnectSrc[] = "connect-src";
+const char ContentSecurityPolicy::DefaultSrc[] = "default-src";
+const char ContentSecurityPolicy::FontSrc[] = "font-src";
+const char ContentSecurityPolicy::FrameSrc[] = "frame-src";
+const char ContentSecurityPolicy::ImgSrc[] = "img-src";
+const char ContentSecurityPolicy::MediaSrc[] = "media-src";
+const char ContentSecurityPolicy::ObjectSrc[] = "object-src";
+const char ContentSecurityPolicy::ReportURI[] = "report-uri";
+const char ContentSecurityPolicy::Sandbox[] = "sandbox";
+const char ContentSecurityPolicy::ScriptSrc[] = "script-src";
+const char ContentSecurityPolicy::StyleSrc[] = "style-src";
+
+// CSP Level 2 Directives
+const char ContentSecurityPolicy::BaseURI[] = "base-uri";
+const char ContentSecurityPolicy::ChildSrc[] = "child-src";
+const char ContentSecurityPolicy::FormAction[] = "form-action";
+const char ContentSecurityPolicy::FrameAncestors[] = "frame-ancestors";
+const char ContentSecurityPolicy::PluginTypes[] = "plugin-types";
+
+// CSP Level 3 Directives
+const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src";
+const char ContentSecurityPolicy::WorkerSrc[] = "worker-src";
+
+// Mixed Content Directive
+// https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
+const char ContentSecurityPolicy::BlockAllMixedContent[] =
+    "block-all-mixed-content";
+
+// https://w3c.github.io/webappsec/specs/upgrade/
+const char ContentSecurityPolicy::UpgradeInsecureRequests[] =
+    "upgrade-insecure-requests";
+
+// https://mikewest.github.io/cors-rfc1918/#csp
+const char ContentSecurityPolicy::TreatAsPublicAddress[] =
+    "treat-as-public-address";
+
+// https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
+const char ContentSecurityPolicy::RequireSRIFor[] = "require-sri-for";
+
+bool ContentSecurityPolicy::isDirectiveName(const String& name) {
+  return (
+      equalIgnoringCase(name, ConnectSrc) ||
+      equalIgnoringCase(name, DefaultSrc) || equalIgnoringCase(name, FontSrc) ||
+      equalIgnoringCase(name, FrameSrc) || equalIgnoringCase(name, ImgSrc) ||
+      equalIgnoringCase(name, MediaSrc) || equalIgnoringCase(name, ObjectSrc) ||
+      equalIgnoringCase(name, ReportURI) || equalIgnoringCase(name, Sandbox) ||
+      equalIgnoringCase(name, ScriptSrc) || equalIgnoringCase(name, StyleSrc) ||
+      equalIgnoringCase(name, BaseURI) || equalIgnoringCase(name, ChildSrc) ||
+      equalIgnoringCase(name, FormAction) ||
+      equalIgnoringCase(name, FrameAncestors) ||
+      equalIgnoringCase(name, PluginTypes) ||
+      equalIgnoringCase(name, ManifestSrc) ||
+      equalIgnoringCase(name, WorkerSrc) ||
+      equalIgnoringCase(name, BlockAllMixedContent) ||
+      equalIgnoringCase(name, UpgradeInsecureRequests) ||
+      equalIgnoringCase(name, TreatAsPublicAddress) ||
+      equalIgnoringCase(name, RequireSRIFor));
+}
+
 bool ContentSecurityPolicy::isNonceableElement(const Element* element) {
   if (!element->fastHasAttribute(HTMLNames::nonceAttr))
     return false;
 
   bool nonceable = true;
 
   // To prevent an attacker from hijacking an existing nonce via a dangling
   // markup injection, we walk through the attributes of each nonced script
   // element: if their names or values contain "<script" or "<style", we won't
   // apply the nonce when loading script.
@@ skipping 888 matching lines @@
 }
 
 void ContentSecurityPolicy::enforceStrictMixedContentChecking() {
   m_insecureRequestPolicy |= kBlockAllMixedContent;
 }
 
 void ContentSecurityPolicy::upgradeInsecureRequests() {
   m_insecureRequestPolicy |= kUpgradeInsecureRequests;
 }
 
-static String stripURLForUseInReport(
-    ExecutionContext* context,
-    const KURL& url,
-    RedirectStatus redirectStatus,
-    const ContentSecurityPolicy::DirectiveType& effectiveType) {
+static String stripURLForUseInReport(ExecutionContext* context,
+                                     const KURL& url,
+                                     RedirectStatus redirectStatus,
+                                     const String& effectiveDirective) {
   if (!url.isValid())
     return String();
   if (!url.isHierarchical() || url.protocolIs("file"))
     return url.protocol();
 
   // Until we're more careful about the way we deal with navigations in frames
   // (and, by extension, in plugin documents), strip cross-origin 'frame-src'
   // and 'object-src' violations down to an origin. https://crbug.com/633306
   bool canSafelyExposeURL =
       context->getSecurityOrigin()->canRequest(url) ||
       (redirectStatus == RedirectStatus::NoRedirect &&
-       effectiveType != ContentSecurityPolicy::DirectiveType::FrameSrc &&
-       effectiveType != ContentSecurityPolicy::DirectiveType::ObjectSrc);
+       !equalIgnoringCase(effectiveDirective,
+                          ContentSecurityPolicy::FrameSrc) &&
+       !equalIgnoringCase(effectiveDirective,
+                          ContentSecurityPolicy::ObjectSrc));
 
   if (canSafelyExposeURL) {
     // 'KURL::strippedForUseAsReferrer()' dumps 'String()' for non-webby URLs.
     // It's better for developers if we return the origin of those URLs rather
     // than nothing.
     if (url.protocolIsInHTTPFamily())
       return url.strippedForUseAsReferrer();
   }
   return SecurityOrigin::create(url)->toString();
 }
 
 static void gatherSecurityPolicyViolationEventData(
     SecurityPolicyViolationEventInit& init,
     ExecutionContext* context,
     const String& directiveText,
-    const ContentSecurityPolicy::DirectiveType& effectiveType,
+    const String& effectiveDirective,
     const KURL& blockedURL,
     const String& header,
     RedirectStatus redirectStatus,
     ContentSecurityPolicyHeaderType headerType,
     ContentSecurityPolicy::ViolationType violationType,
     int contextLine) {
-  if (effectiveType == ContentSecurityPolicy::DirectiveType::FrameAncestors) {
+  if (equalIgnoringCase(effectiveDirective,
+                        ContentSecurityPolicy::FrameAncestors)) {
     // If this load was blocked via 'frame-ancestors', then the URL of
     // |document| has not yet been initialized. In this case, we'll set both
     // 'documentURI' and 'blockedURI' to the blocked document's URL.
     init.setDocumentURI(blockedURL.getString());
     init.setBlockedURI(blockedURL.getString());
   } else {
     init.setDocumentURI(context->url().getString());
     switch (violationType) {
       case ContentSecurityPolicy::InlineViolation:
         init.setBlockedURI("inline");
         break;
       case ContentSecurityPolicy::EvalViolation:
         init.setBlockedURI("eval");
         break;
       case ContentSecurityPolicy::URLViolation:
         init.setBlockedURI(stripURLForUseInReport(
-            context, blockedURL, redirectStatus, effectiveType));
+            context, blockedURL, redirectStatus, effectiveDirective));
         break;
     }
   }
 
-  String effectiveDirective =
-      ContentSecurityPolicy::getDirectiveName(effectiveType);
   init.setViolatedDirective(effectiveDirective);
   init.setEffectiveDirective(effectiveDirective);
   init.setOriginalPolicy(header);
   init.setDisposition(headerType == ContentSecurityPolicyHeaderTypeEnforce
                           ? "enforce"
                           : "report");
   init.setSourceFile(String());
   init.setLineNumber(contextLine);
   init.setColumnNumber(0);
   init.setStatusCode(0);
 
   // TODO(mkwst): We only have referrer and status code information for
   // Documents. It would be nice to get them for Workers as well.
   if (context->isDocument()) {
     Document* document = toDocument(context);
     DCHECK(document);
     init.setReferrer(document->referrer());
     if (!SecurityOrigin::isSecure(context->url()) && document->loader())
       init.setStatusCode(document->loader()->response().httpStatusCode());
   }
 
   std::unique_ptr<SourceLocation> location = SourceLocation::capture(context);
   if (location->lineNumber()) {
     KURL source = KURL(ParsedURLString, location->url());
-    init.setSourceFile(
-        stripURLForUseInReport(context, source, redirectStatus, effectiveType));
+    init.setSourceFile(stripURLForUseInReport(context, source, redirectStatus,
+                                              effectiveDirective));
     init.setLineNumber(location->lineNumber());
     init.setColumnNumber(location->columnNumber());
   }
 }
 
 void ContentSecurityPolicy::reportViolation(
     const String& directiveText,
-    const DirectiveType& effectiveType,
+    const String& effectiveDirective,
     const String& consoleMessage,
     const KURL& blockedURL,
     const Vector<String>& reportEndpoints,
     const String& header,
     ContentSecurityPolicyHeaderType headerType,
     ViolationType violationType,
     LocalFrame* contextFrame,
     RedirectStatus redirectStatus,
     int contextLine,
     Element* element) {
   ASSERT(violationType == URLViolation || blockedURL.isEmpty());
 
   // TODO(lukasza): Support sending reports from OOPIFs -
   // https://crbug.com/611232 (or move CSP child-src and frame-src checks to the
   // browser process - see https://crbug.com/376522).
   if (!m_executionContext && !contextFrame) {
-    DCHECK(effectiveType == DirectiveType::ChildSrc ||
-           effectiveType == DirectiveType::FrameSrc ||
-           effectiveType == DirectiveType::PluginTypes);
+    DCHECK(equalIgnoringCase(effectiveDirective,
+                             ContentSecurityPolicy::ChildSrc) ||
+           equalIgnoringCase(effectiveDirective,
+                             ContentSecurityPolicy::FrameSrc) ||
+           equalIgnoringCase(effectiveDirective,
+                             ContentSecurityPolicy::PluginTypes));
     return;
   }
 
   DCHECK((m_executionContext && !contextFrame) ||
-         ((effectiveType == DirectiveType::FrameAncestors) && contextFrame));
+         (equalIgnoringCase(effectiveDirective,
+                            ContentSecurityPolicy::FrameAncestors) &&
+          contextFrame));
 
   SecurityPolicyViolationEventInit violationData;
 
   // If we're processing 'frame-ancestors', use |contextFrame|'s execution
   // context to gather data. Otherwise, use the policy's execution context.
   ExecutionContext* relevantContext =
       contextFrame ? contextFrame->document() : m_executionContext;
   DCHECK(relevantContext);
   gatherSecurityPolicyViolationEventData(
-      violationData, relevantContext, directiveText, effectiveType, blockedURL,
-      header, redirectStatus, headerType, violationType, contextLine);
+      violationData, relevantContext, directiveText, effectiveDirective,
+      blockedURL, header, redirectStatus, headerType, violationType,
+      contextLine);
 
   // TODO(mkwst): Obviously, we shouldn't hit this check, as extension-loaded
   // resources should be allowed regardless. We apparently do, however, so
   // we should at least stop spamming reporting endpoints. See
   // https://crbug.com/524356 for detail.
   if (!violationData.sourceFile().isEmpty() &&
       SchemeRegistry::schemeShouldBypassContentSecurityPolicy(
           KURL(ParsedURLString, violationData.sourceFile()).protocol())) {
     return;
   }
@@ skipping 66 matching lines @@
     if (!frame)
       return;
 
     for (const String& endpoint : reportEndpoints) {
       // If we have a context frame we're dealing with 'frame-ancestors' and we
       // don't have our own execution context. Use the frame's document to
       // complete the endpoint URL, overriding its URL with the blocked
       // document's URL.
       DCHECK(!contextFrame || !m_executionContext);
       DCHECK(!contextFrame ||
-             getDirectiveType(violationData.effectiveDirective()) ==
-                 DirectiveType::FrameAncestors);
+             equalIgnoringCase(violationData.effectiveDirective(),
+                               FrameAncestors));
       KURL url =
           contextFrame
               ? frame->document()->completeURLWithOverride(
                     endpoint, KURL(ParsedURLString, violationData.blockedURI()))
               : completeURL(endpoint);
       PingLoader::sendViolationReport(
           frame, url, report, PingLoader::ContentSecurityPolicyViolationReport);
     }
   }
 }
@@ skipping 81 matching lines @@
 
   String message =
       "Unrecognized Content-Security-Policy directive '" + name + "'.\n";
   MessageLevel level = ErrorMessageLevel;
   if (equalIgnoringCase(name, allow)) {
     message = allowMessage;
   } else if (equalIgnoringCase(name, options)) {
     message = optionsMessage;
   } else if (equalIgnoringCase(name, policyURI)) {
     message = policyURIMessage;
-  } else if (getDirectiveType(name) != DirectiveType::Undefined) {
+  } else if (isDirectiveName(name)) {
     message = "The Content-Security-Policy directive '" + name +
               "' is implemented behind a flag which is currently disabled.\n";
     level = InfoMessageLevel;
   }
 
   logToConsole(message, level);
 }
 
 void ContentSecurityPolicy::reportDirectiveAsSourceExpression(
     const String& directiveName,
@@ skipping 166 matching lines @@
     const String& report) const {
   // Collisions have no security impact, so we can save space by storing only
   // the string's hash rather than the whole report.
   return !m_violationReportsSent.contains(report.impl()->hash());
 }
 
 void ContentSecurityPolicy::didSendViolationReport(const String& report) {
   m_violationReportsSent.add(report.impl()->hash());
 }
 
-const char* ContentSecurityPolicy::getDirectiveName(const DirectiveType& type) {
-  switch (type) {
-    case DirectiveType::BaseURI:
-      return "base-uri";
-    case DirectiveType::BlockAllMixedContent:
-      return "block-all-mixed-content";
-    case DirectiveType::ChildSrc:
-      return "child-src";
-    case DirectiveType::ConnectSrc:
-      return "connect-src";
-    case DirectiveType::DefaultSrc:
-      return "default-src";
-    case DirectiveType::FrameAncestors:
-      return "frame-ancestors";
-    case DirectiveType::FrameSrc:
-      return "frame-src";
-    case DirectiveType::FontSrc:
-      return "font-src";
-    case DirectiveType::FormAction:
-      return "form-action";
-    case DirectiveType::ImgSrc:
-      return "img-src";
-    case DirectiveType::ManifestSrc:
-      return "manifest-src";
-    case DirectiveType::MediaSrc:
-      return "media-src";
-    case DirectiveType::ObjectSrc:
-      return "object-src";
-    case DirectiveType::PluginTypes:
-      return "plugin-types";
-    case DirectiveType::ReportURI:
-      return "report-uri";
-    case DirectiveType::RequireSRIFor:
-      return "require-sri-for";
-    case DirectiveType::Sandbox:
-      return "sandbox";
-    case DirectiveType::ScriptSrc:
-      return "script-src";
-    case DirectiveType::StyleSrc:
-      return "style-src";
-    case DirectiveType::TreatAsPublicAddress:
-      return "treat-as-public-address";
-    case DirectiveType::UpgradeInsecureRequests:
-      return "upgrade-insecure-requests";
-    case DirectiveType::WorkerSrc:
-      return "worker-src";
-    case DirectiveType::Undefined:
-      NOTREACHED();
-      return "";
-  }
-
-  NOTREACHED();
-  return "";
-}
-
-ContentSecurityPolicy::DirectiveType ContentSecurityPolicy::getDirectiveType(
-    const String& name) {
-  if (name == "base-uri")
-    return DirectiveType::BaseURI;
-  if (name == "block-all-mixed-content")
-    return DirectiveType::BlockAllMixedContent;
-  if (name == "child-src")
-    return DirectiveType::ChildSrc;
-  if (name == "connect-src")
-    return DirectiveType::ConnectSrc;
-  if (name == "default-src")
-    return DirectiveType::DefaultSrc;
-  if (name == "frame-ancestors")
-    return DirectiveType::FrameAncestors;
-  if (name == "frame-src")
-    return DirectiveType::FrameSrc;
-  if (name == "font-src")
-    return DirectiveType::FontSrc;
-  if (name == "form-action")
-    return DirectiveType::FormAction;
-  if (name == "img-src")
-    return DirectiveType::ImgSrc;
-  if (name == "manifest-src")
-    return DirectiveType::ManifestSrc;
-  if (name == "media-src")
-    return DirectiveType::MediaSrc;
-  if (name == "object-src")
-    return DirectiveType::ObjectSrc;
-  if (name == "plugin-types")
-    return DirectiveType::PluginTypes;
-  if (name == "report-uri")
-    return DirectiveType::ReportURI;
-  if (name == "require-sri-for")
-    return DirectiveType::RequireSRIFor;
-  if (name == "sandbox")
-    return DirectiveType::Sandbox;
-  if (name == "script-src")
-    return DirectiveType::ScriptSrc;
-  if (name == "style-src")
-    return DirectiveType::StyleSrc;
-  if (name == "treat-as-public-address")
-    return DirectiveType::TreatAsPublicAddress;
-  if (name == "upgrade-insecure-requests")
-    return DirectiveType::UpgradeInsecureRequests;
-  if (name == "worker-src")
-    return DirectiveType::WorkerSrc;
-
-  return DirectiveType::Undefined;
-}
-
 }  // namespace blink