Unreverting Embedding-CSP: Refactoring directive strings into enum.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 54 matching lines @@
 
 typedef int SandboxFlags;
 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector;
 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector;
 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType;
 using RedirectStatus = ResourceRequest::RedirectStatus;
 
 class CORE_EXPORT ContentSecurityPolicy
     : public GarbageCollectedFinalized<ContentSecurityPolicy> {
  public:
-  // CSP Level 1 Directives
-  static const char ConnectSrc[];
-  static const char DefaultSrc[];
-  static const char FontSrc[];
-  static const char FrameSrc[];
-  static const char ImgSrc[];
-  static const char MediaSrc[];
-  static const char ObjectSrc[];
-  static const char ReportURI[];
-  static const char Sandbox[];
-  static const char ScriptSrc[];
-  static const char StyleSrc[];
-
-  // CSP Level 2 Directives
-  static const char BaseURI[];
-  static const char ChildSrc[];
-  static const char FormAction[];
-  static const char FrameAncestors[];
-  static const char PluginTypes[];
-
-  // CSP Level 3 Directives
-  static const char ManifestSrc[];
-  static const char WorkerSrc[];
-
-  // Mixed Content Directive
-  // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
-  static const char BlockAllMixedContent[];
-
-  // https://w3c.github.io/webappsec/specs/upgrade/
-  static const char UpgradeInsecureRequests[];
-
-  // https://mikewest.github.io/cors-rfc1918/#csp
-  static const char TreatAsPublicAddress[];
-
-  // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
-  static const char RequireSRIFor[];
-
   enum ReportingStatus { SendReport, SuppressReport };
 
   enum ExceptionStatus { WillThrowException, WillNotThrowException };
 
   // This covers the possible values of a violation's 'resource', as defined in
   // https://w3c.github.io/webappsec-csp/#violation-resource. By the time we
   // generate a report, we're guaranteed that the value isn't 'null', so we
   // don't need that state in this enum.
   enum ViolationType { InlineViolation, EvalViolation, URLViolation };
 
   enum class InlineType { Block, Attribute };
 
+  enum class DirectiveType {
+    Undefined,
+    BaseURI,
+    BlockAllMixedContent,
+    ChildSrc,
+    ConnectSrc,
+    DefaultSrc,
+    FrameAncestors,
+    FrameSrc,
+    FontSrc,
+    FormAction,
+    ImgSrc,
+    ManifestSrc,
+    MediaSrc,
+    ObjectSrc,
+    PluginTypes,
+    ReportURI,
+    RequireSRIFor,
+    Sandbox,
+    ScriptSrc,
+    StyleSrc,
+    TreatAsPublicAddress,
+    UpgradeInsecureRequests,
+    WorkerSrc,
+  };
+
   static ContentSecurityPolicy* create() { return new ContentSecurityPolicy(); }
   ~ContentSecurityPolicy();
   DECLARE_TRACE();
 
   void bindToExecutionContext(ExecutionContext*);
   void setupSelf(const SecurityOrigin&);
   void copyStateFrom(const ContentSecurityPolicy*);
   void copyPluginTypesFrom(const ContentSecurityPolicy*);
 
   void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
@@ skipping 170 matching lines @@
   void reportReportOnlyInMeta(const String&);
   void reportMetaOutsideHead(const String&);
   void reportValueForEmptyDirective(const String& directiveName,
                                     const String& value);
 
   // If a frame is passed in, the report will be sent using it as a context. If
   // no frame is passed in, the report will be sent via this object's
   // |m_executionContext| (or dropped on the floor if no such context is
   // available).
   void reportViolation(const String& directiveText,
-                       const String& effectiveDirective,
+                       const DirectiveType& effectiveType,
                        const String& consoleMessage,
                        const KURL& blockedURL,
                        const Vector<String>& reportEndpoints,
                        const String& header,
                        ContentSecurityPolicyHeaderType,
                        ViolationType,
                        LocalFrame* = nullptr,
                        RedirectStatus = RedirectStatus::FollowedRedirect,
                        int contextLine = 0,
                        Element* = nullptr);
@@ skipping 22 matching lines @@
   bool urlMatchesSelf(const KURL&) const;
   bool protocolMatchesSelf(const KURL&) const;
   bool selfMatchesInnerURL() const;
 
   bool experimentalFeaturesEnabled() const;
 
   bool shouldSendCSPHeader(Resource::Type) const;
 
   static bool shouldBypassMainWorld(const ExecutionContext*);
 
-  static bool isDirectiveName(const String&);
-
   static bool isNonceableElement(const Element*);
 
   // This method checks whether the request should be allowed for an
   // experimental EmbeddingCSP feature
   // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed.
   static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&,
                                            SecurityOrigin*);
 
+  static const char* getDirectiveName(const DirectiveType&);
+  static DirectiveType getDirectiveType(const String& name);
+
   Document* document() const;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline);
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy);
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy);
 
   ContentSecurityPolicy();
 
   void applyPolicySideEffectsToExecutionContext();
@@ skipping 33 matching lines @@
   String m_disableEvalErrorMessage;
   WebInsecureRequestPolicy m_insecureRequestPolicy;
 
   Member<CSPSource> m_selfSource;
   String m_selfProtocol;
 };
 
 }  // namespace blink
 
 #endif