| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 600 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 611 | 611 |
| 612 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; | 612 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; |
| 613 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) | 613 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) |
| 614 normalizedB.append(other[0]->m_policy->getSelfSource()); | 614 normalizedB.append(other[0]->m_policy->getSelfSource()); |
| 615 | 615 |
| 616 bool allowInlineOther = other[0]->m_allowInline; | 616 bool allowInlineOther = other[0]->m_allowInline; |
| 617 bool allowEvalOther = other[0]->m_allowEval; | 617 bool allowEvalOther = other[0]->m_allowEval; |
| 618 bool allowDynamicOther = other[0]->m_allowDynamic; | 618 bool allowDynamicOther = other[0]->m_allowDynamic; |
| 619 bool allowHashedAttributesOther = other[0]->m_allowHashedAttributes; | 619 bool allowHashedAttributesOther = other[0]->m_allowHashedAttributes; |
| 620 bool isHashOrNoncePresentOther = other[0]->isHashOrNoncePresent(); | 620 bool isHashOrNoncePresentOther = other[0]->isHashOrNoncePresent(); |
| 621 HashSet<String> noncesB = other[0]->m_nonces; |
| 622 HashSet<CSPHashValue> hashesB = other[0]->m_hashes; |
| 621 | 623 |
| 622 for (size_t i = 1; i < other.size(); i++) { | 624 for (size_t i = 1; i < other.size(); i++) { |
| 623 allowInlineOther = allowInlineOther && other[i]->m_allowInline; | 625 allowInlineOther = allowInlineOther && other[i]->m_allowInline; |
| 624 allowEvalOther = allowEvalOther && other[i]->m_allowEval; | 626 allowEvalOther = allowEvalOther && other[i]->m_allowEval; |
| 625 allowDynamicOther = allowDynamicOther && other[i]->m_allowDynamic; | 627 allowDynamicOther = allowDynamicOther && other[i]->m_allowDynamic; |
| 626 allowHashedAttributesOther = | 628 allowHashedAttributesOther = |
| 627 allowHashedAttributesOther && other[i]->m_allowHashedAttributes; | 629 allowHashedAttributesOther && other[i]->m_allowHashedAttributes; |
| 628 isHashOrNoncePresentOther = | 630 isHashOrNoncePresentOther = |
| 629 isHashOrNoncePresentOther && other[i]->isHashOrNoncePresent(); | 631 isHashOrNoncePresentOther && other[i]->isHashOrNoncePresent(); |
| 632 noncesB = other[i]->getIntersectNonces(noncesB); |
| 633 hashesB = other[i]->getIntersectHashes(hashesB); |
| 630 normalizedB = other[i]->getIntersectCSPSources(normalizedB); | 634 normalizedB = other[i]->getIntersectCSPSources(normalizedB); |
| 631 } | 635 } |
| 632 | 636 |
| 637 if (!subsumesNoncesAndHashes(noncesB, hashesB)) |
| 638 return false; |
| 639 |
| 633 const ContentSecurityPolicy::DirectiveType type = | 640 const ContentSecurityPolicy::DirectiveType type = |
| 634 ContentSecurityPolicy::getDirectiveType(m_directiveName); | 641 ContentSecurityPolicy::getDirectiveType(m_directiveName); |
| 635 if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc || | 642 if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc || |
| 636 type == ContentSecurityPolicy::DirectiveType::StyleSrc) { | 643 type == ContentSecurityPolicy::DirectiveType::StyleSrc) { |
| 637 if (!m_allowEval && allowEvalOther) | 644 if (!m_allowEval && allowEvalOther) |
| 638 return false; | 645 return false; |
| 639 if (!m_allowHashedAttributes && allowHashedAttributesOther) | 646 if (!m_allowHashedAttributes && allowHashedAttributesOther) |
| 640 return false; | 647 return false; |
| 641 bool allowAllInlineOther = | 648 bool allowAllInlineOther = |
| 642 allowInlineOther && !isHashOrNoncePresentOther && | 649 allowInlineOther && !isHashOrNoncePresentOther && |
| 643 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || | 650 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || |
| 644 !allowDynamicOther); | 651 !allowDynamicOther); |
| 645 if (!allowAllInline() && allowAllInlineOther) | 652 if (!allowAllInline() && allowAllInlineOther) |
| 646 return false; | 653 return false; |
| 647 } | 654 } |
| 648 | 655 |
| 649 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 656 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
| 650 } | 657 } |
| 651 | 658 |
| 659 bool SourceListDirective::subsumesNoncesAndHashes( |
| 660 const HashSet<String>& nonces, |
| 661 const HashSet<CSPHashValue> hashes) const { |
| 662 for (const auto& nonce : nonces) { |
| 663 if (!m_nonces.contains(nonce)) |
| 664 return false; |
| 665 } |
| 666 for (const auto& hash : hashes) { |
| 667 if (!m_hashes.contains(hash)) |
| 668 return false; |
| 669 } |
| 670 |
| 671 return true; |
| 672 } |
| 673 |
| 674 HashSet<String> SourceListDirective::getIntersectNonces( |
| 675 const HashSet<String>& other) const { |
| 676 if (!m_nonces.size() || !other.size()) |
| 677 return !m_nonces.size() ? m_nonces : other; |
| 678 |
| 679 HashSet<String> normalized; |
| 680 for (const auto& nonce : m_nonces) { |
| 681 if (other.contains(nonce)) |
| 682 normalized.add(nonce); |
| 683 } |
| 684 |
| 685 return normalized; |
| 686 } |
| 687 |
| 688 HashSet<CSPHashValue> SourceListDirective::getIntersectHashes( |
| 689 const HashSet<CSPHashValue>& other) const { |
| 690 if (!m_hashes.size() || !other.size()) |
| 691 return !m_hashes.size() ? m_hashes : other; |
| 692 |
| 693 HashSet<CSPHashValue> normalized; |
| 694 for (const auto& hash : m_hashes) { |
| 695 if (other.contains(hash)) |
| 696 normalized.add(hash); |
| 697 } |
| 698 |
| 699 return normalized; |
| 700 } |
| 701 |
| 652 HeapHashMap<String, Member<CSPSource>> | 702 HeapHashMap<String, Member<CSPSource>> |
| 653 SourceListDirective::getIntersectSchemesOnly( | 703 SourceListDirective::getIntersectSchemesOnly( |
| 654 const HeapVector<Member<CSPSource>>& other) const { | 704 const HeapVector<Member<CSPSource>>& other) const { |
| 655 HeapHashMap<String, Member<CSPSource>> schemesA; | 705 HeapHashMap<String, Member<CSPSource>> schemesA; |
| 656 for (const auto& sourceA : m_list) { | 706 for (const auto& sourceA : m_list) { |
| 657 if (sourceA->isSchemeOnly()) | 707 if (sourceA->isSchemeOnly()) |
| 658 addSourceToMap(schemesA, sourceA); | 708 addSourceToMap(schemesA, sourceA); |
| 659 } | 709 } |
| 660 // Add schemes only sources if they are present in both `this` and `other`, | 710 // Add schemes only sources if they are present in both `this` and `other`, |
| 661 // allowing upgrading `http` to `https` and `ws` to `wss`. | 711 // allowing upgrading `http` to `https` and `ws` to `wss`. |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 720 return normalized; | 770 return normalized; |
| 721 } | 771 } |
| 722 | 772 |
| 723 DEFINE_TRACE(SourceListDirective) { | 773 DEFINE_TRACE(SourceListDirective) { |
| 724 visitor->trace(m_policy); | 774 visitor->trace(m_policy); |
| 725 visitor->trace(m_list); | 775 visitor->trace(m_list); |
| 726 CSPDirective::trace(visitor); | 776 CSPDirective::trace(visitor); |
| 727 } | 777 } |
| 728 | 778 |
| 729 } // namespace blink | 779 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2545063002:
Part 3.6: Is policy list subsumed under subsuming policy? (Closed)
