Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Issue 2545063002: Part 3.6: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Rebasing Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SourceListDirective_h 5 #ifndef SourceListDirective_h
6 #define SourceListDirective_h 6 #define SourceListDirective_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPDirective.h" 9 #include "core/frame/csp/CSPDirective.h"
10 #include "core/frame/csp/CSPSource.h" 10 #include "core/frame/csp/CSPSource.h"
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 bool allowAllInline() const; 49 bool allowAllInline() const;
50 50
51 // The algorothm is described more extensively here: 51 // The algorothm is described more extensively here:
52 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list 52 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
53 bool subsumes(const HeapVector<Member<SourceListDirective>>&) const; 53 bool subsumes(const HeapVector<Member<SourceListDirective>>&) const;
54 54
55 private: 55 private:
56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); 56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
57 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, 57 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,
58 GetIntersectCSPSourcesSchemes); 58 GetIntersectCSPSourcesSchemes);
59 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectNonces);
60 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectHashes);
59 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 61 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
60 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); 62 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
61 63
62 bool parseSource(const UChar* begin, 64 bool parseSource(const UChar* begin,
63 const UChar* end, 65 const UChar* end,
64 String& scheme, 66 String& scheme,
65 String& host, 67 String& host,
66 int& port, 68 int& port,
67 String& path, 69 String& path,
68 CSPSource::WildcardDisposition&, 70 CSPSource::WildcardDisposition&,
(...skipping 21 matching lines...) Expand all
90 void addSourceStrictDynamic(); 92 void addSourceStrictDynamic();
91 void addSourceUnsafeHashedAttributes(); 93 void addSourceUnsafeHashedAttributes();
92 void addSourceNonce(const String& nonce); 94 void addSourceNonce(const String& nonce);
93 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, 95 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&,
94 const DigestValue& hash); 96 const DigestValue& hash);
95 97
96 static void addSourceToMap(HeapHashMap<String, Member<CSPSource>>&, 98 static void addSourceToMap(HeapHashMap<String, Member<CSPSource>>&,
97 CSPSource*); 99 CSPSource*);
98 100
99 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; 101 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const;
102 HashSet<String> getIntersectNonces(const HashSet<String>& other) const;
103 HashSet<CSPHashValue> getIntersectHashes(
104 const HashSet<CSPHashValue>& other) const;
100 HeapVector<Member<CSPSource>> getIntersectCSPSources( 105 HeapVector<Member<CSPSource>> getIntersectCSPSources(
101 const HeapVector<Member<CSPSource>>& other) const; 106 const HeapVector<Member<CSPSource>>& other) const;
102 HeapHashMap<String, Member<CSPSource>> getIntersectSchemesOnly( 107 HeapHashMap<String, Member<CSPSource>> getIntersectSchemesOnly(
103 const HeapVector<Member<CSPSource>>& other) const; 108 const HeapVector<Member<CSPSource>>& other) const;
109 bool subsumesNoncesAndHashes(const HashSet<String>& nonces,
110 const HashSet<CSPHashValue> hashes) const;
104 111
105 Member<ContentSecurityPolicy> m_policy; 112 Member<ContentSecurityPolicy> m_policy;
106 HeapVector<Member<CSPSource>> m_list; 113 HeapVector<Member<CSPSource>> m_list;
107 String m_directiveName; 114 String m_directiveName;
108 bool m_allowSelf; 115 bool m_allowSelf;
109 bool m_allowStar; 116 bool m_allowStar;
110 bool m_allowInline; 117 bool m_allowInline;
111 bool m_allowEval; 118 bool m_allowEval;
112 bool m_allowDynamic; 119 bool m_allowDynamic;
113 bool m_allowHashedAttributes; 120 bool m_allowHashedAttributes;
114 HashSet<String> m_nonces; 121 HashSet<String> m_nonces;
115 HashSet<CSPHashValue> m_hashes; 122 HashSet<CSPHashValue> m_hashes;
116 uint8_t m_hashAlgorithmsUsed; 123 uint8_t m_hashAlgorithmsUsed;
117 }; 124 };
118 125
119 } // namespace blink 126 } // namespace blink
120 127
121 #endif 128 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698