| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 610 | 610 |
| 611 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; | 611 HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; |
| 612 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) | 612 if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) |
| 613 normalizedB.append(other[0]->m_policy->getSelfSource()); | 613 normalizedB.append(other[0]->m_policy->getSelfSource()); |
| 614 | 614 |
| 615 bool allowInlineOther = other[0]->m_allowInline; | 615 bool allowInlineOther = other[0]->m_allowInline; |
| 616 bool allowEvalOther = other[0]->m_allowEval; | 616 bool allowEvalOther = other[0]->m_allowEval; |
| 617 bool allowDynamicOther = other[0]->m_allowDynamic; | 617 bool allowDynamicOther = other[0]->m_allowDynamic; |
| 618 bool allowHashedAttributesOther = other[0]->m_allowHashedAttributes; | 618 bool allowHashedAttributesOther = other[0]->m_allowHashedAttributes; |
| 619 bool isHashOrNoncePresentOther = other[0]->isHashOrNoncePresent(); | 619 bool isHashOrNoncePresentOther = other[0]->isHashOrNoncePresent(); |
| 620 HashSet<String> noncesB = other[0]->m_nonces; |
| 621 HashSet<CSPHashValue> hashesB = other[0]->m_hashes; |
| 620 | 622 |
| 621 for (size_t i = 1; i < other.size(); i++) { | 623 for (size_t i = 1; i < other.size(); i++) { |
| 622 allowInlineOther = allowInlineOther && other[i]->m_allowInline; | 624 allowInlineOther = allowInlineOther && other[i]->m_allowInline; |
| 623 allowEvalOther = allowEvalOther && other[i]->m_allowEval; | 625 allowEvalOther = allowEvalOther && other[i]->m_allowEval; |
| 624 allowDynamicOther = allowDynamicOther && other[i]->m_allowDynamic; | 626 allowDynamicOther = allowDynamicOther && other[i]->m_allowDynamic; |
| 625 allowHashedAttributesOther = | 627 allowHashedAttributesOther = |
| 626 allowHashedAttributesOther && other[i]->m_allowHashedAttributes; | 628 allowHashedAttributesOther && other[i]->m_allowHashedAttributes; |
| 627 isHashOrNoncePresentOther = | 629 isHashOrNoncePresentOther = |
| 628 isHashOrNoncePresentOther && other[i]->isHashOrNoncePresent(); | 630 isHashOrNoncePresentOther && other[i]->isHashOrNoncePresent(); |
| 631 noncesB = other[i]->getIntersectNonces(noncesB); |
| 632 hashesB = other[i]->getIntersectHashes(hashesB); |
| 629 normalizedB = other[i]->getIntersectCSPSources(normalizedB); | 633 normalizedB = other[i]->getIntersectCSPSources(normalizedB); |
| 630 } | 634 } |
| 631 | 635 |
| 636 if (!subsumesNoncesAndHashes(noncesB, hashesB)) |
| 637 return false; |
| 638 |
| 632 const ContentSecurityPolicy::DirectiveType type = | 639 const ContentSecurityPolicy::DirectiveType type = |
| 633 ContentSecurityPolicy::getDirectiveType(m_directiveName); | 640 ContentSecurityPolicy::getDirectiveType(m_directiveName); |
| 634 if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc || | 641 if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc || |
| 635 type == ContentSecurityPolicy::DirectiveType::StyleSrc) { | 642 type == ContentSecurityPolicy::DirectiveType::StyleSrc) { |
| 636 if (!m_allowEval && allowEvalOther) | 643 if (!m_allowEval && allowEvalOther) |
| 637 return false; | 644 return false; |
| 638 if (!m_allowHashedAttributes && allowHashedAttributesOther) | 645 if (!m_allowHashedAttributes && allowHashedAttributesOther) |
| 639 return false; | 646 return false; |
| 640 bool allowAllInlineOther = | 647 bool allowAllInlineOther = |
| 641 allowInlineOther && !isHashOrNoncePresentOther && | 648 allowInlineOther && !isHashOrNoncePresentOther && |
| 642 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || | 649 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || |
| 643 !allowDynamicOther); | 650 !allowDynamicOther); |
| 644 if (!allowAllInline() && allowAllInlineOther) | 651 if (!allowAllInline() && allowAllInlineOther) |
| 645 return false; | 652 return false; |
| 646 } | 653 } |
| 647 | 654 |
| 648 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 655 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
| 649 } | 656 } |
| 650 | 657 |
| 658 bool SourceListDirective::subsumesNoncesAndHashes( |
| 659 const HashSet<String>& nonces, |
| 660 const HashSet<CSPHashValue> hashes) { |
| 661 for (const auto& nonce : nonces) { |
| 662 if (!m_nonces.contains(nonce)) |
| 663 return false; |
| 664 } |
| 665 for (const auto& hash : hashes) { |
| 666 if (!m_hashes.contains(hash)) |
| 667 return false; |
| 668 } |
| 669 |
| 670 return true; |
| 671 } |
| 672 |
| 673 HashSet<String> SourceListDirective::getIntersectNonces( |
| 674 const HashSet<String>& other) { |
| 675 if (!m_nonces.size() || !other.size()) |
| 676 return !m_nonces.size() ? m_nonces : other; |
| 677 |
| 678 HashSet<String> normalized; |
| 679 for (const auto& nonce : m_nonces) { |
| 680 if (other.contains(nonce)) |
| 681 normalized.add(nonce); |
| 682 } |
| 683 |
| 684 return normalized; |
| 685 } |
| 686 |
| 687 HashSet<CSPHashValue> SourceListDirective::getIntersectHashes( |
| 688 const HashSet<CSPHashValue>& other) { |
| 689 if (!m_hashes.size() || !other.size()) |
| 690 return !m_hashes.size() ? m_hashes : other; |
| 691 |
| 692 HashSet<CSPHashValue> normalized; |
| 693 for (const auto& hash : m_hashes) { |
| 694 if (other.contains(hash)) |
| 695 normalized.add(hash); |
| 696 } |
| 697 |
| 698 return normalized; |
| 699 } |
| 700 |
| 651 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | 701 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( |
| 652 HeapVector<Member<CSPSource>> other) { | 702 HeapVector<Member<CSPSource>> other) { |
| 653 HashMap<String, CSPSource*> schemesA; | 703 HashMap<String, CSPSource*> schemesA; |
| 654 for (const auto& sourceA : m_list) { | 704 for (const auto& sourceA : m_list) { |
| 655 if (sourceA->isSchemeOnly()) | 705 if (sourceA->isSchemeOnly()) |
| 656 addSourceToMap(schemesA, sourceA); | 706 addSourceToMap(schemesA, sourceA); |
| 657 } | 707 } |
| 658 // Add schemes only sources if they are present in both `this` and `other`, | 708 // Add schemes only sources if they are present in both `this` and `other`, |
| 659 // allowing upgrading `http` to `https` and `ws` to `wss`. | 709 // allowing upgrading `http` to `https` and `ws` to `wss`. |
| 660 HashMap<String, CSPSource*> intersect; | 710 HashMap<String, CSPSource*> intersect; |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 718 return normalized; | 768 return normalized; |
| 719 } | 769 } |
| 720 | 770 |
| 721 DEFINE_TRACE(SourceListDirective) { | 771 DEFINE_TRACE(SourceListDirective) { |
| 722 visitor->trace(m_policy); | 772 visitor->trace(m_policy); |
| 723 visitor->trace(m_list); | 773 visitor->trace(m_list); |
| 724 CSPDirective::trace(visitor); | 774 CSPDirective::trace(visitor); |
| 725 } | 775 } |
| 726 | 776 |
| 727 } // namespace blink | 777 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2545063002:
Part 3.6: Is policy list subsumed under subsuming policy? (Closed)
