Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(271)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Issue 2545063002: Part 3.6: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Intersect Tests Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SourceListDirective_h 5 #ifndef SourceListDirective_h
6 #define SourceListDirective_h 6 #define SourceListDirective_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/CSPDirective.h" 9 #include "core/frame/csp/CSPDirective.h"
10 #include "core/frame/csp/CSPSource.h" 10 #include "core/frame/csp/CSPSource.h"
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 bool allowAllInline(); 49 bool allowAllInline();
50 50
51 // The algorothm is described more extensively here: 51 // The algorothm is described more extensively here:
52 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list 52 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
53 bool subsumes(HeapVector<Member<SourceListDirective>>); 53 bool subsumes(HeapVector<Member<SourceListDirective>>);
54 54
55 private: 55 private:
56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); 56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
57 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, 57 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,
58 GetIntersectCSPSourcesSchemes); 58 GetIntersectCSPSourcesSchemes);
59 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectNonces);
60 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectHashes);
59 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 61 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
60 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); 62 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
61 63
62 bool parseSource(const UChar* begin, 64 bool parseSource(const UChar* begin,
63 const UChar* end, 65 const UChar* end,
64 String& scheme, 66 String& scheme,
65 String& host, 67 String& host,
66 int& port, 68 int& port,
67 String& path, 69 String& path,
68 CSPSource::WildcardDisposition&, 70 CSPSource::WildcardDisposition&,
(...skipping 20 matching lines...) Expand all
89 void addSourceUnsafeEval(); 91 void addSourceUnsafeEval();
90 void addSourceStrictDynamic(); 92 void addSourceStrictDynamic();
91 void addSourceUnsafeHashedAttributes(); 93 void addSourceUnsafeHashedAttributes();
92 void addSourceNonce(const String& nonce); 94 void addSourceNonce(const String& nonce);
93 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, 95 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&,
94 const DigestValue& hash); 96 const DigestValue& hash);
95 97
96 static void addSourceToMap(HashMap<String, CSPSource*>&, CSPSource*); 98 static void addSourceToMap(HashMap<String, CSPSource*>&, CSPSource*);
97 99
98 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const; 100 bool hasSourceMatchInList(const KURL&, ResourceRequest::RedirectStatus) const;
101 HashSet<String> getIntersectNonces(const HashSet<String>& other);
102 HashSet<CSPHashValue> getIntersectHashes(const HashSet<CSPHashValue>& other);
99 HeapVector<Member<CSPSource>> getIntersectCSPSources( 103 HeapVector<Member<CSPSource>> getIntersectCSPSources(
100 HeapVector<Member<CSPSource>> other); 104 HeapVector<Member<CSPSource>> other);
101 HashMap<String, CSPSource*> getIntersectSchemesOnly( 105 HashMap<String, CSPSource*> getIntersectSchemesOnly(
102 HeapVector<Member<CSPSource>> other); 106 HeapVector<Member<CSPSource>> other);
107 bool subsumesNoncesAndHashes(const HashSet<String>& nonces,
108 const HashSet<CSPHashValue> hashes);
103 109
104 Member<ContentSecurityPolicy> m_policy; 110 Member<ContentSecurityPolicy> m_policy;
105 HeapVector<Member<CSPSource>> m_list; 111 HeapVector<Member<CSPSource>> m_list;
106 String m_directiveName; 112 String m_directiveName;
107 bool m_allowSelf; 113 bool m_allowSelf;
108 bool m_allowStar; 114 bool m_allowStar;
109 bool m_allowInline; 115 bool m_allowInline;
110 bool m_allowEval; 116 bool m_allowEval;
111 bool m_allowDynamic; 117 bool m_allowDynamic;
112 bool m_allowHashedAttributes; 118 bool m_allowHashedAttributes;
113 HashSet<String> m_nonces; 119 HashSet<String> m_nonces;
114 HashSet<CSPHashValue> m_hashes; 120 HashSet<CSPHashValue> m_hashes;
115 uint8_t m_hashAlgorithmsUsed; 121 uint8_t m_hashAlgorithmsUsed;
116 }; 122 };
117 123
118 } // namespace blink 124 } // namespace blink
119 125
120 #endif 126 #endif
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698