| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 m_nonces.add(nonce); | 552 m_nonces.add(nonce); |
| 553 } | 553 } |
| 554 | 554 |
| 555 void SourceListDirective::addSourceHash( | 555 void SourceListDirective::addSourceHash( |
| 556 const ContentSecurityPolicyHashAlgorithm& algorithm, | 556 const ContentSecurityPolicyHashAlgorithm& algorithm, |
| 557 const DigestValue& hash) { | 557 const DigestValue& hash) { |
| 558 m_hashes.add(CSPHashValue(algorithm, hash)); | 558 m_hashes.add(CSPHashValue(algorithm, hash)); |
| 559 m_hashAlgorithmsUsed |= algorithm; | 559 m_hashAlgorithmsUsed |= algorithm; |
| 560 } | 560 } |
| 561 | 561 |
| 562 void SourceListDirective::addSourceToMap(HashMap<String, CSPSource*>& hashMap, | 562 void SourceListDirective::addSourceToMap( |
| 563 CSPSource* source) { | 563 HeapHashMap<String, Member<CSPSource>>& hashMap, |
| 564 CSPSource* source) { |
| 564 hashMap.add(source->getScheme(), source); | 565 hashMap.add(source->getScheme(), source); |
| 565 if (source->getScheme() == "http") | 566 if (source->getScheme() == "http") |
| 566 hashMap.add("https", source); | 567 hashMap.add("https", source); |
| 567 else if (source->getScheme() == "ws") | 568 else if (source->getScheme() == "ws") |
| 568 hashMap.add("wss", source); | 569 hashMap.add("wss", source); |
| 569 } | 570 } |
| 570 | 571 |
| 571 bool SourceListDirective::hasSourceMatchInList( | 572 bool SourceListDirective::hasSourceMatchInList( |
| 572 const KURL& url, | 573 const KURL& url, |
| 573 ResourceRequest::RedirectStatus redirectStatus) const { | 574 ResourceRequest::RedirectStatus redirectStatus) const { |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 635 allowInlineOther && !isHashOrNoncePresentOther && | 636 allowInlineOther && !isHashOrNoncePresentOther && |
| 636 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || | 637 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || |
| 637 !allowDynamicOther); | 638 !allowDynamicOther); |
| 638 if (!allowAllInline() && allowAllInlineOther) | 639 if (!allowAllInline() && allowAllInlineOther) |
| 639 return false; | 640 return false; |
| 640 } | 641 } |
| 641 | 642 |
| 642 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 643 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
| 643 } | 644 } |
| 644 | 645 |
| 645 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | 646 HeapHashMap<String, Member<CSPSource>> |
| 647 SourceListDirective::getIntersectSchemesOnly( |
| 646 HeapVector<Member<CSPSource>> other) { | 648 HeapVector<Member<CSPSource>> other) { |
| 647 HashMap<String, CSPSource*> schemesA; | 649 HeapHashMap<String, Member<CSPSource>> schemesA; |
| 648 for (const auto& sourceA : m_list) { | 650 for (const auto& sourceA : m_list) { |
| 649 if (sourceA->isSchemeOnly()) | 651 if (sourceA->isSchemeOnly()) |
| 650 addSourceToMap(schemesA, sourceA); | 652 addSourceToMap(schemesA, sourceA); |
| 651 } | 653 } |
| 652 // Add schemes only sources if they are present in both `this` and `other`, | 654 // Add schemes only sources if they are present in both `this` and `other`, |
| 653 // allowing upgrading `http` to `https` and `ws` to `wss`. | 655 // allowing upgrading `http` to `https` and `ws` to `wss`. |
| 654 HashMap<String, CSPSource*> intersect; | 656 HeapHashMap<String, Member<CSPSource>> intersect; |
| 655 for (const auto& sourceB : other) { | 657 for (const auto& sourceB : other) { |
| 656 if (sourceB->isSchemeOnly()) { | 658 if (sourceB->isSchemeOnly()) { |
| 657 if (schemesA.contains(sourceB->getScheme())) | 659 if (schemesA.contains(sourceB->getScheme())) |
| 658 addSourceToMap(intersect, sourceB); | 660 addSourceToMap(intersect, sourceB); |
| 659 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) | 661 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) |
| 660 intersect.add("https", schemesA.get("https")); | 662 intersect.add("https", schemesA.get("https")); |
| 661 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) | 663 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) |
| 662 intersect.add("wss", schemesA.get("wss")); | 664 intersect.add("wss", schemesA.get("wss")); |
| 663 } | 665 } |
| 664 } | 666 } |
| 665 | 667 |
| 666 return intersect; | 668 return intersect; |
| 667 } | 669 } |
| 668 | 670 |
| 669 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( | 671 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
| 670 HeapVector<Member<CSPSource>> other) { | 672 HeapVector<Member<CSPSource>> other) { |
| 671 HashMap<String, CSPSource*> schemesMap = getIntersectSchemesOnly(other); | 673 auto schemesMap = getIntersectSchemesOnly(other); |
| 672 HeapVector<Member<CSPSource>> normalized; | 674 HeapVector<Member<CSPSource>> normalized; |
| 673 // Add all normalized scheme source expressions. | 675 // Add all normalized scheme source expressions. |
| 674 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { | 676 for (const auto& it : schemesMap) { |
| 675 // We do not add secure versions if insecure schemes are present. | 677 // We do not add secure versions if insecure schemes are present. |
| 676 if ((it->key != "https" || !schemesMap.contains("http")) && | 678 if ((it.key != "https" || !schemesMap.contains("http")) && |
| 677 (it->key != "wss" || !schemesMap.contains("ws"))) { | 679 (it.key != "wss" || !schemesMap.contains("ws"))) { |
| 678 normalized.append(it->value); | 680 normalized.append(it.value); |
| 679 } | 681 } |
| 680 } | 682 } |
| 681 | 683 |
| 682 HeapVector<Member<CSPSource>> thisVector = m_list; | 684 HeapVector<Member<CSPSource>> thisVector = m_list; |
| 683 if (m_allowSelf) | 685 if (m_allowSelf) |
| 684 thisVector.append(m_policy->getSelfSource()); | 686 thisVector.append(m_policy->getSelfSource()); |
| 685 for (const auto& sourceA : thisVector) { | 687 for (const auto& sourceA : thisVector) { |
| 686 if (schemesMap.contains(sourceA->getScheme())) | 688 if (schemesMap.contains(sourceA->getScheme())) |
| 687 continue; | 689 continue; |
| 688 | 690 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 712 return normalized; | 714 return normalized; |
| 713 } | 715 } |
| 714 | 716 |
| 715 DEFINE_TRACE(SourceListDirective) { | 717 DEFINE_TRACE(SourceListDirective) { |
| 716 visitor->trace(m_policy); | 718 visitor->trace(m_policy); |
| 717 visitor->trace(m_list); | 719 visitor->trace(m_list); |
| 718 CSPDirective::trace(visitor); | 720 CSPDirective::trace(visitor); |
| 719 } | 721 } |
| 720 | 722 |
| 721 } // namespace blink | 723 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2553673002:
Disallow off-heap containers containing raw on-heap pointers. (Closed)
