OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
552 m_nonces.add(nonce); | 552 m_nonces.add(nonce); |
553 } | 553 } |
554 | 554 |
555 void SourceListDirective::addSourceHash( | 555 void SourceListDirective::addSourceHash( |
556 const ContentSecurityPolicyHashAlgorithm& algorithm, | 556 const ContentSecurityPolicyHashAlgorithm& algorithm, |
557 const DigestValue& hash) { | 557 const DigestValue& hash) { |
558 m_hashes.add(CSPHashValue(algorithm, hash)); | 558 m_hashes.add(CSPHashValue(algorithm, hash)); |
559 m_hashAlgorithmsUsed |= algorithm; | 559 m_hashAlgorithmsUsed |= algorithm; |
560 } | 560 } |
561 | 561 |
562 void SourceListDirective::addSourceToMap(HashMap<String, CSPSource*>& hashMap, | 562 void SourceListDirective::addSourceToMap( |
563 CSPSource* source) { | 563 HeapHashMap<String, Member<CSPSource>>& hashMap, |
| 564 CSPSource* source) { |
564 hashMap.add(source->getScheme(), source); | 565 hashMap.add(source->getScheme(), source); |
565 if (source->getScheme() == "http") | 566 if (source->getScheme() == "http") |
566 hashMap.add("https", source); | 567 hashMap.add("https", source); |
567 else if (source->getScheme() == "ws") | 568 else if (source->getScheme() == "ws") |
568 hashMap.add("wss", source); | 569 hashMap.add("wss", source); |
569 } | 570 } |
570 | 571 |
571 bool SourceListDirective::hasSourceMatchInList( | 572 bool SourceListDirective::hasSourceMatchInList( |
572 const KURL& url, | 573 const KURL& url, |
573 ResourceRequest::RedirectStatus redirectStatus) const { | 574 ResourceRequest::RedirectStatus redirectStatus) const { |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
635 allowInlineOther && !isHashOrNoncePresentOther && | 636 allowInlineOther && !isHashOrNoncePresentOther && |
636 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || | 637 (type != ContentSecurityPolicy::DirectiveType::ScriptSrc || |
637 !allowDynamicOther); | 638 !allowDynamicOther); |
638 if (!allowAllInline() && allowAllInlineOther) | 639 if (!allowAllInline() && allowAllInlineOther) |
639 return false; | 640 return false; |
640 } | 641 } |
641 | 642 |
642 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 643 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
643 } | 644 } |
644 | 645 |
645 HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( | 646 HeapHashMap<String, Member<CSPSource>> |
| 647 SourceListDirective::getIntersectSchemesOnly( |
646 HeapVector<Member<CSPSource>> other) { | 648 HeapVector<Member<CSPSource>> other) { |
647 HashMap<String, CSPSource*> schemesA; | 649 HeapHashMap<String, Member<CSPSource>> schemesA; |
648 for (const auto& sourceA : m_list) { | 650 for (const auto& sourceA : m_list) { |
649 if (sourceA->isSchemeOnly()) | 651 if (sourceA->isSchemeOnly()) |
650 addSourceToMap(schemesA, sourceA); | 652 addSourceToMap(schemesA, sourceA); |
651 } | 653 } |
652 // Add schemes only sources if they are present in both `this` and `other`, | 654 // Add schemes only sources if they are present in both `this` and `other`, |
653 // allowing upgrading `http` to `https` and `ws` to `wss`. | 655 // allowing upgrading `http` to `https` and `ws` to `wss`. |
654 HashMap<String, CSPSource*> intersect; | 656 HeapHashMap<String, Member<CSPSource>> intersect; |
655 for (const auto& sourceB : other) { | 657 for (const auto& sourceB : other) { |
656 if (sourceB->isSchemeOnly()) { | 658 if (sourceB->isSchemeOnly()) { |
657 if (schemesA.contains(sourceB->getScheme())) | 659 if (schemesA.contains(sourceB->getScheme())) |
658 addSourceToMap(intersect, sourceB); | 660 addSourceToMap(intersect, sourceB); |
659 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) | 661 else if (sourceB->getScheme() == "http" && schemesA.contains("https")) |
660 intersect.add("https", schemesA.get("https")); | 662 intersect.add("https", schemesA.get("https")); |
661 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) | 663 else if (sourceB->getScheme() == "ws" && schemesA.contains("wss")) |
662 intersect.add("wss", schemesA.get("wss")); | 664 intersect.add("wss", schemesA.get("wss")); |
663 } | 665 } |
664 } | 666 } |
665 | 667 |
666 return intersect; | 668 return intersect; |
667 } | 669 } |
668 | 670 |
669 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( | 671 HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
670 HeapVector<Member<CSPSource>> other) { | 672 HeapVector<Member<CSPSource>> other) { |
671 HashMap<String, CSPSource*> schemesMap = getIntersectSchemesOnly(other); | 673 auto schemesMap = getIntersectSchemesOnly(other); |
672 HeapVector<Member<CSPSource>> normalized; | 674 HeapVector<Member<CSPSource>> normalized; |
673 // Add all normalized scheme source expressions. | 675 // Add all normalized scheme source expressions. |
674 for (auto it = schemesMap.begin(); it != schemesMap.end(); ++it) { | 676 for (const auto& it : schemesMap) { |
675 // We do not add secure versions if insecure schemes are present. | 677 // We do not add secure versions if insecure schemes are present. |
676 if ((it->key != "https" || !schemesMap.contains("http")) && | 678 if ((it.key != "https" || !schemesMap.contains("http")) && |
677 (it->key != "wss" || !schemesMap.contains("ws"))) { | 679 (it.key != "wss" || !schemesMap.contains("ws"))) { |
678 normalized.append(it->value); | 680 normalized.append(it.value); |
679 } | 681 } |
680 } | 682 } |
681 | 683 |
682 HeapVector<Member<CSPSource>> thisVector = m_list; | 684 HeapVector<Member<CSPSource>> thisVector = m_list; |
683 if (m_allowSelf) | 685 if (m_allowSelf) |
684 thisVector.append(m_policy->getSelfSource()); | 686 thisVector.append(m_policy->getSelfSource()); |
685 for (const auto& sourceA : thisVector) { | 687 for (const auto& sourceA : thisVector) { |
686 if (schemesMap.contains(sourceA->getScheme())) | 688 if (schemesMap.contains(sourceA->getScheme())) |
687 continue; | 689 continue; |
688 | 690 |
(...skipping 23 matching lines...) Expand all Loading... |
712 return normalized; | 714 return normalized; |
713 } | 715 } |
714 | 716 |
715 DEFINE_TRACE(SourceListDirective) { | 717 DEFINE_TRACE(SourceListDirective) { |
716 visitor->trace(m_policy); | 718 visitor->trace(m_policy); |
717 visitor->trace(m_list); | 719 visitor->trace(m_list); |
718 CSPDirective::trace(visitor); | 720 CSPDirective::trace(visitor); |
719 } | 721 } |
720 | 722 |
721 } // namespace blink | 723 } // namespace blink |
OLD | NEW |