third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp - Issue 2562953002: Part 5.2: Is policy list subsumed under subsuming policy?

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

Issue 2562953002: Part 5.2: Is policy list subsumed under subsuming policy? (Closed)

Patch Set: Removing trace from MediaListDirective Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/frame/csp/CSPDirectiveList.h"	5 #include "core/frame/csp/CSPDirectiveList.h"

6	6

7 #include "bindings/core/v8/SourceLocation.h"	7 #include "bindings/core/v8/SourceLocation.h"

8 #include "core/dom/Document.h"	8 #include "core/dom/Document.h"

9 #include "core/dom/SecurityContext.h"	9 #include "core/dom/SecurityContext.h"

10 #include "core/dom/SpaceSplitString.h"	10 #include "core/dom/SpaceSplitString.h"

(...skipping 1246 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1257 // Aggregate all serialized source lists of the returned CSP into a vector	1257 // Aggregate all serialized source lists of the returned CSP into a vector

1258 // based on a directive type, defaulting accordingly (for example, to	1258 // based on a directive type, defaulting accordingly (for example, to

1259 // `default-src`).	1259 // `default-src`).

1260 SourceListDirectiveVector returned = getSourceVector(directive, other);	1260 SourceListDirectiveVector returned = getSourceVector(directive, other);

1261 // TODO(amalika): Add checks for plugin-types, sandbox, disown-opener,	1261 // TODO(amalika): Add checks for plugin-types, sandbox, disown-opener,

1262 // navigation-to, worker-src.	1262 // navigation-to, worker-src.

1263 if (!required->subsumes(returned))	1263 if (!required->subsumes(returned))

1264 return false;	1264 return false;

1265 }	1265 }

1266	1266

1267 return true;	1267 if (!m_pluginTypes.get())
	sof 2016/12/13 13:38:54 There is an implicit pointer conversion in place f There is an implicit pointer conversion in place for Member<>, so you can avoid the explicit get() here. Or (!hasPluginTypes())
	1268 return true;

	1269

	1270 HeapVector<Member<MediaListDirective>> pluginTypesOther;

	1271 for (const auto& policy : other) {

	1272 if (policy->m_pluginTypes.get())

	1273 pluginTypesOther.append(policy->m_pluginTypes);

	1274 }

	1275

	1276 return m_pluginTypes->subsumes(pluginTypesOther);
	Mike West 2016/12/13 13:54:47 This looks like it's checking the union of all the This looks like it's checking the union of all the policies in \|other\|, rather than the intersection, which doesn't seem correct. That is, given `type/1 type/2 type/3` and `type/1`, `type/1` should subsume, but it doesn't look like it will. Is that accurate? Can you add some tests along those lines so we can verify the behavior? amalika 2016/12/13 14:42:08 As with `SourceListDirective`, `subsumes` method o Show quoted text On 2016/12/13 at 13:54:47, Mike West (slow) wrote: > This looks like it's checking the union of all the policies in \|other\|, rather than the intersection, which doesn't seem correct. That is, given `type/1 type/2 type/3` and `type/1`, `type/1` should subsume, but it doesn't look like it will. Is that accurate? > > Can you add some tests along those lines so we can verify the behavior? As with `SourceListDirective`, `subsumes` method of MediaListDirective makes sure to call `getIntersect` inside. So this should not be finding a union. I will add tests below already added in SubsumesPluginTypes
1268 }	1277 }

1269	1278

1270 DEFINE_TRACE(CSPDirectiveList) {	1279 DEFINE_TRACE(CSPDirectiveList) {

1271 visitor->trace(m_policy);	1280 visitor->trace(m_policy);

1272 visitor->trace(m_pluginTypes);	1281 visitor->trace(m_pluginTypes);

1273 visitor->trace(m_baseURI);	1282 visitor->trace(m_baseURI);

1274 visitor->trace(m_childSrc);	1283 visitor->trace(m_childSrc);

1275 visitor->trace(m_connectSrc);	1284 visitor->trace(m_connectSrc);

1276 visitor->trace(m_defaultSrc);	1285 visitor->trace(m_defaultSrc);

1277 visitor->trace(m_fontSrc);	1286 visitor->trace(m_fontSrc);

1278 visitor->trace(m_formAction);	1287 visitor->trace(m_formAction);

1279 visitor->trace(m_frameAncestors);	1288 visitor->trace(m_frameAncestors);

1280 visitor->trace(m_frameSrc);	1289 visitor->trace(m_frameSrc);

1281 visitor->trace(m_imgSrc);	1290 visitor->trace(m_imgSrc);

1282 visitor->trace(m_mediaSrc);	1291 visitor->trace(m_mediaSrc);

1283 visitor->trace(m_manifestSrc);	1292 visitor->trace(m_manifestSrc);

1284 visitor->trace(m_objectSrc);	1293 visitor->trace(m_objectSrc);

1285 visitor->trace(m_scriptSrc);	1294 visitor->trace(m_scriptSrc);

1286 visitor->trace(m_styleSrc);	1295 visitor->trace(m_styleSrc);

1287 visitor->trace(m_workerSrc);	1296 visitor->trace(m_workerSrc);

1288 }	1297 }

1289	1298

1290 } // namespace blink	1299 } // namespace blink

OLD	NEW