| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <sstream> |
| 6 #include "base/strings/string_split.h" |
| 7 #include "base/strings/string_util.h" |
| 8 #include "content/common/content_security_policy/csp_context.h" |
| 9 |
| 10 namespace content { |
| 11 |
| 12 namespace { |
| 13 |
| 14 static CSPDirective::Name CSPFallback(CSPDirective::Name directive) { |
| 15 switch (directive) { |
| 16 case CSPDirective::DefaultSrc: |
| 17 case CSPDirective::FormAction: |
| 18 return CSPDirective::Unknown; |
| 19 |
| 20 case CSPDirective::FrameSrc: |
| 21 return CSPDirective::ChildSrc; |
| 22 |
| 23 case CSPDirective::ChildSrc: |
| 24 return CSPDirective::DefaultSrc; |
| 25 |
| 26 case CSPDirective::Unknown: |
| 27 NOTREACHED(); |
| 28 return CSPDirective::Unknown; |
| 29 } |
| 30 NOTREACHED(); |
| 31 return CSPDirective::Unknown; |
| 32 } |
| 33 |
| 34 std::string ElideURLForReportViolation(const GURL& url) { |
| 35 // TODO(arthursonzogni): the url length should be limited to 1024 char. Find |
| 36 // a function that will not break the utf8 encoding while eliding the string. |
| 37 return url.spec(); |
| 38 } |
| 39 |
| 40 } // namespace |
| 41 |
| 42 CSPPolicy::CSPPolicy() |
| 43 : disposition(blink::WebContentSecurityPolicyTypeEnforce), |
| 44 source(blink::WebContentSecurityPolicySourceHTTP), |
| 45 directives(), |
| 46 report_endpoints() {} |
| 47 |
| 48 CSPPolicy::CSPPolicy(blink::WebContentSecurityPolicyType disposition, |
| 49 blink::WebContentSecurityPolicySource source, |
| 50 const std::vector<CSPDirective>& directives, |
| 51 const std::vector<std::string>& report_endpoints) |
| 52 : disposition(disposition), |
| 53 source(source), |
| 54 directives(directives), |
| 55 report_endpoints(report_endpoints) {} |
| 56 |
| 57 CSPPolicy::CSPPolicy(const CSPPolicy&) = default; |
| 58 CSPPolicy::~CSPPolicy() = default; |
| 59 |
| 60 bool CSPPolicy::Allow(CSPContext* context, |
| 61 CSPDirective::Name directive_name, |
| 62 const GURL& url, |
| 63 bool is_redirect) const { |
| 64 CSPDirective::Name current_directive_name = directive_name; |
| 65 do { |
| 66 for (const CSPDirective& directive : directives) { |
| 67 if (directive.name == current_directive_name) { |
| 68 return AllowDirective(context, directive_name, directive, url, |
| 69 is_redirect); |
| 70 } |
| 71 } |
| 72 current_directive_name = CSPFallback(current_directive_name); |
| 73 } while (current_directive_name != CSPDirective::Unknown); |
| 74 return true; |
| 75 } |
| 76 |
| 77 std::string CSPPolicy::ToString() const { |
| 78 std::stringstream text; |
| 79 bool is_first_policy = true; |
| 80 for (const CSPDirective& directive : directives) { |
| 81 if (!is_first_policy) |
| 82 text << "; "; |
| 83 is_first_policy = false; |
| 84 text << directive.ToString(); |
| 85 } |
| 86 |
| 87 if (!report_endpoints.empty()) { |
| 88 if (!is_first_policy) |
| 89 text << "; "; |
| 90 is_first_policy = false; |
| 91 text << "report-uri"; |
| 92 for (const std::string& endpoint : report_endpoints) |
| 93 text << " " << endpoint; |
| 94 } |
| 95 |
| 96 return text.str(); |
| 97 } |
| 98 |
| 99 bool CSPPolicy::AllowDirective(CSPContext* context, |
| 100 CSPDirective::Name directive_name, |
| 101 const CSPDirective& directive, |
| 102 const GURL& url, |
| 103 bool is_redirect) const { |
| 104 if (directive.source_list.Allow(context, url, is_redirect)) |
| 105 return true; |
| 106 |
| 107 ReportViolation(context, directive_name, directive, url); |
| 108 |
| 109 return disposition == blink::WebContentSecurityPolicyTypeReport; |
| 110 } |
| 111 |
| 112 void CSPPolicy::ReportViolation(CSPContext* context, |
| 113 const CSPDirective::Name directive_name, |
| 114 const CSPDirective& directive, |
| 115 const GURL& url) const { |
| 116 // We should never have a violation against `child-src` or `default-src` |
| 117 // directly; the effective directive should always be one of the explicit |
| 118 // fetch directives. |
| 119 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); |
| 120 DCHECK_NE(directive_name, CSPDirective::ChildSrc); |
| 121 |
| 122 std::stringstream message; |
| 123 |
| 124 if (disposition == blink::WebContentSecurityPolicyTypeReport) |
| 125 message << "[Report Only] "; |
| 126 |
| 127 if (directive_name == CSPDirective::FormAction) |
| 128 message << "Refused to send form data to '"; |
| 129 else if (directive_name == CSPDirective::FrameSrc) |
| 130 message << "Refused to frame '"; |
| 131 |
| 132 message << ElideURLForReportViolation(url) |
| 133 << "' because it violates the following Content Security Policy " |
| 134 "directive: \"" |
| 135 << directive.ToString() << "\"."; |
| 136 |
| 137 if (directive.name != directive_name) |
| 138 message << " Note that '" << CSPDirective::NameToString(directive_name) |
| 139 << "' was not explicitly set, so '" |
| 140 << CSPDirective::NameToString(directive.name) |
| 141 << "' is used as a fallback."; |
| 142 |
| 143 message << "\n"; |
| 144 |
| 145 context->LogToConsole(message.str()); |
| 146 context->ReportViolation(CSPDirective::NameToString(directive.name), |
| 147 CSPDirective::NameToString(directive_name), |
| 148 message.str(), url, report_endpoints, |
| 149 // TODO(arthursonzogni): consider passing the |
| 150 // original header |
| 151 "", disposition); |
| 152 } |
| 153 |
| 154 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
