| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <sstream> |
| 6 |
| 7 #include "base/strings/string_util.h" |
| 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "content/common/content_security_policy/csp_context.h" |
| 10 #include "url/url_canon.h" |
| 11 #include "url/url_util.h" |
| 12 |
| 13 namespace content { |
| 14 |
| 15 namespace { |
| 16 |
| 17 bool DecodePath(const base::StringPiece& path, std::string* output) { |
| 18 url::RawCanonOutputT<base::char16> unescaped; |
| 19 url::DecodeURLEscapeSequences(path.data(), path.size(), &unescaped); |
| 20 return base::UTF16ToUTF8(unescaped.data(), unescaped.length(), output); |
| 21 } |
| 22 |
| 23 int DefaultPortForScheme(const std::string& scheme) { |
| 24 return url::DefaultPortForScheme(scheme.data(), scheme.size()); |
| 25 } |
| 26 |
| 27 } // namespace |
| 28 |
| 29 CSPSource::CSPSource() |
| 30 : scheme(), |
| 31 host(), |
| 32 is_host_wildcard(false), |
| 33 port(url::PORT_UNSPECIFIED), |
| 34 is_port_wildcard(false), |
| 35 path() {} |
| 36 |
| 37 CSPSource::CSPSource(const std::string& scheme, |
| 38 const std::string& host, |
| 39 bool is_host_wildcard, |
| 40 int port, |
| 41 bool is_port_wildcard, |
| 42 const std::string& path) |
| 43 : scheme(scheme), |
| 44 host(host), |
| 45 is_host_wildcard(is_host_wildcard), |
| 46 port(port), |
| 47 is_port_wildcard(is_port_wildcard), |
| 48 path(path) { |
| 49 DCHECK(!HasPort() || HasHost()); // port => host |
| 50 DCHECK(!HasPath() || HasHost()); // path => host |
| 51 DCHECK(!is_port_wildcard || port == url::PORT_UNSPECIFIED); |
| 52 } |
| 53 |
| 54 CSPSource::CSPSource(const CSPSource& source) = default; |
| 55 CSPSource::~CSPSource() = default; |
| 56 |
| 57 bool CSPSource::Allow(CSPContext* context, |
| 58 const GURL& url, |
| 59 bool is_redirect) const { |
| 60 if (IsSchemeOnly()) |
| 61 return AllowScheme(url, context); |
| 62 else |
| 63 return AllowScheme(url, context) && AllowHost(url) && AllowPort(url) && |
| 64 AllowPath(url, is_redirect); |
| 65 } |
| 66 |
| 67 std::string CSPSource::ToString() const { |
| 68 // scheme |
| 69 if (IsSchemeOnly()) |
| 70 return scheme + ":"; |
| 71 |
| 72 std::stringstream text; |
| 73 if (!scheme.empty()) |
| 74 text << scheme << "://"; |
| 75 |
| 76 // host |
| 77 if (is_host_wildcard) { |
| 78 if (host.empty()) |
| 79 text << "*"; |
| 80 else |
| 81 text << "*." << host; |
| 82 } else { |
| 83 text << host; |
| 84 } |
| 85 |
| 86 // port |
| 87 if (is_port_wildcard) |
| 88 text << ":*"; |
| 89 if (port != url::PORT_UNSPECIFIED) |
| 90 text << ":" << port; |
| 91 |
| 92 // path |
| 93 text << path; |
| 94 |
| 95 return text.str(); |
| 96 } |
| 97 |
| 98 bool CSPSource::IsSchemeOnly() const { |
| 99 return !HasHost(); |
| 100 } |
| 101 |
| 102 bool CSPSource::HasPort() const { |
| 103 return port != url::PORT_UNSPECIFIED || is_port_wildcard; |
| 104 } |
| 105 |
| 106 bool CSPSource::HasHost() const { |
| 107 return !host.empty() || is_host_wildcard; |
| 108 } |
| 109 |
| 110 bool CSPSource::HasPath() const { |
| 111 return !path.empty(); |
| 112 } |
| 113 |
| 114 bool CSPSource::AllowScheme(const GURL& url, CSPContext* context) const { |
| 115 if (scheme.empty()) |
| 116 return context->ProtocolMatchesSelf(url); |
| 117 if (scheme == url::kHttpScheme) |
| 118 return url.SchemeIsHTTPOrHTTPS(); |
| 119 if (scheme == url::kWsScheme) |
| 120 return url.SchemeIsWSOrWSS(); |
| 121 return url.SchemeIs(scheme); |
| 122 } |
| 123 |
| 124 bool CSPSource::AllowHost(const GURL& url) const { |
| 125 if (is_host_wildcard) { |
| 126 if (host.empty()) |
| 127 return true; |
| 128 // TODO(arthursonzogni): Chrome used to, incorrectly, match *.x.y to x.y. |
| 129 // The renderer version of this function count how many times it happens. |
| 130 // It might be useful to do it outside of blink too. |
| 131 // See third_party/WebKit/Source/core/frame/csp/CSPSource.cpp |
| 132 return base::EndsWith(url.host(), '.' + host, |
| 133 base::CompareCase::INSENSITIVE_ASCII); |
| 134 } else |
| 135 return url.host() == host; |
| 136 } |
| 137 |
| 138 bool CSPSource::AllowPort(const GURL& url) const { |
| 139 int url_port = url.EffectiveIntPort(); |
| 140 |
| 141 if (is_port_wildcard) |
| 142 return true; |
| 143 |
| 144 if (port == url::PORT_UNSPECIFIED) |
| 145 return DefaultPortForScheme(url.scheme()) == url_port; |
| 146 |
| 147 if (port == url_port) |
| 148 return true; |
| 149 |
| 150 if (port == 80 && url_port == 443) |
| 151 return true; |
| 152 |
| 153 return false; |
| 154 } |
| 155 |
| 156 bool CSPSource::AllowPath(const GURL& url, bool is_redirect) const { |
| 157 if (is_redirect) |
| 158 return true; |
| 159 |
| 160 if (path.empty() || url.path().empty()) |
| 161 return true; |
| 162 |
| 163 std::string url_path; |
| 164 if (!DecodePath(url.path(), &url_path)) { |
| 165 // TODO(arthursonzogni): try to figure out if that could happen and how to |
| 166 // handle it. |
| 167 return false; |
| 168 } |
| 169 |
| 170 // If the path represents a directory. |
| 171 if (base::EndsWith(path, "/", base::CompareCase::SENSITIVE)) |
| 172 return base::StartsWith(url_path, path, base::CompareCase::SENSITIVE); |
| 173 |
| 174 // The path represents a file. |
| 175 return path == url_path; |
| 176 } |
| 177 |
| 178 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
