OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <sstream> |
| 6 #include "base/strings/string_split.h" |
| 7 #include "base/strings/string_util.h" |
| 8 #include "content/common/content_security_policy/csp_context.h" |
| 9 |
| 10 namespace content { |
| 11 |
| 12 namespace { |
| 13 |
| 14 static CSPDirective::Name CSPFallback(CSPDirective::Name directive) { |
| 15 switch (directive) { |
| 16 case CSPDirective::DefaultSrc: |
| 17 case CSPDirective::FormAction: |
| 18 return CSPDirective::Unknown; |
| 19 |
| 20 case CSPDirective::FrameSrc: |
| 21 return CSPDirective::ChildSrc; |
| 22 |
| 23 case CSPDirective::ChildSrc: |
| 24 return CSPDirective::DefaultSrc; |
| 25 |
| 26 case CSPDirective::Unknown: |
| 27 NOTREACHED(); |
| 28 return CSPDirective::Unknown; |
| 29 } |
| 30 NOTREACHED(); |
| 31 return CSPDirective::Unknown; |
| 32 } |
| 33 |
| 34 std::string ElideURLForReportViolation(const GURL& url) { |
| 35 // TODO(arthursonzogni): the url length should be limited to 1024 char. Find |
| 36 // a function that will not break the utf8 encoding while eliding the string. |
| 37 return url.spec(); |
| 38 } |
| 39 |
| 40 void ReportViolation(CSPContext* context, |
| 41 const ContentSecurityPolicy& policy, |
| 42 const CSPDirective& directive, |
| 43 const CSPDirective::Name directive_name, |
| 44 const GURL& url) { |
| 45 // We should never have a violation against `child-src` or `default-src` |
| 46 // directly; the effective directive should always be one of the explicit |
| 47 // fetch directives. |
| 48 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); |
| 49 DCHECK_NE(directive_name, CSPDirective::ChildSrc); |
| 50 |
| 51 std::stringstream message; |
| 52 |
| 53 if (policy.disposition == blink::WebContentSecurityPolicyTypeReport) |
| 54 message << "[Report Only] "; |
| 55 |
| 56 if (directive_name == CSPDirective::FormAction) |
| 57 message << "Refused to send form data to '"; |
| 58 else if (directive_name == CSPDirective::FrameSrc) |
| 59 message << "Refused to frame '"; |
| 60 |
| 61 message << ElideURLForReportViolation(url) |
| 62 << "' because it violates the following Content Security Policy " |
| 63 "directive: \"" |
| 64 << directive.ToString() << "\"."; |
| 65 |
| 66 if (directive.name != directive_name) |
| 67 message << " Note that '" << CSPDirective::NameToString(directive_name) |
| 68 << "' was not explicitly set, so '" |
| 69 << CSPDirective::NameToString(directive.name) |
| 70 << "' is used as a fallback."; |
| 71 |
| 72 message << "\n"; |
| 73 |
| 74 context->LogToConsole(message.str()); |
| 75 context->ReportViolation(CSPDirective::NameToString(directive.name), |
| 76 CSPDirective::NameToString(directive_name), |
| 77 message.str(), url, policy.report_endpoints, |
| 78 policy.header, policy.disposition); |
| 79 } |
| 80 |
| 81 bool AllowDirective(CSPContext* context, |
| 82 const ContentSecurityPolicy& policy, |
| 83 const CSPDirective& directive, |
| 84 CSPDirective::Name directive_name, |
| 85 const GURL& url, |
| 86 bool is_redirect) { |
| 87 if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect)) |
| 88 return true; |
| 89 |
| 90 ReportViolation(context, policy, directive, directive_name, url); |
| 91 return false; |
| 92 } |
| 93 |
| 94 } // namespace |
| 95 |
| 96 ContentSecurityPolicy::ContentSecurityPolicy() |
| 97 : disposition(blink::WebContentSecurityPolicyTypeEnforce), |
| 98 source(blink::WebContentSecurityPolicySourceHTTP) {} |
| 99 |
| 100 ContentSecurityPolicy::ContentSecurityPolicy( |
| 101 blink::WebContentSecurityPolicyType disposition, |
| 102 blink::WebContentSecurityPolicySource source, |
| 103 const std::vector<CSPDirective>& directives, |
| 104 const std::vector<std::string>& report_endpoints, |
| 105 const std::string& header) |
| 106 : disposition(disposition), |
| 107 source(source), |
| 108 directives(directives), |
| 109 report_endpoints(report_endpoints), |
| 110 header(header) {} |
| 111 |
| 112 ContentSecurityPolicy::ContentSecurityPolicy(const ContentSecurityPolicy&) = |
| 113 default; |
| 114 ContentSecurityPolicy::~ContentSecurityPolicy() = default; |
| 115 |
| 116 // static |
| 117 bool ContentSecurityPolicy::Allow(const ContentSecurityPolicy& policy, |
| 118 CSPDirective::Name directive_name, |
| 119 const GURL& url, |
| 120 CSPContext* context, |
| 121 bool is_redirect) { |
| 122 CSPDirective::Name current_directive_name = directive_name; |
| 123 do { |
| 124 for (const CSPDirective& directive : policy.directives) { |
| 125 if (directive.name == current_directive_name) { |
| 126 bool allowed = AllowDirective(context, policy, directive, |
| 127 directive_name, url, is_redirect); |
| 128 return allowed || |
| 129 policy.disposition == blink::WebContentSecurityPolicyTypeReport; |
| 130 } |
| 131 } |
| 132 current_directive_name = CSPFallback(current_directive_name); |
| 133 } while (current_directive_name != CSPDirective::Unknown); |
| 134 return true; |
| 135 } |
| 136 |
| 137 std::string ContentSecurityPolicy::ToString() const { |
| 138 std::stringstream text; |
| 139 bool is_first_policy = true; |
| 140 for (const CSPDirective& directive : directives) { |
| 141 if (!is_first_policy) |
| 142 text << "; "; |
| 143 is_first_policy = false; |
| 144 text << directive.ToString(); |
| 145 } |
| 146 |
| 147 if (!report_endpoints.empty()) { |
| 148 if (!is_first_policy) |
| 149 text << "; "; |
| 150 is_first_policy = false; |
| 151 text << "report-uri"; |
| 152 for (const std::string& endpoint : report_endpoints) |
| 153 text << " " << endpoint; |
| 154 } |
| 155 |
| 156 return text.str(); |
| 157 } |
| 158 |
| 159 } // namespace content |
OLD | NEW |