| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "platform/feature_policy/FeaturePolicy.h" | 5 #include "platform/feature_policy/FeaturePolicy.h" |
| 6 | 6 |
| 7 #include "platform/json/JSONValues.h" | 7 #include "platform/json/JSONValues.h" |
| 8 #include "platform/network/HTTPParsers.h" | 8 #include "platform/network/HTTPParsers.h" |
| 9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
| 10 #include "platform/weborigin/SecurityOrigin.h" | 10 #include "platform/weborigin/SecurityOrigin.h" |
| 11 #include "wtf/PtrUtil.h" | 11 #include "wtf/PtrUtil.h" |
| 12 #include "wtf/text/StringBuilder.h" | 12 #include "wtf/text/StringBuilder.h" |
| 13 | 13 |
| 14 namespace blink { | 14 namespace blink { |
| 15 | 15 |
| 16 namespace { | |
| 17 | |
| 18 // Given a string name, return the matching feature struct, or nullptr if it is | |
| 19 // not the name of a policy-controlled feature. | |
| 20 const FeaturePolicy::Feature* featureForName( | |
| 21 const String& featureName, | |
| 22 FeaturePolicy::FeatureList& features) { | |
| 23 for (const FeaturePolicy::Feature* feature : features) { | |
| 24 if (featureName == feature->featureName) | |
| 25 return feature; | |
| 26 } | |
| 27 return nullptr; | |
| 28 } | |
| 29 | |
| 30 } // namespace | |
| 31 | |
| 32 // Definitions of all features controlled by Feature Policy should appear here. | |
| 33 const FeaturePolicy::Feature kDocumentCookie{ | |
| 34 "cookie", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 35 const FeaturePolicy::Feature kDocumentDomain{ | |
| 36 "domain", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 37 const FeaturePolicy::Feature kDocumentWrite{ | |
| 38 "docwrite", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 39 const FeaturePolicy::Feature kFullscreenFeature{ | |
| 40 "fullscreen", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 41 const FeaturePolicy::Feature kGeolocationFeature{ | |
| 42 "geolocation", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 43 const FeaturePolicy::Feature kMidiFeature{ | |
| 44 "midi", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 45 const FeaturePolicy::Feature kNotificationsFeature{ | |
| 46 "notifications", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 47 const FeaturePolicy::Feature kPaymentFeature{ | |
| 48 "payment", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 49 const FeaturePolicy::Feature kPushFeature{ | |
| 50 "push", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 51 const FeaturePolicy::Feature kSyncScript{ | |
| 52 "sync-script", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 53 const FeaturePolicy::Feature kSyncXHR{ | |
| 54 "sync-xhr", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 55 const FeaturePolicy::Feature kUsermedia{ | |
| 56 "usermedia", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 57 const FeaturePolicy::Feature kVibrateFeature{ | |
| 58 "vibrate", FeaturePolicy::FeatureDefault::EnableForSelf}; | |
| 59 const FeaturePolicy::Feature kWebRTC{ | |
| 60 "webrtc", FeaturePolicy::FeatureDefault::EnableForAll}; | |
| 61 | |
| 62 // static | 16 // static |
| 63 std::unique_ptr<FeaturePolicy::Whitelist> FeaturePolicy::Whitelist::from( | 17 WebParsedFeaturePolicyHeader parseFeaturePolicy(const String& policy, |
| 64 const WebFeaturePolicy::ParsedWhitelist& parsedWhitelist) { | 18 RefPtr<SecurityOrigin> origin, |
| 65 std::unique_ptr<Whitelist> whitelist(new FeaturePolicy::Whitelist); | 19 Vector<String>* messages) { |
| 66 if (parsedWhitelist.matchesAllOrigins) { | 20 Vector<WebParsedFeaturePolicyDeclaration> webPolicyHeader; |
| 67 whitelist->addAll(); | |
| 68 } else { | |
| 69 for (const WebSecurityOrigin& origin : parsedWhitelist.origins) | |
| 70 whitelist->add(static_cast<WTF::PassRefPtr<SecurityOrigin>>(origin)); | |
| 71 } | |
| 72 return whitelist; | |
| 73 } | |
| 74 | |
| 75 FeaturePolicy::Whitelist::Whitelist() : m_matchesAllOrigins(false) {} | |
| 76 | |
| 77 void FeaturePolicy::Whitelist::addAll() { | |
| 78 m_matchesAllOrigins = true; | |
| 79 } | |
| 80 | |
| 81 void FeaturePolicy::Whitelist::add(RefPtr<SecurityOrigin> origin) { | |
| 82 m_origins.push_back(std::move(origin)); | |
| 83 } | |
| 84 | |
| 85 bool FeaturePolicy::Whitelist::contains(const SecurityOrigin& origin) const { | |
| 86 if (m_matchesAllOrigins) | |
| 87 return true; | |
| 88 for (const auto& targetOrigin : m_origins) { | |
| 89 if (targetOrigin->isSameSchemeHostPortAndSuborigin(&origin)) | |
| 90 return true; | |
| 91 } | |
| 92 return false; | |
| 93 } | |
| 94 | |
| 95 String FeaturePolicy::Whitelist::toString() { | |
| 96 StringBuilder sb; | |
| 97 sb.append("["); | |
| 98 if (m_matchesAllOrigins) { | |
| 99 sb.append("*"); | |
| 100 } else { | |
| 101 for (size_t i = 0; i < m_origins.size(); ++i) { | |
| 102 if (i > 0) { | |
| 103 sb.append(", "); | |
| 104 } | |
| 105 sb.append(m_origins[i]->toString()); | |
| 106 } | |
| 107 } | |
| 108 sb.append("]"); | |
| 109 return sb.toString(); | |
| 110 } | |
| 111 | |
| 112 // static | |
| 113 const FeaturePolicy::FeatureList& FeaturePolicy::getDefaultFeatureList() { | |
| 114 DEFINE_STATIC_LOCAL( | |
| 115 Vector<const FeaturePolicy::Feature*>, defaultFeatureList, | |
| 116 ({&kDocumentCookie, &kDocumentDomain, &kDocumentWrite, | |
| 117 &kGeolocationFeature, &kFullscreenFeature, &kMidiFeature, | |
| 118 &kNotificationsFeature, &kPaymentFeature, &kPushFeature, &kSyncScript, | |
| 119 &kSyncXHR, &kUsermedia, &kVibrateFeature, &kWebRTC})); | |
| 120 return defaultFeatureList; | |
| 121 } | |
| 122 | |
| 123 // static | |
| 124 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( | |
| 125 const FeaturePolicy* parent, | |
| 126 RefPtr<SecurityOrigin> currentOrigin, | |
| 127 FeaturePolicy::FeatureList& features) { | |
| 128 DCHECK(currentOrigin); | |
| 129 std::unique_ptr<FeaturePolicy> newPolicy = | |
| 130 WTF::wrapUnique(new FeaturePolicy(currentOrigin, features)); | |
| 131 for (const FeaturePolicy::Feature* feature : features) { | |
| 132 if (!parent || | |
| 133 parent->isFeatureEnabledForOrigin(*feature, *currentOrigin)) { | |
| 134 newPolicy->m_inheritedFeatures.set(feature, true); | |
| 135 } else { | |
| 136 newPolicy->m_inheritedFeatures.set(feature, false); | |
| 137 } | |
| 138 } | |
| 139 return newPolicy; | |
| 140 } | |
| 141 | |
| 142 // static | |
| 143 std::unique_ptr<FeaturePolicy> FeaturePolicy::createFromParentPolicy( | |
| 144 const FeaturePolicy* parent, | |
| 145 RefPtr<SecurityOrigin> currentOrigin) { | |
| 146 return createFromParentPolicy(parent, std::move(currentOrigin), | |
| 147 getDefaultFeatureList()); | |
| 148 } | |
| 149 | |
| 150 // static | |
| 151 WebParsedFeaturePolicy FeaturePolicy::parseFeaturePolicy( | |
| 152 const String& policy, | |
| 153 RefPtr<SecurityOrigin> origin, | |
| 154 Vector<String>* messages) { | |
| 155 Vector<WebFeaturePolicy::ParsedWhitelist> whitelists; | |
| 156 | 21 |
| 157 // Use a reasonable parse depth limit; the actual maximum depth is only going | 22 // Use a reasonable parse depth limit; the actual maximum depth is only going |
| 158 // to be 4 for a valid policy, but we'll give the featurePolicyParser a chance | 23 // to be 4 for a valid policy, but we'll give the featurePolicyParser a chance |
| 159 // to report more specific errors, unless the string is really invalid. | 24 // to report more specific errors, unless the string is really invalid. |
| 160 std::unique_ptr<JSONArray> policyItems = parseJSONHeader(policy, 50); | 25 std::unique_ptr<JSONArray> policyItems = parseJSONHeader(policy, 50); |
| 161 if (!policyItems) { | 26 if (!policyItems) { |
| 162 if (messages) | 27 if (messages) |
| 163 messages->push_back("Unable to parse header"); | 28 messages->push_back("Unable to parse header"); |
| 164 return whitelists; | 29 return webPolicyHeader; |
| 165 } | 30 } |
| 166 | 31 |
| 167 for (size_t i = 0; i < policyItems->size(); ++i) { | 32 for (size_t i = 0; i < policyItems->size(); ++i) { |
| 168 JSONObject* item = JSONObject::cast(policyItems->at(i)); | 33 JSONObject* item = JSONObject::cast(policyItems->at(i)); |
| 169 if (!item) { | 34 if (!item) { |
| 170 if (messages) | 35 if (messages) |
| 171 messages->push_back("Policy is not an object"); | 36 messages->push_back("Policy is not an object"); |
| 172 continue; // Array element is not an object; skip | 37 continue; // Array element is not an object; skip |
| 173 } | 38 } |
| 174 | 39 |
| 175 for (size_t j = 0; j < item->size(); ++j) { | 40 for (size_t j = 0; j < item->size(); ++j) { |
| 176 JSONObject::Entry entry = item->at(j); | 41 JSONObject::Entry entry = item->at(j); |
| 177 String featureName = entry.first; | 42 String featureName = entry.first; |
| 178 JSONArray* targets = JSONArray::cast(entry.second); | 43 JSONArray* targets = JSONArray::cast(entry.second); |
| 179 if (!targets) { | 44 if (!targets) { |
| 180 if (messages) | 45 if (messages) |
| 181 messages->push_back("Whitelist is not an array of strings."); | 46 messages->push_back("Whitelist is not an array of strings."); |
| 182 continue; | 47 continue; |
| 183 } | 48 } |
| 184 | 49 |
| 185 WebFeaturePolicy::ParsedWhitelist whitelist; | 50 WebParsedFeaturePolicyDeclaration webPolicyDeclaration; |
| 186 whitelist.featureName = featureName; | 51 webPolicyDeclaration.featureName = featureName; |
| 187 Vector<WebSecurityOrigin> origins; | 52 Vector<WebSecurityOrigin> origins; |
| 188 String targetString; | 53 String targetString; |
| 189 for (size_t j = 0; j < targets->size(); ++j) { | 54 for (size_t j = 0; j < targets->size(); ++j) { |
| 190 if (targets->at(j)->asString(&targetString)) { | 55 if (targets->at(j)->asString(&targetString)) { |
| 191 if (equalIgnoringCase(targetString, "self")) { | 56 if (equalIgnoringCase(targetString, "self")) { |
| 192 if (!origin->isUnique()) | 57 if (!origin->isUnique()) |
| 193 origins.push_back(origin); | 58 origins.push_back(origin); |
| 194 } else if (targetString == "*") { | 59 } else if (targetString == "*") { |
| 195 whitelist.matchesAllOrigins = true; | 60 webPolicyDeclaration.whitelist.matchesAllOrigins = true; |
| 196 } else { | 61 } else { |
| 197 WebSecurityOrigin targetOrigin = | 62 WebSecurityOrigin targetOrigin = |
| 198 WebSecurityOrigin::createFromString(targetString); | 63 WebSecurityOrigin::createFromString(targetString); |
| 199 if (!targetOrigin.isNull() && !targetOrigin.isUnique()) | 64 if (!targetOrigin.isNull() && !targetOrigin.isUnique()) |
| 200 origins.push_back(targetOrigin); | 65 origins.push_back(targetOrigin); |
| 201 } | 66 } |
| 202 } else { | 67 } else { |
| 203 if (messages) | 68 if (messages) |
| 204 messages->push_back("Whitelist is not an array of strings."); | 69 messages->push_back("Whitelist is not an array of strings."); |
| 205 } | 70 } |
| 206 } | 71 } |
| 207 whitelist.origins = origins; | 72 webPolicyDeclaration.whitelist.origins = origins; |
| 208 whitelists.push_back(whitelist); | 73 webPolicyHeader.push_back(webPolicyDeclaration); |
| 209 } | 74 } |
| 210 } | 75 } |
| 211 return whitelists; | 76 return webPolicyHeader; |
| 212 } | 77 } |
| 213 | 78 |
| 214 void FeaturePolicy::setHeaderPolicy(const WebParsedFeaturePolicy& policy) { | |
| 215 DCHECK(m_headerWhitelists.isEmpty()); | |
| 216 for (const WebFeaturePolicy::ParsedWhitelist& parsedWhitelist : policy) { | |
| 217 const FeaturePolicy::Feature* feature = | |
| 218 featureForName(parsedWhitelist.featureName, m_features); | |
| 219 if (!feature) | |
| 220 continue; | |
| 221 m_headerWhitelists.set(feature, Whitelist::from(parsedWhitelist)); | |
| 222 } | |
| 223 } | |
| 224 | |
| 225 bool FeaturePolicy::isFeatureEnabledForOrigin( | |
| 226 const FeaturePolicy::Feature& feature, | |
| 227 const SecurityOrigin& origin) const { | |
| 228 DCHECK(m_inheritedFeatures.contains(&feature)); | |
| 229 if (!m_inheritedFeatures.get(&feature)) { | |
| 230 return false; | |
| 231 } | |
| 232 if (m_headerWhitelists.contains(&feature)) { | |
| 233 return m_headerWhitelists.get(&feature)->contains(origin); | |
| 234 } | |
| 235 if (feature.defaultPolicy == FeaturePolicy::FeatureDefault::EnableForAll) { | |
| 236 return true; | |
| 237 } | |
| 238 if (feature.defaultPolicy == FeaturePolicy::FeatureDefault::EnableForSelf) { | |
| 239 return m_origin->isSameSchemeHostPortAndSuborigin(&origin); | |
| 240 } | |
| 241 return false; | |
| 242 } | |
| 243 | |
| 244 bool FeaturePolicy::isFeatureEnabled( | |
| 245 const FeaturePolicy::Feature& feature) const { | |
| 246 DCHECK(m_origin); | |
| 247 return isFeatureEnabledForOrigin(feature, *m_origin); | |
| 248 } | |
| 249 | |
| 250 FeaturePolicy::FeaturePolicy(RefPtr<SecurityOrigin> currentOrigin, | |
| 251 FeaturePolicy::FeatureList& features) | |
| 252 : m_origin(std::move(currentOrigin)), m_features(features) {} | |
| 253 | |
| 254 String FeaturePolicy::toString() { | |
| 255 StringBuilder sb; | |
| 256 sb.append("Feature Policy for frame in origin: "); | |
| 257 sb.append(m_origin->toString()); | |
| 258 sb.append("\n"); | |
| 259 sb.append("Inherited features:\n"); | |
| 260 for (const auto& inheritedFeature : m_inheritedFeatures) { | |
| 261 sb.append(" "); | |
| 262 sb.append(inheritedFeature.key->featureName); | |
| 263 sb.append(": "); | |
| 264 sb.append(inheritedFeature.value ? "true" : "false"); | |
| 265 sb.append("\n"); | |
| 266 } | |
| 267 sb.append("Header whitelists:\n"); | |
| 268 for (const auto& whitelist : m_headerWhitelists) { | |
| 269 sb.append(" "); | |
| 270 sb.append(whitelist.key->featureName); | |
| 271 sb.append(": "); | |
| 272 sb.append(whitelist.value->toString()); | |
| 273 sb.append("\n"); | |
| 274 } | |
| 275 return sb.toString(); | |
| 276 } | |
| 277 | 79 |
| 278 } // namespace blink | 80 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2636843003:
Move most Feature Policy code into content/ (Closed)
