CSP Suborigins

Source/core/frame/csp/CSPDirectiveList.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "core/frame/csp/CSPDirectiveList.h"
 
 #include "core/dom/Document.h"
 #include "core/dom/SecurityContext.h"
 #include "core/frame/LocalFrame.h"
@@ skipping 25 matching lines @@
     return "sha256-" + base64URLEncode(reinterpret_cast<char*>(digest.data()), digest.size(), Base64DoNotInsertLFs);
 }
 
 }
 
 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
     : m_policy(policy)
     , m_headerType(type)
     , m_headerSource(source)
     , m_reportOnly(false)
-    , m_haveSandboxPolicy(false)
+    , m_hasSandboxPolicy(false)
+    , m_hasSuboriginPolicy(false)
     , m_reflectedXSSDisposition(ReflectedXSSUnset)
     , m_didSetReferrerPolicy(false)
     , m_referrerPolicy(ReferrerPolicyDefault)
     , m_strictMixedContentCheckingEnforced(false)
     , m_upgradeInsecureRequests(false)
 {
     m_reportOnly = type == ContentSecurityPolicyHeaderTypeReport;
 }
 
 PassOwnPtr<CSPDirectiveList> CSPDirectiveList::create(ContentSecurityPolicy* policy, const UChar* begin, const UChar* end, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
@@ skipping 468 matching lines @@
     }
     directive = adoptPtr(new CSPDirectiveType(name, value, m_policy));
 }
 
 void CSPDirectiveList::applySandboxPolicy(const String& name, const String& sandboxPolicy)
 {
     if (m_reportOnly) {
         m_policy->reportInvalidInReportOnly(name);
         return;
     }
-    if (m_haveSandboxPolicy) {
+    if (m_hasSandboxPolicy) {
         m_policy->reportDuplicateDirective(name);
         return;
     }
-    m_haveSandboxPolicy = true;
+    m_hasSandboxPolicy = true;
     String invalidTokens;
     m_policy->enforceSandboxFlags(parseSandboxPolicy(sandboxPolicy, invalidTokens));
     if (!invalidTokens.isNull())
         m_policy->reportInvalidSandboxFlags(invalidTokens);
 }
 
 void CSPDirectiveList::enforceStrictMixedContentChecking(const String& name, const String& value)
 {
     if (m_reportOnly) {
         m_policy->reportInvalidInReportOnly(name);
@@ skipping 19 matching lines @@
         m_policy->reportDuplicateDirective(name);
         return;
     }
     m_upgradeInsecureRequests = true;
 
     m_policy->setInsecureRequestsPolicy(SecurityContext::InsecureRequestsUpgrade);
     if (!value.isEmpty())
         m_policy->reportValueForEmptyDirective(name, value);
 }
 
+void CSPDirectiveList::applySuboriginPolicy(const String& name, const String& suboriginPolicy)
+{

[Mike West, 2015/03/23 07:32:55]

Nit: ASSERT(RuntimeEnabledFeatures::suboriginsEnabled()).

[jww, 2015/04/11 02:52:36]

Done.

+    if (m_headerSource == ContentSecurityPolicyHeaderSourceMeta) {
+        m_policy->reportSuboriginInMeta(suboriginPolicy);
+        return;
+    }
+
+    if (m_hasSuboriginPolicy) {
+        m_policy->reportDuplicateDirective(name);
+        return;
+    }
+    m_hasSuboriginPolicy = true;
+    String suboriginName = parseSuboriginName(suboriginPolicy);
+    if (!suboriginName.isNull())
+        m_policy->enforceSuborigin(suboriginName);
+}
+
 void CSPDirectiveList::parseReflectedXSS(const String& name, const String& value)
 {
     if (m_reflectedXSSDisposition != ReflectedXSSUnset) {
         m_policy->reportDuplicateDirective(name);
         m_reflectedXSSDisposition = ReflectedXSSInvalid;
         return;
     }
 
     if (value.isEmpty()) {
         m_reflectedXSSDisposition = ReflectedXSSInvalid;
@@ skipping 80 matching lines @@
     }
 
     skipWhile<UChar, isASCIISpace>(position, end);
     if (position == end)
         return;
 
     // value1 value2
     //        ^
     m_referrerPolicy = ReferrerPolicyNever;
     m_policy->reportInvalidReferrer(value);
+}
 
+String CSPDirectiveList::parseSuboriginName(const String& policy)

[Mike West, 2015/03/23 07:32:55]

We really need to add some parser unittests. Would you mind starting a
`CSPDirectiveListTest.cpp` file and adding some test cases for this method?
Sorry I haven't already started that work. :/

+{
+    Vector<UChar> characters;
+    policy.appendTo(characters);
+
+    const UChar* position = characters.data();
+    const UChar* end = position + characters.size();
+
+    // Parse the name of the suborigin (no spaces, single string)
+    skipWhile<UChar, isASCIISpace>(position, end);
+    if (position == end) {
+        m_policy->reportInvalidSuboriginFlags("No suborigin name specified.");
+        return String();
+    }
+
+    const UChar* begin = position;
+
+    skipWhile<UChar, isASCIIAlphanumeric>(position, end);
+    if (position != end && !isASCIISpace(*position)) {
+        m_policy->reportInvalidSuboriginFlags("Invalid character \'" + String(position, 1) + "\' in suborigin.");
+        return String();
+    }
+    size_t length = position - begin;
+    skipWhile<UChar, isASCIISpace>(position, end);
+    if (position != end) {
+        m_policy->reportInvalidSuboriginFlags("Whitespace is not allowed in suborigin names.");
+        return String();
+    }
+
+    return String(begin, length);
 }
 
 void CSPDirectiveList::addDirective(const String& name, const String& value)
 {
     ASSERT(!name.isEmpty());
 
     if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
@@ skipping 24 matching lines @@
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_childSrc);
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
         setCSPDirective<SourceListDirective>(name, value, m_formAction);
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) {
         setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) {
         parseReflectedXSS(name, value);
     } else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) {
         parseReferrer(name, value);
+    } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(name, ContentSecurityPolicy::Suborigin)) {
+        applySuboriginPolicy(name, value);
     } else if (m_policy->experimentalFeaturesEnabled()) {
         if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc))
             setCSPDirective<SourceListDirective>(name, value, m_manifestSrc);
         else if (equalIgnoringCase(name, ContentSecurityPolicy::BlockAllMixedContent))
             enforceStrictMixedContentChecking(name, value);
         else if (equalIgnoringCase(name, ContentSecurityPolicy::UpgradeInsecureRequests))
             enableInsecureRequestsUpgrade(name, value);
         else
             m_policy->reportUnsupportedDirective(name);
     } else {
         m_policy->reportUnsupportedDirective(name);
     }
 }
 
 
 } // namespace blink