Stop CSP from matching independent scheme/port upgrades

third_party/WebKit/Source/core/frame/csp/CSPSource.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/csp/CSPSource.h"
 
 #include "core/frame/UseCounter.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/KnownPorts.h"
@@ skipping 12 matching lines @@
     : m_policy(policy),
       m_scheme(scheme.lower()),
       m_host(host),
       m_port(port),
       m_path(path),
       m_hostWildcard(hostWildcard),
       m_portWildcard(portWildcard) {}
 
 bool CSPSource::matches(const KURL& url,
                         ResourceRequest::RedirectStatus redirectStatus) const {
-  bool schemesMatch = m_scheme.isEmpty() ? m_policy->protocolMatchesSelf(url)
-                                         : schemeMatches(url.protocol());
-  if (!schemesMatch)
+  SchemeMatchingResult schemesMatch = schemeMatches(url.protocol());
+  if (schemesMatch == SchemeMatchingResult::NotMatching)
     return false;
   if (isSchemeOnly())
     return true;
   bool pathsMatch = (redirectStatus == RedirectStatus::FollowedRedirect) ||
                     pathMatches(url.path());
-  return hostMatches(url.host()) && portMatches(url.port(), url.protocol()) &&
-         pathsMatch;
+  PortMatchingResult portsMatch = portMatches(url.port(), url.protocol());
+
+  // if either the scheme or the port would require an upgrade (e.g. from http
+  // to https) then check that both of them can upgrade to ensure that we don't
+  // run into situations where we only upgrade the port but not the scheme or
+  // viceversa
+  if ((requiresUpgrade(schemesMatch) || (requiresUpgrade(portsMatch))) &&
+      (!canUpgrade(schemesMatch) || !canUpgrade(portsMatch))) {
+    return false;
+  }
+
+  return hostMatches(url.host()) && portsMatch != PortMatchingResult::NotMatching && pathsMatch;
 }
 
-bool CSPSource::schemeMatches(const String& protocol) const {
+CSPSource::SchemeMatchingResult CSPSource::schemeMatches(
+    const String& protocol) const {
   DCHECK_EQ(protocol, protocol.lower());
-  if (m_scheme == "http")
-    return protocol == "http" || protocol == "https";
-  if (m_scheme == "ws")
-    return protocol == "ws" || protocol == "wss";
-  return protocol == m_scheme;
+  const String& scheme =
+      (m_scheme.isEmpty() ? m_policy->getSelfProtocol() : m_scheme);
+
+  if (scheme == protocol)
+    return SchemeMatchingResult::MatchingExact;
+
+  if ((scheme == "http" && protocol == "https") ||
+      (scheme == "http" && protocol == "https-so") ||
+      (scheme == "ws" && protocol == "wss")) {
+    return SchemeMatchingResult::MatchingUpgrade;
+  }
+
+  if ((scheme == "http" && protocol == "http-so") ||
+      (scheme == "https" && protocol == "https-so")) {
+    return SchemeMatchingResult::MatchingExact;
+  }
+
+  return SchemeMatchingResult::NotMatching;
 }
 
 bool CSPSource::hostMatches(const String& host) const {
   Document* document = m_policy->document();
   bool match;
 
   bool equalHosts = m_host == host;
   if (m_hostWildcard == HasWildcard) {
     if (m_host.isEmpty()) {
       // host-part = "*"
@@ skipping 23 matching lines @@
     return true;
 
   String path = decodeURLEscapeSequences(urlPath);
 
   if (m_path.endsWith("/"))
     return path.startsWith(m_path);
 
   return path == m_path;
 }
 
-bool CSPSource::portMatches(int port, const String& protocol) const {
+CSPSource::PortMatchingResult CSPSource::portMatches(
+    int port,
+    const String& protocol) const {
   if (m_portWildcard == HasWildcard)
-    return true;
+    return PortMatchingResult::MatchingWildcard;
 
-  if (port == m_port)
-    return true;
+  if (port == m_port) {
+    if (port == 0)
+      return PortMatchingResult::MatchingWildcard;
+    return PortMatchingResult::MatchingExact;
+  }
 
-  if (m_port == 80 &&
+  bool isSchemeHttp;  // needed for detecting an upgrade when the port is 0
+  isSchemeHttp = m_scheme.isEmpty() ? m_policy->protocolEqualsSelf("http")
+                                    : equalIgnoringCase("http", m_scheme);
+
+  if ((m_port == 80 || (m_port == 0 && isSchemeHttp)) &&
       (port == 443 || (port == 0 && defaultPortForProtocol(protocol) == 443)))
-    return true;
+    return PortMatchingResult::MatchingUpgrade;
 
-  if (!port)
-    return isDefaultPortForProtocol(m_port, protocol);
+  if (!port) {
+    if (isDefaultPortForProtocol(m_port, protocol))
+      return PortMatchingResult::MatchingExact;
 
-  if (!m_port)
-    return isDefaultPortForProtocol(port, protocol);
+    return PortMatchingResult::NotMatching;
+  }
 
-  return false;
+  if (!m_port) {
+    if (isDefaultPortForProtocol(port, protocol))
+      return PortMatchingResult::MatchingExact;
+
+    return PortMatchingResult::NotMatching;
+  }
+
+  return PortMatchingResult::NotMatching;
 }
 
 bool CSPSource::subsumes(CSPSource* other) const {
-  if (!schemeMatches(other->m_scheme))
+  if (schemeMatches(other->m_scheme) == SchemeMatchingResult::NotMatching)
     return false;
 
   if (other->isSchemeOnly() || isSchemeOnly())
     return isSchemeOnly();
 
   if ((m_hostWildcard == NoWildcard && other->m_hostWildcard == HasWildcard) ||
       (m_portWildcard == NoWildcard && other->m_portWildcard == HasWildcard)) {
     return false;
   }
 
   bool hostSubsumes = (m_host == other->m_host || hostMatches(other->m_host));
   bool portSubsumes = (m_portWildcard == HasWildcard) ||
-                      portMatches(other->m_port, other->m_scheme);
+      portMatches(other->m_port, other->m_scheme) != PortMatchingResult::NotMatching;
   bool pathSubsumes = pathMatches(other->m_path);
   return hostSubsumes && portSubsumes && pathSubsumes;
 }
 
 bool CSPSource::isSimilar(CSPSource* other) const {
   bool schemesMatch =
-      schemeMatches(other->m_scheme) || other->schemeMatches(m_scheme);
+      schemeMatches(other->m_scheme) != SchemeMatchingResult::NotMatching
+      || other->schemeMatches(m_scheme) != SchemeMatchingResult::NotMatching;
   if (!schemesMatch || isSchemeOnly() || other->isSchemeOnly())
     return schemesMatch;
   bool hostsMatch = (m_host == other->m_host) || hostMatches(other->m_host) ||
                     other->hostMatches(m_host);
   bool portsMatch = (other->m_portWildcard == HasWildcard) ||
-                    portMatches(other->m_port, other->m_scheme) ||
-                    other->portMatches(m_port, m_scheme);
+      portMatches(other->m_port, other->m_scheme) != PortMatchingResult::NotMatching ||
+      other->portMatches(m_port, m_scheme) != PortMatchingResult::NotMatching;
   bool pathsMatch = pathMatches(other->m_path) || other->pathMatches(m_path);
   if (hostsMatch && portsMatch && pathsMatch)
     return true;
 
   return false;
 }
 
 CSPSource* CSPSource::intersect(CSPSource* other) const {
   if (!isSimilar(other))
     return nullptr;
 
-  String scheme = other->schemeMatches(m_scheme) ? m_scheme : other->m_scheme;
+  String scheme = other->schemeMatches(m_scheme) != SchemeMatchingResult::NotMatching ? m_scheme : other->m_scheme;
   if (isSchemeOnly() || other->isSchemeOnly()) {
     const CSPSource* stricter = isSchemeOnly() ? other : this;
     return new CSPSource(m_policy, scheme, stricter->m_host, stricter->m_port,
                          stricter->m_path, stricter->m_hostWildcard,
                          stricter->m_portWildcard);
   }
 
   String host = m_hostWildcard == NoWildcard ? m_host : other->m_host;
   // Since sources are similar and paths match, pick the longer one.
   String path =
@@ skipping 51 matching lines @@
       static_cast<WebWildcardDisposition>(m_portWildcard);
   sourceExpression.path = m_path;
   return sourceExpression;
 }
 
 DEFINE_TRACE(CSPSource) {
   visitor->trace(m_policy);
 }
 
 }  // namespace blink