OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "bindings/core/v8/SourceLocation.h" | 7 #include "bindings/core/v8/SourceLocation.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
(...skipping 939 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
950 | 950 |
951 if (begin == end) | 951 if (begin == end) |
952 return; | 952 return; |
953 | 953 |
954 const UChar* position = begin; | 954 const UChar* position = begin; |
955 while (position < end) { | 955 while (position < end) { |
956 const UChar* directive_begin = position; | 956 const UChar* directive_begin = position; |
957 skipUntil<UChar>(position, end, ';'); | 957 skipUntil<UChar>(position, end, ';'); |
958 | 958 |
959 String name, value; | 959 String name, value; |
960 if (ParseDirective(directive_begin, position, name, value)) { | 960 if (ParseDirective(directive_begin, position, name, value, policy_)) { |
961 DCHECK(!name.IsEmpty()); | 961 DCHECK(!name.IsEmpty()); |
962 AddDirective(name, value); | 962 AddDirective(name, value); |
963 } | 963 } |
964 | 964 |
965 DCHECK(position == end || *position == ';'); | 965 DCHECK(position == end || *position == ';'); |
966 skipExactly<UChar>(position, end, ';'); | 966 skipExactly<UChar>(position, end, ';'); |
967 } | 967 } |
968 } | 968 } |
969 | 969 |
970 // static | |
971 bool CSPDirectiveList::IsValid(const String& directive_list) { | |
972 Vector<UChar> characters; | |
973 directive_list.AppendTo(characters); | |
974 const UChar* begin = characters.data(); | |
975 const UChar* end = begin + characters.size(); | |
976 | |
977 return IsValid(begin, end); | |
978 } | |
979 | |
980 // static | |
981 bool CSPDirectiveList::IsValid(const UChar* begin, const UChar* end) { | |
982 if (begin == end) | |
983 return false; | |
984 | |
985 String name, value; | |
986 const UChar* position = begin; | |
987 while (position < end) { | |
988 const UChar* directive_begin = position; | |
989 skipUntil<UChar>(position, end, ';'); | |
990 | |
991 name = value = ""; | |
Mike West
2017/05/23 19:21:36
I don't think you actually need two strings. Somet
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
| |
992 if (!ParseDirective(directive_begin, position, name, value, nullptr)) | |
Mike West
2017/05/23 19:21:36
This is doing to dump console messages that probab
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
| |
993 return false; | |
994 | |
995 if (ContentSecurityPolicy::GetDirectiveType(name) == | |
996 ContentSecurityPolicy::DirectiveType::kUndefined) | |
Mike West
2017/05/23 19:21:36
Style nit: {} after multi-line conditionals.
andypaicu
2017/05/26 14:41:09
I've modified this whole bit.
| |
997 return false; | |
998 | |
999 DCHECK(position == end || *position == ';'); | |
1000 skipExactly<UChar>(position, end, ';'); | |
1001 } | |
1002 | |
1003 return true; | |
1004 } | |
1005 | |
970 // directive = *WSP [ directive-name [ WSP directive-value ] ] | 1006 // directive = *WSP [ directive-name [ WSP directive-value ] ] |
971 // directive-name = 1*( ALPHA / DIGIT / "-" ) | 1007 // directive-name = 1*( ALPHA / DIGIT / "-" ) |
972 // directive-value = *( WSP / <VCHAR except ";"> ) | 1008 // directive-value = *( WSP / <VCHAR except ";"> ) |
973 // | 1009 |
1010 // static | |
974 bool CSPDirectiveList::ParseDirective(const UChar* begin, | 1011 bool CSPDirectiveList::ParseDirective(const UChar* begin, |
975 const UChar* end, | 1012 const UChar* end, |
976 String& name, | 1013 String& name, |
977 String& value) { | 1014 String& value, |
1015 ContentSecurityPolicy* policy) { | |
978 DCHECK(name.IsEmpty()); | 1016 DCHECK(name.IsEmpty()); |
979 DCHECK(value.IsEmpty()); | 1017 DCHECK(value.IsEmpty()); |
980 | 1018 |
981 const UChar* position = begin; | 1019 const UChar* position = begin; |
982 skipWhile<UChar, IsASCIISpace>(position, end); | 1020 skipWhile<UChar, IsASCIISpace>(position, end); |
983 | 1021 |
984 // Empty directive (e.g. ";;;"). Exit early. | 1022 // Empty directive (e.g. ";;;"). Exit early. |
985 if (position == end) | 1023 if (position == end) |
986 return false; | 1024 return false; |
987 | 1025 |
988 const UChar* name_begin = position; | 1026 const UChar* name_begin = position; |
989 skipWhile<UChar, IsCSPDirectiveNameCharacter>(position, end); | 1027 skipWhile<UChar, IsCSPDirectiveNameCharacter>(position, end); |
990 | 1028 |
991 // The directive-name must be non-empty. | 1029 // The directive-name must be non-empty. |
992 if (name_begin == position) { | 1030 if (name_begin == position) { |
993 skipWhile<UChar, IsNotASCIISpace>(position, end); | 1031 skipWhile<UChar, IsNotASCIISpace>(position, end); |
994 policy_->ReportUnsupportedDirective( | 1032 if (policy) { |
995 String(name_begin, position - name_begin)); | 1033 policy->ReportUnsupportedDirective( |
1034 String(name_begin, position - name_begin)); | |
1035 } | |
996 return false; | 1036 return false; |
997 } | 1037 } |
998 | 1038 |
999 name = String(name_begin, position - name_begin); | 1039 name = String(name_begin, position - name_begin); |
1000 | 1040 |
1001 if (position == end) | 1041 if (position == end) |
1002 return true; | 1042 return true; |
1003 | 1043 |
1004 if (!skipExactly<UChar, IsASCIISpace>(position, end)) { | 1044 if (!skipExactly<UChar, IsASCIISpace>(position, end)) { |
1005 skipWhile<UChar, IsNotASCIISpace>(position, end); | 1045 skipWhile<UChar, IsNotASCIISpace>(position, end); |
1006 policy_->ReportUnsupportedDirective( | 1046 if (policy) { |
1007 String(name_begin, position - name_begin)); | 1047 policy->ReportUnsupportedDirective( |
1048 String(name_begin, position - name_begin)); | |
1049 } | |
1008 return false; | 1050 return false; |
1009 } | 1051 } |
1010 | 1052 |
1011 skipWhile<UChar, IsASCIISpace>(position, end); | 1053 skipWhile<UChar, IsASCIISpace>(position, end); |
1012 | 1054 |
1013 const UChar* value_begin = position; | 1055 const UChar* value_begin = position; |
1014 skipWhile<UChar, IsCSPDirectiveValueCharacter>(position, end); | 1056 skipWhile<UChar, IsCSPDirectiveValueCharacter>(position, end); |
1015 | 1057 |
1016 if (position != end) { | 1058 if (position != end) { |
1017 policy_->ReportInvalidDirectiveValueCharacter( | 1059 if (policy) { |
1018 name, String(value_begin, end - value_begin)); | 1060 policy->ReportInvalidDirectiveValueCharacter( |
1061 name, String(value_begin, end - value_begin)); | |
1062 } | |
1019 return false; | 1063 return false; |
1020 } | 1064 } |
1021 | 1065 |
1022 // The directive-value may be empty. | 1066 // The directive-value may be empty. |
1023 if (value_begin == position) | 1067 if (value_begin == position) |
1024 return true; | 1068 return true; |
1025 | 1069 |
1026 value = String(value_begin, position - value_begin); | 1070 value = String(value_begin, position - value_begin); |
1027 return true; | 1071 return true; |
1028 } | 1072 } |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1218 // TODO(mkwst) It seems unlikely that developers would use different | 1262 // TODO(mkwst) It seems unlikely that developers would use different |
1219 // algorithms for scripts and styles. We may want to combine the | 1263 // algorithms for scripts and styles. We may want to combine the |
1220 // usesScriptHashAlgorithms() and usesStyleHashAlgorithms. | 1264 // usesScriptHashAlgorithms() and usesStyleHashAlgorithms. |
1221 policy_->UsesScriptHashAlgorithms(default_src_->HashAlgorithmsUsed()); | 1265 policy_->UsesScriptHashAlgorithms(default_src_->HashAlgorithmsUsed()); |
1222 policy_->UsesStyleHashAlgorithms(default_src_->HashAlgorithmsUsed()); | 1266 policy_->UsesStyleHashAlgorithms(default_src_->HashAlgorithmsUsed()); |
1223 } else if (type == ContentSecurityPolicy::DirectiveType::kScriptSrc) { | 1267 } else if (type == ContentSecurityPolicy::DirectiveType::kScriptSrc) { |
1224 SetCSPDirective<SourceListDirective>(name, value, script_src_); | 1268 SetCSPDirective<SourceListDirective>(name, value, script_src_); |
1225 policy_->UsesScriptHashAlgorithms(script_src_->HashAlgorithmsUsed()); | 1269 policy_->UsesScriptHashAlgorithms(script_src_->HashAlgorithmsUsed()); |
1226 } else if (type == ContentSecurityPolicy::DirectiveType::kObjectSrc) { | 1270 } else if (type == ContentSecurityPolicy::DirectiveType::kObjectSrc) { |
1227 SetCSPDirective<SourceListDirective>(name, value, object_src_); | 1271 SetCSPDirective<SourceListDirective>(name, value, object_src_); |
1228 } else if (type == | 1272 } else if (type == ContentSecurityPolicy::DirectiveType::kFrameAncestors) { |
1229 | |
1230 ContentSecurityPolicy::DirectiveType::kFrameAncestors) { | |
1231 SetCSPDirective<SourceListDirective>(name, value, frame_ancestors_); | 1273 SetCSPDirective<SourceListDirective>(name, value, frame_ancestors_); |
1232 } else if (type == ContentSecurityPolicy::DirectiveType::kFrameSrc) { | 1274 } else if (type == ContentSecurityPolicy::DirectiveType::kFrameSrc) { |
1233 SetCSPDirective<SourceListDirective>(name, value, frame_src_); | 1275 SetCSPDirective<SourceListDirective>(name, value, frame_src_); |
1234 } else if (type == ContentSecurityPolicy::DirectiveType::kImgSrc) { | 1276 } else if (type == ContentSecurityPolicy::DirectiveType::kImgSrc) { |
1235 SetCSPDirective<SourceListDirective>(name, value, img_src_); | 1277 SetCSPDirective<SourceListDirective>(name, value, img_src_); |
1236 } else if (type == ContentSecurityPolicy::DirectiveType::kStyleSrc) { | 1278 } else if (type == ContentSecurityPolicy::DirectiveType::kStyleSrc) { |
1237 SetCSPDirective<SourceListDirective>(name, value, style_src_); | 1279 SetCSPDirective<SourceListDirective>(name, value, style_src_); |
1238 policy_->UsesStyleHashAlgorithms(style_src_->HashAlgorithmsUsed()); | 1280 policy_->UsesStyleHashAlgorithms(style_src_->HashAlgorithmsUsed()); |
1239 } else if (type == ContentSecurityPolicy::DirectiveType::kFontSrc) { | 1281 } else if (type == ContentSecurityPolicy::DirectiveType::kFontSrc) { |
1240 SetCSPDirective<SourceListDirective>(name, value, font_src_); | 1282 SetCSPDirective<SourceListDirective>(name, value, font_src_); |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1418 visitor->Trace(img_src_); | 1460 visitor->Trace(img_src_); |
1419 visitor->Trace(media_src_); | 1461 visitor->Trace(media_src_); |
1420 visitor->Trace(manifest_src_); | 1462 visitor->Trace(manifest_src_); |
1421 visitor->Trace(object_src_); | 1463 visitor->Trace(object_src_); |
1422 visitor->Trace(script_src_); | 1464 visitor->Trace(script_src_); |
1423 visitor->Trace(style_src_); | 1465 visitor->Trace(style_src_); |
1424 visitor->Trace(worker_src_); | 1466 visitor->Trace(worker_src_); |
1425 } | 1467 } |
1426 | 1468 |
1427 } // namespace blink | 1469 } // namespace blink |
OLD | NEW |