diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h')
| -rw-r--r-- | chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h | 198 |
1 files changed, 70 insertions, 128 deletions
diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h index d8aa25abeba..4ca6b299bba 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.h @@ -63,8 +63,6 @@ namespace blink { class ContentSecurityPolicyResponseHeaders; class ConsoleMessage; -class CSPDirectiveList; -class CSPSource; class DOMWrapperWorld; class Element; class ExecutionContext; @@ -76,11 +74,9 @@ class SecurityPolicyViolationEventInit; class SourceLocation; enum class ResourceType : uint8_t; -typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; -typedef std::pair<String, network::mojom::ContentSecurityPolicyType> - CSPHeaderAndType; using RedirectStatus = ResourceRequest::RedirectStatus; +using network::mojom::blink::CSPDirectiveName; // A delegate interface to implement violation reporting, support for some // directives and other miscellaneous functionality. @@ -165,40 +161,6 @@ class CORE_EXPORT ContentSecurityPolicy final kStyleAttribute }; - enum class DirectiveType { - kBaseURI, - kBlockAllMixedContent, - kChildSrc, - kConnectSrc, - kDefaultSrc, - kFontSrc, - kFormAction, - kFrameAncestors, - kFrameSrc, - kImgSrc, - kManifestSrc, - kMediaSrc, - kNavigateTo, - kObjectSrc, - kPluginTypes, - kPrefetchSrc, - kReportTo, - kReportURI, - kRequireTrustedTypesFor, - kSandbox, - kScriptSrc, - kScriptSrcAttr, - kScriptSrcElem, - kStyleSrc, - kStyleSrcAttr, - kStyleSrcElem, - kTreatAsPublicAddress, - kTrustedTypes, - kUndefined, - kUpgradeInsecureRequests, - kWorkerSrc, - }; - // CheckHeaderType can be passed to Allow*FromSource methods to control which // types of CSP headers are checked. enum class CheckHeaderType { @@ -213,29 +175,36 @@ class CORE_EXPORT ContentSecurityPolicy final kCheckReportOnly }; + // Helper type for the method AllowTrustedTypePolicy. + enum AllowTrustedTypePolicyDetails { + kAllowed, + kDisallowedName, + kDisallowedDuplicateName + }; + static const size_t kMaxSampleLength = 40; + // Parse raw Content Security Policy strings into mojo types. + static WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr> + ParseHeaders(const ContentSecurityPolicyResponseHeaders& headers); + ContentSecurityPolicy(); ~ContentSecurityPolicy(); void Trace(Visitor*) const; bool IsBound(); void BindToDelegate(ContentSecurityPolicyDelegate&); - void SetupSelf(const SecurityOrigin&); - void SetupSelf(const ContentSecurityPolicy&); void CopyStateFrom(const ContentSecurityPolicy*); - void CopyPluginTypesFrom(const ContentSecurityPolicy*); void DidReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); void DidReceiveHeader(const String&, + const SecurityOrigin& self_origin, network::mojom::ContentSecurityPolicyType, network::mojom::ContentSecurityPolicySource); - void AddPolicyFromHeaderValue(const String&, - network::mojom::ContentSecurityPolicyType, - network::mojom::ContentSecurityPolicySource); void ReportAccumulatedHeaders() const; - Vector<CSPHeaderAndType> Headers() const; + void AddPolicies( + Vector<network::mojom::blink::ContentSecurityPolicyPtr> policies); // Returns whether or not the Javascript code generation should call back the // CSP checker before any script evaluation from a string attempts. @@ -251,33 +220,28 @@ class CORE_EXPORT ContentSecurityPolicy final // message to the console because it would be redundant. bool AllowEval(ReportingDisposition, ExceptionStatus, - const String& script_content) const; + const String& script_content); bool AllowWasmEval(ReportingDisposition, ExceptionStatus, - const String& script_content) const; - bool AllowPluginType( - const String& type, - const String& type_attribute, - const KURL&, - ReportingDisposition = ReportingDisposition::kReport) const; + const String& script_content); // AllowFromSource() wrappers. - bool AllowBaseURI(const KURL&) const; + bool AllowBaseURI(const KURL&); bool AllowConnectToSource( const KURL&, const KURL& url_before_redirects, RedirectStatus, ReportingDisposition = ReportingDisposition::kReport, - CheckHeaderType = CheckHeaderType::kCheckAll) const; - bool AllowFormAction(const KURL&) const; + CheckHeaderType = CheckHeaderType::kCheckAll); + bool AllowFormAction(const KURL&); bool AllowImageFromSource( const KURL&, const KURL& url_before_redirects, RedirectStatus, ReportingDisposition = ReportingDisposition::kReport, - CheckHeaderType = CheckHeaderType::kCheckAll) const; - bool AllowMediaFromSource(const KURL&) const; - bool AllowObjectFromSource(const KURL&) const; + CheckHeaderType = CheckHeaderType::kCheckAll); + bool AllowMediaFromSource(const KURL&); + bool AllowObjectFromSource(const KURL&); bool AllowScriptFromSource( const KURL&, const String& nonce, @@ -286,11 +250,12 @@ class CORE_EXPORT ContentSecurityPolicy final const KURL& url_before_redirects, RedirectStatus, ReportingDisposition = ReportingDisposition::kReport, - CheckHeaderType = CheckHeaderType::kCheckAll) const; - bool AllowWorkerContextFromSource(const KURL&) const; + CheckHeaderType = CheckHeaderType::kCheckAll); + bool AllowWorkerContextFromSource(const KURL&); bool AllowTrustedTypePolicy(const String& policy_name, - bool is_duplicate) const; + bool is_duplicate, + AllowTrustedTypePolicyDetails& violation_details); // Passing 'String()' into the |nonce| arguments in the following methods // represents an unnonced resource load. @@ -309,7 +274,7 @@ class CORE_EXPORT ContentSecurityPolicy final const String& nonce, const String& context_url, const WTF::OrdinalNumber& context_line, - ReportingDisposition = ReportingDisposition::kReport) const; + ReportingDisposition = ReportingDisposition::kReport); static bool IsScriptInlineType(InlineType); @@ -335,14 +300,14 @@ class CORE_EXPORT ContentSecurityPolicy final const KURL& url_before_redirects, RedirectStatus, ReportingDisposition = ReportingDisposition::kReport, - CheckHeaderType = CheckHeaderType::kCheckAll) const; + CheckHeaderType = CheckHeaderType::kCheckAll); // Determine whether to enforce the assignment failure. Also handle reporting. // Returns whether enforcing Trusted Types CSP directives are present. bool AllowTrustedTypeAssignmentFailure( const String& message, const String& sample = String(), - const String& sample_prefix = String()) const; + const String& sample_prefix = String()); void UsesScriptHashAlgorithms(uint8_t content_security_policy_hash_algorithm); void UsesStyleHashAlgorithms(uint8_t content_security_policy_hash_algorithm); @@ -366,7 +331,7 @@ class CORE_EXPORT ContentSecurityPolicy final void ReportInvalidPathCharacter(const String& directive_name, const String& value, const char); - void ReportInvalidPluginTypes(const String&); + void ReportInvalidRequireTrustedTypesFor(const String&); void ReportInvalidSandboxFlags(const String&); void ReportInvalidSourceExpression(const String& directive_name, const String& source); @@ -387,7 +352,7 @@ class CORE_EXPORT ContentSecurityPolicy final // If |sourceLocation| is not set, the source location will be the context's // current location. void ReportViolation(const String& directive_text, - const DirectiveType& effective_type, + CSPDirectiveName effective_type, const String& console_message, const KURL& blocked_url, const Vector<String>& report_endpoints, @@ -405,7 +370,7 @@ class CORE_EXPORT ContentSecurityPolicy final // Called when mixed content is detected on a page; will trigger a violation // report if the 'block-all-mixed-content' directive is specified for a // policy. - void ReportMixedContent(const KURL& blocked_url, RedirectStatus) const; + void ReportMixedContent(const KURL& blocked_url, RedirectStatus); void ReportBlockedScriptExecutionToInspector( const String& directive_text) const; @@ -426,16 +391,10 @@ class CORE_EXPORT ContentSecurityPolicy final return insecure_request_policy_; } - bool UrlMatchesSelf(const KURL&) const; - bool ProtocolEqualsSelf(const String&) const; - const String& GetSelfProtocol() const; - bool ExperimentalFeaturesEnabled() const; bool ShouldSendCSPHeader(ResourceType) const; - CSPSource* GetSelfSource() const { return self_source_; } - // Whether the main world's CSP should be bypassed based on the current // javascript world we are in. // Note: This is deprecated. New usages should not be added. Operations in an @@ -455,36 +414,18 @@ class CORE_EXPORT ContentSecurityPolicy final static bool IsNonceableElement(const Element*); - // This method checks whether the request should be allowed for an - // experimental EmbeddingCSP feature - // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed. - static bool ShouldEnforceEmbeddersPolicy(const ResourceResponse&, - const SecurityOrigin*); - - static const char* GetDirectiveName(const DirectiveType&); - static DirectiveType GetDirectiveType(const String& name); - - // This method checks if if this policy subsumes a given policy. - // Note the correct result is guaranteed if this policy contains only one - // CSPDirectiveList. More information here: - // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy - bool Subsumes(const ContentSecurityPolicy&) const; + static const char* GetDirectiveName(CSPDirectiveName type); + static CSPDirectiveName GetDirectiveType(const String& name); bool HasHeaderDeliveredPolicy() const { return header_delivered_; } - static bool IsValidCSPAttr(const String& attr, - const String& context_required_csp); - // Returns the 'wasm-eval' source is supported. bool SupportsWasmEval() const { return supports_wasm_eval_; } void SetSupportsWasmEval(bool value) { supports_wasm_eval_ = value; } - // Sometimes we don't know the initiator or it might be destroyed already - // for certain navigational checks. We create a string version of the relevant - // CSP directives to be passed around with the request. This allows us to - // perform these checks in NavigationRequest::CheckContentSecurityPolicy. - WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr> - ExposeForNavigationalChecks() const; + // Retrieve the parsed policies. + const WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr>& + GetParsedPolicies() const; // Retrieves the parsed sandbox flags. A lot of the time the execution // context will be used for all sandbox checks but there are situations @@ -496,21 +437,16 @@ class CORE_EXPORT ContentSecurityPolicy final bool HasPolicyFromSource(network::mojom::ContentSecurityPolicySource) const; - static bool IsScriptDirective( - ContentSecurityPolicy::DirectiveType directive_type) { - return ( - directive_type == ContentSecurityPolicy::DirectiveType::kScriptSrc || - directive_type == - ContentSecurityPolicy::DirectiveType::kScriptSrcAttr || - directive_type == ContentSecurityPolicy::DirectiveType::kScriptSrcElem); + static bool IsScriptDirective(CSPDirectiveName directive_type) { + return (directive_type == CSPDirectiveName::ScriptSrc || + directive_type == CSPDirectiveName::ScriptSrcAttr || + directive_type == CSPDirectiveName::ScriptSrcElem); } - static bool IsStyleDirective( - ContentSecurityPolicy::DirectiveType directive_type) { - return ( - directive_type == ContentSecurityPolicy::DirectiveType::kStyleSrc || - directive_type == ContentSecurityPolicy::DirectiveType::kStyleSrcAttr || - directive_type == ContentSecurityPolicy::DirectiveType::kStyleSrcElem); + static bool IsStyleDirective(CSPDirectiveName directive_type) { + return (directive_type == CSPDirectiveName::StyleSrc || + directive_type == CSPDirectiveName::StyleSrcAttr || + directive_type == CSPDirectiveName::StyleSrcElem); } void Count(WebFeature feature) const; @@ -527,17 +463,21 @@ class CORE_EXPORT ContentSecurityPolicy final FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest, PopulateResourceRequestChecksReportOnlyCSP); + Vector<network::mojom::blink::ContentSecurityPolicyPtr> Parse( + const String&, + const SecurityOrigin& self_origin, + network::mojom::ContentSecurityPolicyType, + network::mojom::ContentSecurityPolicySource); void ApplyPolicySideEffectsToDelegate(); + void ReportUseCounters( + const Vector<network::mojom::blink::ContentSecurityPolicyPtr>& policies); + void ComputeInternalStateForParsedPolicy( + const network::mojom::blink::ContentSecurityPolicy& csp); void LogToConsole( const String& message, mojom::ConsoleMessageLevel = mojom::ConsoleMessageLevel::kError); - void AddAndReportPolicyFromHeaderValue( - const String&, - network::mojom::ContentSecurityPolicyType, - network::mojom::ContentSecurityPolicySource); - bool ShouldSendViolationReport(const String&) const; void DidSendViolationReport(const String&); void PostViolationReport(const SecurityPolicyViolationEventInit*, @@ -545,7 +485,7 @@ class CORE_EXPORT ContentSecurityPolicy final const Vector<String>& report_endpoints, bool use_reporting_api); - bool AllowFromSource(ContentSecurityPolicy::DirectiveType, + bool AllowFromSource(CSPDirectiveName, const KURL&, const KURL& url_before_redirects, RedirectStatus, @@ -553,17 +493,19 @@ class CORE_EXPORT ContentSecurityPolicy final CheckHeaderType = CheckHeaderType::kCheckAll, const String& = String(), const IntegrityMetadataSet& = IntegrityMetadataSet(), - ParserDisposition = kParserInserted) const; + ParserDisposition = kParserInserted); - static void FillInCSPHashValues(const String& source, - uint8_t hash_algorithms_used, - Vector<CSPHashValue>* csp_hash_values); + static void FillInCSPHashValues( + const String& source, + uint8_t hash_algorithms_used, + Vector<network::mojom::blink::CSPHashSourcePtr>& csp_hash_values); // checks a vector of csp hashes against policy, probably a good idea // to use in tandem with FillInCSPHashValues. - static bool CheckHashAgainstPolicy(Vector<CSPHashValue>&, - const Member<CSPDirectiveList>&, - InlineType); + static bool CheckHashAgainstPolicy( + Vector<network::mojom::blink::CSPHashSourcePtr>&, + const network::mojom::blink::ContentSecurityPolicy&, + InlineType); bool ShouldBypassContentSecurityPolicy( const KURL&, @@ -578,12 +520,13 @@ class CORE_EXPORT ContentSecurityPolicy final const blink::SecurityPolicyViolationEventInit& violation_data, network::mojom::ContentSecurityPolicyType header_type, ContentSecurityPolicyViolationType violation_type, - LocalFrame* = nullptr, - Element* = nullptr); + LocalFrame*, + Element*, + SourceLocation*); Member<ContentSecurityPolicyDelegate> delegate_; - bool override_inline_style_allowed_; - CSPDirectiveListVector policies_; + bool override_inline_style_allowed_ = false; + Vector<network::mojom::blink::ContentSecurityPolicyPtr> policies_; ConsoleMessageVector console_messages_; bool header_delivered_{false}; @@ -601,7 +544,6 @@ class CORE_EXPORT ContentSecurityPolicy final String disable_eval_error_message_; mojom::blink::InsecureRequestPolicy insecure_request_policy_; - Member<CSPSource> self_source_; String self_protocol_; bool supports_wasm_eval_ = false; |