| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 ContentSecurityPolicy* policy) | 22 ContentSecurityPolicy* policy) |
| 23 : CSPDirective(name, value, policy), | 23 : CSPDirective(name, value, policy), |
| 24 m_policy(policy), | 24 m_policy(policy), |
| 25 m_directiveName(name), | 25 m_directiveName(name), |
| 26 m_allowSelf(false), | 26 m_allowSelf(false), |
| 27 m_allowStar(false), | 27 m_allowStar(false), |
| 28 m_allowInline(false), | 28 m_allowInline(false), |
| 29 m_allowEval(false), | 29 m_allowEval(false), |
| 30 m_allowDynamic(false), | 30 m_allowDynamic(false), |
| 31 m_allowHashedAttributes(false), | 31 m_allowHashedAttributes(false), |
| 32 m_reportSample(false), |
| 32 m_hashAlgorithmsUsed(0) { | 33 m_hashAlgorithmsUsed(0) { |
| 33 Vector<UChar> characters; | 34 Vector<UChar> characters; |
| 34 value.appendTo(characters); | 35 value.appendTo(characters); |
| 35 parse(characters.data(), characters.data() + characters.size()); | 36 parse(characters.data(), characters.data() + characters.size()); |
| 36 } | 37 } |
| 37 | 38 |
| 38 static bool isSourceListNone(const UChar* begin, const UChar* end) { | 39 static bool isSourceListNone(const UChar* begin, const UChar* end) { |
| 39 skipWhile<UChar, isASCIISpace>(begin, end); | 40 skipWhile<UChar, isASCIISpace>(begin, end); |
| 40 | 41 |
| 41 const UChar* position = begin; | 42 const UChar* position = begin; |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 } | 97 } |
| 97 | 98 |
| 98 bool SourceListDirective::allowHash(const CSPHashValue& hashValue) const { | 99 bool SourceListDirective::allowHash(const CSPHashValue& hashValue) const { |
| 99 return m_hashes.contains(hashValue); | 100 return m_hashes.contains(hashValue); |
| 100 } | 101 } |
| 101 | 102 |
| 102 bool SourceListDirective::allowHashedAttributes() const { | 103 bool SourceListDirective::allowHashedAttributes() const { |
| 103 return m_allowHashedAttributes; | 104 return m_allowHashedAttributes; |
| 104 } | 105 } |
| 105 | 106 |
| 107 bool SourceListDirective::allowReportSample() const { |
| 108 if (!m_policy->experimentalFeaturesEnabled()) |
| 109 return false; |
| 110 return m_reportSample; |
| 111 } |
| 112 |
| 106 bool SourceListDirective::isNone() const { | 113 bool SourceListDirective::isNone() const { |
| 107 return !m_list.size() && !m_allowSelf && !m_allowStar && !m_allowInline && | 114 return !m_list.size() && !m_allowSelf && !m_allowStar && !m_allowInline && |
| 108 !m_allowHashedAttributes && !m_allowEval && !m_allowDynamic && | 115 !m_allowHashedAttributes && !m_allowEval && !m_allowDynamic && |
| 109 !m_nonces.size() && !m_hashes.size(); | 116 !m_nonces.size() && !m_hashes.size(); |
| 110 } | 117 } |
| 111 | 118 |
| 112 uint8_t SourceListDirective::hashAlgorithmsUsed() const { | 119 uint8_t SourceListDirective::hashAlgorithmsUsed() const { |
| 113 return m_hashAlgorithmsUsed; | 120 return m_hashAlgorithmsUsed; |
| 114 } | 121 } |
| 115 | 122 |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 if (equalIgnoringCase("'strict-dynamic'", token)) { | 211 if (equalIgnoringCase("'strict-dynamic'", token)) { |
| 205 addSourceStrictDynamic(); | 212 addSourceStrictDynamic(); |
| 206 return true; | 213 return true; |
| 207 } | 214 } |
| 208 | 215 |
| 209 if (equalIgnoringCase("'unsafe-hashed-attributes'", token)) { | 216 if (equalIgnoringCase("'unsafe-hashed-attributes'", token)) { |
| 210 addSourceUnsafeHashedAttributes(); | 217 addSourceUnsafeHashedAttributes(); |
| 211 return true; | 218 return true; |
| 212 } | 219 } |
| 213 | 220 |
| 221 if (equalIgnoringCase("'report-sample'", token)) { |
| 222 addReportSample(); |
| 223 return true; |
| 224 } |
| 225 |
| 214 String nonce; | 226 String nonce; |
| 215 if (!parseNonce(begin, end, nonce)) | 227 if (!parseNonce(begin, end, nonce)) |
| 216 return false; | 228 return false; |
| 217 | 229 |
| 218 if (!nonce.isNull()) { | 230 if (!nonce.isNull()) { |
| 219 addSourceNonce(nonce); | 231 addSourceNonce(nonce); |
| 220 return true; | 232 return true; |
| 221 } | 233 } |
| 222 | 234 |
| 223 DigestValue hash; | 235 DigestValue hash; |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 553 } | 565 } |
| 554 | 566 |
| 555 void SourceListDirective::addSourceStrictDynamic() { | 567 void SourceListDirective::addSourceStrictDynamic() { |
| 556 m_allowDynamic = true; | 568 m_allowDynamic = true; |
| 557 } | 569 } |
| 558 | 570 |
| 559 void SourceListDirective::addSourceUnsafeHashedAttributes() { | 571 void SourceListDirective::addSourceUnsafeHashedAttributes() { |
| 560 m_allowHashedAttributes = true; | 572 m_allowHashedAttributes = true; |
| 561 } | 573 } |
| 562 | 574 |
| 575 void SourceListDirective::addReportSample() { |
| 576 m_reportSample = true; |
| 577 } |
| 578 |
| 563 void SourceListDirective::addSourceNonce(const String& nonce) { | 579 void SourceListDirective::addSourceNonce(const String& nonce) { |
| 564 m_nonces.insert(nonce); | 580 m_nonces.insert(nonce); |
| 565 } | 581 } |
| 566 | 582 |
| 567 void SourceListDirective::addSourceHash( | 583 void SourceListDirective::addSourceHash( |
| 568 const ContentSecurityPolicyHashAlgorithm& algorithm, | 584 const ContentSecurityPolicyHashAlgorithm& algorithm, |
| 569 const DigestValue& hash) { | 585 const DigestValue& hash) { |
| 570 m_hashes.insert(CSPHashValue(algorithm, hash)); | 586 m_hashes.insert(CSPHashValue(algorithm, hash)); |
| 571 m_hashAlgorithmsUsed |= algorithm; | 587 m_hashAlgorithmsUsed |= algorithm; |
| 572 } | 588 } |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 821 return normalized; | 837 return normalized; |
| 822 } | 838 } |
| 823 | 839 |
| 824 DEFINE_TRACE(SourceListDirective) { | 840 DEFINE_TRACE(SourceListDirective) { |
| 825 visitor->trace(m_policy); | 841 visitor->trace(m_policy); |
| 826 visitor->trace(m_list); | 842 visitor->trace(m_list); |
| 827 CSPDirective::trace(visitor); | 843 CSPDirective::trace(visitor); |
| 828 } | 844 } |
| 829 | 845 |
| 830 } // namespace blink | 846 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2436003002:
CSP: Add 'script-sample' to violation reports. (Closed)
