1 /* 2 * Copyright (C) 2011 Google, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #ifndef ContentSecurityPolicy_h 27 #define ContentSecurityPolicy_h 28 29 #include "bindings/v8/ScriptState.h" 30 #include "platform/network/HTTPParsers.h" 31 #include "wtf/HashSet.h" 32 #include "wtf/PassOwnPtr.h" 33 #include "wtf/Vector.h" 34 #include "wtf/text/StringHash.h" 35 #include "wtf/text/TextPosition.h" 36 #include "wtf/text/WTFString.h" 37 38 namespace WTF { 39 class OrdinalNumber; 40 } 41 42 namespace WebCore { 43 44 class ContentSecurityPolicyResponseHeaders; 45 class CSPDirectiveList; 46 class DOMStringList; 47 class JSONObject; 48 class KURL; 49 class ExecutionContextClient; 50 class SecurityOrigin; 51 52 typedef int SandboxFlags; 53 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; 54 55 class ContentSecurityPolicy { 56 WTF_MAKE_FAST_ALLOCATED; 57 public: create(ExecutionContextClient * client)58 static PassOwnPtr<ContentSecurityPolicy> create(ExecutionContextClient* client) 59 { 60 return adoptPtr(new ContentSecurityPolicy(client)); 61 } 62 ~ContentSecurityPolicy(); 63 64 void copyStateFrom(const ContentSecurityPolicy*); 65 66 enum HeaderType { 67 Report, 68 Enforce, 69 }; 70 71 enum ReportingStatus { 72 SendReport, 73 SuppressReport 74 }; 75 76 enum HashAlgorithms { 77 HashAlgorithmsNone = 0, 78 HashAlgorithmsSha1 = 1 << 1, 79 HashAlgorithmsSha256 = 1 << 2 80 }; 81 82 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); 83 void didReceiveHeader(const String&, HeaderType); 84 85 // These functions are wrong because they assume that there is only one header. 86 // FIXME: Replace them with functions that return vectors. 87 const String& deprecatedHeader() const; 88 HeaderType deprecatedHeaderType() const; 89 90 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 91 bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 92 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 93 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 94 bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const; 95 bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const; 96 97 bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const; 98 bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const; 99 bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) const; 100 bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const; 101 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; 102 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; 103 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; 104 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; 105 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; 106 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; 107 // The nonce and hash allow functions are guaranteed to not have any side 108 // effects, including reporting. 109 bool allowScriptNonce(const String& nonce) const; 110 bool allowStyleNonce(const String& nonce) const; 111 bool allowScriptHash(const String& source) const; 112 113 void usesScriptHashAlgorithms(uint8_t HashAlgorithms); 114 115 ReflectedXSSDisposition reflectedXSSDisposition() const; 116 117 void setOverrideAllowInlineStyle(bool); 118 119 bool isActive() const; 120 void gatherReportURIs(DOMStringList&) const; 121 122 void reportDirectiveAsSourceExpression(const String& directiveName, const String& sourceExpression) const; 123 void reportDuplicateDirective(const String&) const; 124 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const; 125 void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const; 126 void reportInvalidPluginTypes(const String&) const; 127 void reportInvalidSandboxFlags(const String&) const; 128 void reportInvalidSourceExpression(const String& directiveName, const String& source) const; 129 void reportInvalidReflectedXSS(const String&) const; 130 void reportMissingReportURI(const String&) const; 131 void reportUnsupportedDirective(const String&) const; 132 void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header); 133 134 void reportBlockedScriptExecutionToInspector(const String& directiveText) const; 135 136 const KURL url() const; 137 KURL completeURL(const String&) const; 138 SecurityOrigin* securityOrigin() const; 139 void enforceSandboxFlags(SandboxFlags) const; 140 String evalDisabledErrorMessage() const; 141 142 bool experimentalFeaturesEnabled() const; 143 144 static bool shouldBypassMainWorld(ExecutionContext*); 145 client()146 ExecutionContextClient* client() { return m_client; } 147 148 private: 149 explicit ContentSecurityPolicy(ExecutionContextClient*); 150 151 void logToConsole(const String& message) const; 152 void addPolicyFromHeaderValue(const String&, HeaderType); 153 154 bool shouldSendViolationReport(const String&) const; 155 void didSendViolationReport(const String&); 156 157 ExecutionContextClient* m_client; 158 bool m_overrideInlineStyleAllowed; 159 CSPDirectiveListVector m_policies; 160 161 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; 162 163 // We put the hash functions used on the policy object so that we only need 164 // to calculate a script hash once and then distribute it to all of the 165 // directives for validation. 166 uint8_t m_sourceHashAlgorithmsUsed; 167 }; 168 169 } 170 171 #endif 172