• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2011 Google, Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #ifndef ContentSecurityPolicy_h
27 #define ContentSecurityPolicy_h
28 
29 #include "bindings/v8/ScriptState.h"
30 #include "platform/network/HTTPParsers.h"
31 #include "wtf/HashSet.h"
32 #include "wtf/PassOwnPtr.h"
33 #include "wtf/Vector.h"
34 #include "wtf/text/StringHash.h"
35 #include "wtf/text/TextPosition.h"
36 #include "wtf/text/WTFString.h"
37 
38 namespace WTF {
39 class OrdinalNumber;
40 }
41 
42 namespace WebCore {
43 
44 class ContentSecurityPolicyResponseHeaders;
45 class CSPDirectiveList;
46 class DOMStringList;
47 class JSONObject;
48 class KURL;
49 class ExecutionContextClient;
50 class SecurityOrigin;
51 
52 typedef int SandboxFlags;
53 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
54 
55 class ContentSecurityPolicy {
56     WTF_MAKE_FAST_ALLOCATED;
57 public:
create(ExecutionContextClient * client)58     static PassOwnPtr<ContentSecurityPolicy> create(ExecutionContextClient* client)
59     {
60         return adoptPtr(new ContentSecurityPolicy(client));
61     }
62     ~ContentSecurityPolicy();
63 
64     void copyStateFrom(const ContentSecurityPolicy*);
65 
66     enum HeaderType {
67         Report,
68         Enforce,
69     };
70 
71     enum ReportingStatus {
72         SendReport,
73         SuppressReport
74     };
75 
76     enum HashAlgorithms {
77         HashAlgorithmsNone   = 0,
78         HashAlgorithmsSha1   = 1 << 1,
79         HashAlgorithmsSha256 = 1 << 2
80     };
81 
82     void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
83     void didReceiveHeader(const String&, HeaderType);
84 
85     // These functions are wrong because they assume that there is only one header.
86     // FIXME: Replace them with functions that return vectors.
87     const String& deprecatedHeader() const;
88     HeaderType deprecatedHeaderType() const;
89 
90     bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
91     bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
92     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
93     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
94     bool allowEval(ScriptState* = 0, ReportingStatus = SendReport) const;
95     bool allowPluginType(const String& type, const String& typeAttribute, const KURL&, ReportingStatus = SendReport) const;
96 
97     bool allowScriptFromSource(const KURL&, ReportingStatus = SendReport) const;
98     bool allowObjectFromSource(const KURL&, ReportingStatus = SendReport) const;
99     bool allowChildFrameFromSource(const KURL&, ReportingStatus = SendReport) const;
100     bool allowImageFromSource(const KURL&, ReportingStatus = SendReport) const;
101     bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const;
102     bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const;
103     bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const;
104     bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const;
105     bool allowFormAction(const KURL&, ReportingStatus = SendReport) const;
106     bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
107     // The nonce and hash allow functions are guaranteed to not have any side
108     // effects, including reporting.
109     bool allowScriptNonce(const String& nonce) const;
110     bool allowStyleNonce(const String& nonce) const;
111     bool allowScriptHash(const String& source) const;
112 
113     void usesScriptHashAlgorithms(uint8_t HashAlgorithms);
114 
115     ReflectedXSSDisposition reflectedXSSDisposition() const;
116 
117     void setOverrideAllowInlineStyle(bool);
118 
119     bool isActive() const;
120     void gatherReportURIs(DOMStringList&) const;
121 
122     void reportDirectiveAsSourceExpression(const String& directiveName, const String& sourceExpression) const;
123     void reportDuplicateDirective(const String&) const;
124     void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
125     void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const;
126     void reportInvalidPluginTypes(const String&) const;
127     void reportInvalidSandboxFlags(const String&) const;
128     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
129     void reportInvalidReflectedXSS(const String&) const;
130     void reportMissingReportURI(const String&) const;
131     void reportUnsupportedDirective(const String&) const;
132     void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header);
133 
134     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
135 
136     const KURL url() const;
137     KURL completeURL(const String&) const;
138     SecurityOrigin* securityOrigin() const;
139     void enforceSandboxFlags(SandboxFlags) const;
140     String evalDisabledErrorMessage() const;
141 
142     bool experimentalFeaturesEnabled() const;
143 
144     static bool shouldBypassMainWorld(ExecutionContext*);
145 
client()146     ExecutionContextClient* client() { return m_client; }
147 
148 private:
149     explicit ContentSecurityPolicy(ExecutionContextClient*);
150 
151     void logToConsole(const String& message) const;
152     void addPolicyFromHeaderValue(const String&, HeaderType);
153 
154     bool shouldSendViolationReport(const String&) const;
155     void didSendViolationReport(const String&);
156 
157     ExecutionContextClient* m_client;
158     bool m_overrideInlineStyleAllowed;
159     CSPDirectiveListVector m_policies;
160 
161     HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
162 
163     // We put the hash functions used on the policy object so that we only need
164     // to calculate a script hash once and then distribute it to all of the
165     // directives for validation.
166     uint8_t m_sourceHashAlgorithmsUsed;
167 };
168 
169 }
170 
171 #endif
172