// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "extensions/common/csp_validator.h" #include <stddef.h> #include <initializer_list> #include <iterator> #include <set> #include <string_view> #include <utility> #include <vector> #include "base/check_op.h" #include "base/containers/contains.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/functional/callback.h" #include "base/memory/raw_ptr.h" #include "base/memory/raw_ref.h" #include "base/ranges/algorithm.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "content/public/common/url_constants.h" #include "extensions/common/constants.h" #include "extensions/common/error_utils.h" #include "extensions/common/extension_features.h" #include "extensions/common/install_warning.h" #include "extensions/common/manifest_constants.h" #include "net/base/registry_controlled_domains/registry_controlled_domain.h" namespace extensions { namespace csp_validator { namespace { const char kDefaultSrc[] = …; const char kScriptSrc[] = …; const char kObjectSrc[] = …; const char kFrameSrc[] = …; const char kChildSrc[] = …; const char kWorkerSrc[] = …; const char kSelfSource[] = …; const char kNoneSource[] = …; const char kWasmEvalSource[] = …; const char kWasmUnsafeEvalSource[] = …; const char kDirectiveSeparator = …; const char kObjectSrcDefaultDirective[] = …; const char kScriptSrcDefaultDirective[] = …; const char kAppSandboxSubframeSrcDefaultDirective[] = …; const char kAppSandboxScriptSrcDefaultDirective[] = …; const char kSandboxDirectiveName[] = …; const char kAllowSameOriginToken[] = …; const char kAllowTopNavigation[] = …; // List of CSP hash-source prefixes that are accepted. Blink is a bit more // lenient, but we only accept standard hashes to be forward-compatible. // http://www.w3.org/TR/2015/CR-CSP2-20150721/#hash_algo const char* const kHashSourcePrefixes[] = …; // TODO(karandeepb): This is not the same list as used by the CSP spec. See // https://infra.spec.whatwg.org/#ascii-whitespace. const char kWhitespaceDelimiters[] = …; Directive; // TODO(karandeepb): Rename this to DirectiveSet (as used in spec, see // https://www.w3.org/TR/CSP/#policy-directive-set) once we ensure that this // does not contain any duplicates. DirectiveList; bool IsLocalHostSource(const std::string& source_lower) { … } // Represents the status of a directive in a CSP string. // // Examples of directive: // script source related: scrict-src // subframe source related: child-src/frame-src. class DirectiveStatus { … }; // Returns whether |url| starts with |scheme_and_separator| and does not have a // too permissive wildcard host name. If |should_check_rcd| is true, then the // Public suffix list is used to exclude wildcard TLDs such as "https://*.org". bool isNonWildcardTLD(const std::string& url, const std::string& scheme_and_separator, bool should_check_rcd) { … } // Checks whether the source is a syntactically valid hash. bool IsHashSource(std::string_view source) { … } std::string GetSecureDirectiveValues( int options, const std::string& directive_name, const std::vector<std::string_view>& directive_values, const std::string& manifest_key, std::vector<InstallWarning>* warnings) { … } // Given a CSP directive-token for app sandbox, returns a secure value of that // directive. // The directive-token's name is |directive_name| and its values are splitted // into |directive_values|. std::string GetAppSandboxSecureDirectiveValues( const std::string& directive_name, const std::vector<std::string_view>& directive_values, const std::string& manifest_key, std::vector<InstallWarning>* warnings) { … } SecureDirectiveValueFunction; // Represents a token in CSP string. // Tokens are delimited by ";" CSP string. class CSPDirectiveToken { … }; // Class responsible for parsing a given CSP string |policy|, and enforcing // secure directive-tokens within the policy. // // If a CSP directive's value is not secure, this class will use secure // values (via |secure_function|). If a CSP directive-token is not present and // as a result will fallback to default (possibly non-secure), this class // will use default secure values (via GetDefaultCSPValue). class CSPEnforcer { … }; std::string CSPEnforcer::Enforce(const DirectiveList& directives, std::vector<InstallWarning>* warnings) { … } class ExtensionCSPEnforcer : public CSPEnforcer { … }; class AppSandboxPageCSPEnforcer : public CSPEnforcer { … }; } // namespace bool ContentSecurityPolicyIsLegal(const std::string& policy) { … } Directive::Directive(std::string_view directive_string, std::string directive_name, std::vector<std::string_view> directive_values) : … { … } CSPParser::Directive::~Directive() = default; CSPParser::Directive::Directive(Directive&&) = default; CSPParser::Directive& Directive::operator=(Directive&&) = default; CSPParser::CSPParser(std::string policy) : … { … } CSPParser::~CSPParser() = default; void CSPParser::Parse() { … } std::string SanitizeContentSecurityPolicy( const std::string& policy, std::string manifest_key, int options, std::vector<InstallWarning>* warnings) { … } std::string GetSandboxedPageCSPDisallowingRemoteSources( const std::string& policy, std::string manifest_key, std::vector<InstallWarning>* warnings) { … } bool ContentSecurityPolicyIsSandboxed( const std::string& policy, Manifest::Type type) { … } bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy, std::string_view manifest_key, std::u16string* error) { … } } // namespace csp_validator } // namespace extensions
Codebase Browser
chromium