content_security_policy.cc | Explore in Territory

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "services/network/public/cpp/content_security_policy/content_security_policy.h"

#include <sstream>
#include <string>
#include <string_view>

#include "base/base64url.h"
#include "base/containers/contains.h"
#include "base/containers/flat_set.h"
#include "base/feature_list.h"
#include "base/ranges/algorithm.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_split.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "net/http/http_response_headers.h"
#include "services/network/public/cpp/content_security_policy/csp_context.h"
#include "services/network/public/cpp/content_security_policy/csp_source.h"
#include "services/network/public/cpp/content_security_policy/csp_source_list.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"
#include "url/gurl.h"
#include "url/origin.h"
#include "url/url_canon.h"
#include "url/url_util.h"

namespace network {

CSPDirectiveName;
DirectivesMap;

namespace features {
BASE_FEATURE(…);
}

namespace {

bool IsDirectiveNameCharacter(char c) { … }

bool IsDirectiveValueCharacter(char c) { … }

std::string ElideURLForReportViolation(const GURL& url) { … }

CSPDirectiveName ToCSPDirectiveName(std::string_view name) { … }

bool SupportedInReportOnly(CSPDirectiveName directive) { … }

bool SupportedInMeta(CSPDirectiveName directive) { … }

// Return the error message specific to one CSP |directive|.
// $1: Blocked URL.
// $2: Blocking policy.
const char* ErrorMessage(CSPDirectiveName directive) { … }

void ReportViolation(CSPContext* context,
                     const mojom::ContentSecurityPolicyPtr& policy,
                     const CSPDirectiveName effective_directive_name,
                     const CSPDirectiveName directive_name,
                     const GURL& url,
                     const mojom::SourceLocationPtr& source_location) { … }

const GURL ExtractInnerURL(const GURL& url) { … }

std::string InnermostScheme(const GURL& url) { … }

// Extensions can load their own internal content into the document. They
// shouldn't be blocked by the document's CSP.
//
// There is an exception: CSP:frame-ancestors. This one is not about allowing a
// document to embed other resources. This is about being embedded. As such
// this shouldn't be bypassed. A document should be able to deny being embedded
// inside an extension.
// See https://crbug.com/1115590
bool ShouldBypassContentSecurityPolicy(CSPContext* context,
                                       CSPDirectiveName directive,
                                       const GURL& url) { … }

// Parses a "Content-Security-Policy" header.
// Returns a map to the directives found.
DirectivesMap ParseHeaderValue(std::string_view header) { … }

// https://www.w3.org/TR/CSP3/#grammardef-scheme-part
bool ParseScheme(std::string_view scheme, mojom::CSPSource* csp_source) { … }

// https://www.w3.org/TR/CSP3/#grammardef-host-part
bool ParseHost(std::string_view host, mojom::CSPSource* csp_source) { … }

// https://www.w3.org/TR/CSP3/#grammardef-port-part
bool ParsePort(std::string_view port, mojom::CSPSource* csp_source) { … }

// https://www.w3.org/TR/CSP3/#grammardef-path-part
bool ParsePath(std::string_view path, mojom::CSPSource* csp_source) { … }

bool IsBase64Char(char c) { … }

int EatChar(std::string_view::const_iterator* it,
            std::string_view::const_iterator end,
            bool (*predicate)(char)) { … }

// Checks whether |expression| is a valid base64-encoded string.
// Cf. https://w3c.github.io/webappsec-csp/#framework-directive-source-list.
bool IsBase64(std::string_view expression) { … }

// Parse a nonce-source, return false on error.
bool ParseNonce(std::string_view expression, std::string* nonce) { … }

struct SupportedPrefixesStruct { … };

// Parse a hash-source, return false on error.
bool ParseHash(std::string_view expression, mojom::CSPHashSource* hash) { … }

// Parse source-list grammar.
// https://www.w3.org/TR/CSP3/#grammardef-serialized-source-list
// Append parsing errors to |parsing_errors|.
mojom::CSPSourceListPtr ParseSourceList(
    CSPDirectiveName directive_name,
    std::string_view directive_value,
    std::vector<std::string>& parsing_errors) { … }

// Parse the 'required-trusted-types-for' directive.
// https://w3c.github.io/trusted-types/dist/spec/#require-trusted-types-for-csp-directive
network::mojom::CSPRequireTrustedTypesFor ParseRequireTrustedTypesFor(
    std::string_view value,
    std::vector<std::string>& parsing_errors) { … }

// This implements tt-policy-name from
// https://w3c.github.io/trusted-types/dist/spec/#trusted-types-csp-directive
bool IsValidTrustedTypesPolicyName(std::string_view value) { … }

// Parse the 'trusted-types' directive.
// https://w3c.github.io/trusted-types/dist/spec/#trusted-types-csp-directive
network::mojom::CSPTrustedTypesPtr ParseTrustedTypes(
    std::string_view value,
    std::vector<std::string>& parsing_errors) { … }

// Parses a reporting directive.
// https://w3c.github.io/webappsec-csp/#directives-reporting
void ParseReportDirective(const GURL& request_url,
                          std::string_view value,
                          bool using_reporting_api,
                          std::vector<std::string>* report_endpoints,
                          std::vector<std::string>& parsing_errors) { … }

void WarnIfDirectiveValueNotEmpty(
    const std::pair<std::string_view, std::string_view>& directive,
    std::vector<std::string>& parsing_errors) { … }

mojom::CSPSourcePtr ComputeSelfOrigin(const GURL& url) { … }

std::string UnrecognizedDirectiveErrorMessage(
    const std::string& directive_name) { … }

void AddContentSecurityPolicyFromHeader(
    std::string_view header,
    mojom::ContentSecurityPolicyType type,
    mojom::ContentSecurityPolicySource source,
    const GURL& base_url,
    mojom::ContentSecurityPolicyPtr& out) { … }

std::pair<CSPDirectiveName, const mojom::CSPSourceList*> GetSourceList(
    CSPDirectiveName directive,
    const mojom::ContentSecurityPolicy& policy) { … }

}  // namespace

CSPCheckResult::CSPCheckResult(bool allowed)
    : … { … }

CSPCheckResult& CSPCheckResult::operator&=(const CSPCheckResult& other) { … }

bool CSPCheckResult::operator==(const CSPCheckResult& other) const { … }

operator bool()

CSPCheckResult CSPCheckResult::Allowed() { … }

CSPCheckResult CSPCheckResult::Blocked() { … }

CSPCheckResult CSPCheckResult::AllowedOnlyIfWildcardMatchesWs() { … }

CSPCheckResult CSPCheckResult::AllowedOnlyIfWildcardMatchesFtp() { … }

bool CSPCheckResult::WouldBlockIfWildcardDoesNotMatchWs() const { … }

bool CSPCheckResult::WouldBlockIfWildcardDoesNotMatchFtp() const { … }

bool CSPCheckResult::IsAllowed() const { … }

CSPCheckResult::CSPCheckResult(bool allowed,
                               bool allowed_if_wildcard_does_not_match_ws,
                               bool allowed_if_wildcard_does_not_match_ftp)
    : … { … }

CSPDirectiveName CSPFallbackDirective(CSPDirectiveName directive,
                                      CSPDirectiveName original_directive) { … }

void AddContentSecurityPolicyFromHeaders(
    const net::HttpResponseHeaders& headers,
    const GURL& base_url,
    std::vector<mojom::ContentSecurityPolicyPtr>* out) { … }

std::vector<mojom::ContentSecurityPolicyPtr> ParseContentSecurityPolicies(
    std::string_view header_value,
    mojom::ContentSecurityPolicyType type,
    mojom::ContentSecurityPolicySource source,
    const GURL& base_url) { … }

mojom::AllowCSPFromHeaderValuePtr ParseAllowCSPFromHeader(
    const net::HttpResponseHeaders& headers) { … }

bool ParseSource(CSPDirectiveName directive_name,
                 std::string_view expression,
                 mojom::CSPSource* csp_source,
                 std::vector<std::string>& parsing_errors) { … }

CSPCheckResult CheckContentSecurityPolicy(
    const mojom::ContentSecurityPolicyPtr& policy,
    CSPDirectiveName directive_name,
    const GURL& url,
    const GURL& url_before_redirects,
    bool has_followed_redirect,
    bool is_response_check,
    CSPContext* context,
    const mojom::SourceLocationPtr& source_location,
    bool is_form_submission,
    bool is_opaque_fenced_frame) { … }

bool ShouldUpgradeInsecureRequest(
    const std::vector<mojom::ContentSecurityPolicyPtr>& policies) { … }

bool ShouldTreatAsPublicAddress(
    const std::vector<mojom::ContentSecurityPolicyPtr>& policies) { … }

void UpgradeInsecureRequest(GURL* url) { … }

bool IsValidRequiredCSPAttr(
    const std::vector<mojom::ContentSecurityPolicyPtr>& policy,
    const mojom::ContentSecurityPolicy* context,
    std::string& error_message) { … }

bool Subsumes(const mojom::ContentSecurityPolicy& policy_a,
              const std::vector<mojom::ContentSecurityPolicyPtr>& policies_b) { … }

std::string ToString(CSPDirectiveName name) { … }

bool AllowCspFromAllowOrigin(
    const url::Origin& request_origin,
    const network::mojom::AllowCSPFromHeaderValue* allow_csp_from) { … }

bool AllowsBlanketEnforcementOfRequiredCSP(
    const url::Origin& request_origin,
    const GURL& response_url,
    const network::mojom::AllowCSPFromHeaderValue* allow_csp_from,
    network::mojom::ContentSecurityPolicyPtr& required_csp) { … }

}  // namespace network
chromium/services/network/public/cpp/content_security_policy/content_security_policy.cc
