/* * Copyright (C) 2011 Google, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h" #include <memory> #include <optional> #include <utility> #include "base/containers/contains.h" #include "base/debug/dump_without_crashing.h" #include "base/ranges/algorithm.h" #include "services/network/public/cpp/web_sandbox_flags.h" #include "services/network/public/mojom/content_security_policy.mojom-blink-forward.h" #include "services/network/public/mojom/web_sandbox_flags.mojom-blink.h" #include "third_party/blink/public/common/security_context/insecure_request_policy.h" #include "third_party/blink/public/mojom/devtools/inspector_issue.mojom-shared.h" #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h" #include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink.h" #include "third_party/blink/public/platform/platform.h" #include "third_party/blink/public/platform/task_type.h" #include "third_party/blink/public/platform/web_url_request.h" #include "third_party/blink/renderer/bindings/core/v8/isolated_world_csp.h" #include "third_party/blink/renderer/bindings/core/v8/script_controller.h" #include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h" #include "third_party/blink/renderer/bindings/core/v8/v8_security_policy_violation_event_init.h" #include "third_party/blink/renderer/core/dom/dom_node_ids.h" #include "third_party/blink/renderer/core/dom/dom_string_list.h" #include "third_party/blink/renderer/core/dom/element.h" #include "third_party/blink/renderer/core/dom/events/event_queue.h" #include "third_party/blink/renderer/core/frame/csp/csp_directive_list.h" #include "third_party/blink/renderer/core/frame/csp/csp_source.h" #include "third_party/blink/renderer/core/frame/frame_client.h" #include "third_party/blink/renderer/core/frame/local_dom_window.h" #include "third_party/blink/renderer/core/frame/local_frame.h" #include "third_party/blink/renderer/core/frame/local_frame_client.h" #include "third_party/blink/renderer/core/frame/location.h" #include "third_party/blink/renderer/core/html/html_script_element.h" #include "third_party/blink/renderer/core/inspector/console_message.h" #include "third_party/blink/renderer/core/inspector/inspector_audits_issue.h" #include "third_party/blink/renderer/core/securitypolicyviolation_disposition_names.h" #include "third_party/blink/renderer/platform/bindings/dom_wrapper_world.h" #include "third_party/blink/renderer/platform/heap/garbage_collected.h" #include "third_party/blink/renderer/platform/instrumentation/use_counter.h" #include "third_party/blink/renderer/platform/json/json_values.h" #include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_request.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_response.h" #include "third_party/blink/renderer/platform/runtime_enabled_features.h" #include "third_party/blink/renderer/platform/weborigin/known_ports.h" #include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/weborigin/reporting_disposition.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" #include "third_party/blink/renderer/platform/wtf/text/string_builder.h" #include "third_party/blink/renderer/platform/wtf/text/string_hasher.h" #include "third_party/blink/renderer/platform/wtf/text/string_utf8_adaptor.h" #include "third_party/blink/renderer/platform/wtf/wtf_size_t.h" #include "v8/include/v8.h" namespace blink { ContentSecurityPolicySource; ContentSecurityPolicyType; namespace { enum ContentSecurityPolicyHashAlgorithm { … }; // Returns true if the given `header_type` should be checked given // `check_header_type` and `reporting_disposition`. bool CheckHeaderTypeMatches( ContentSecurityPolicy::CheckHeaderType check_header_type, ReportingDisposition reporting_disposition, ContentSecurityPolicyType header_type) { … } int32_t HashAlgorithmsUsed( const network::mojom::blink::CSPSourceList* source_list) { … } // 3. If request’s destination is "fencedframe", and this directive’s value does // not contain either "https:", "https://*:*", or "*", return "Blocked". // https://wicg.github.io/fenced-frame/#csp-algorithms bool AllowOpaqueFencedFrames( const network::mojom::blink::CSPSourcePtr& source) { … } // Returns true if the CSP for the document loading the fenced frame allows all // HTTPS origins for "fenced-frame-src". bool AllowOpaqueFencedFrames( const network::mojom::blink::ContentSecurityPolicyPtr& policy) { … } } // namespace bool ContentSecurityPolicy::IsNonceableElement(const Element* element) { … } static WebFeature GetUseCounterType(ContentSecurityPolicyType type) { … } ContentSecurityPolicy::ContentSecurityPolicy() : … { … } bool ContentSecurityPolicy::IsBound() { … } void ContentSecurityPolicy::BindToDelegate( ContentSecurityPolicyDelegate& delegate) { … } void ContentSecurityPolicy::ApplyPolicySideEffectsToDelegate() { … } void ContentSecurityPolicy::ReportUseCounters( const Vector<network::mojom::blink::ContentSecurityPolicyPtr>& policies) { … } ContentSecurityPolicy::~ContentSecurityPolicy() = default; void ContentSecurityPolicy::Trace(Visitor* visitor) const { … } void ContentSecurityPolicy::AddPolicies( Vector<network::mojom::blink::ContentSecurityPolicyPtr> policies) { … } void ContentSecurityPolicy::ComputeInternalStateForParsedPolicy( const network::mojom::blink::ContentSecurityPolicy& csp) { … } void ContentSecurityPolicy::SetOverrideAllowInlineStyle(bool value) { … } // static void ContentSecurityPolicy::FillInCSPHashValues( const String& source, uint8_t hash_algorithms_used, Vector<network::mojom::blink::CSPHashSourcePtr>& csp_hash_values) { … } // static bool ContentSecurityPolicy::CheckHashAgainstPolicy( Vector<network::mojom::blink::CSPHashSourcePtr>& csp_hash_values, const network::mojom::blink::ContentSecurityPolicy& csp, InlineType inline_type) { … } // https://w3c.github.io/webappsec-csp/#should-block-inline bool ContentSecurityPolicy::AllowInline( InlineType inline_type, Element* element, const String& content, const String& nonce, const String& context_url, const WTF::OrdinalNumber& context_line, ReportingDisposition reporting_disposition) { … } bool ContentSecurityPolicy::IsScriptInlineType(InlineType inline_type) { … } bool ContentSecurityPolicy::ShouldCheckEval() const { … } bool ContentSecurityPolicy::AllowEval( ReportingDisposition reporting_disposition, ContentSecurityPolicy::ExceptionStatus exception_status, const String& script_content) { … } bool ContentSecurityPolicy::AllowWasmCodeGeneration( ReportingDisposition reporting_disposition, ContentSecurityPolicy::ExceptionStatus exception_status, const String& script_content) { … } String ContentSecurityPolicy::EvalDisabledErrorMessage() const { … } String ContentSecurityPolicy::WasmEvalDisabledErrorMessage() const { … } namespace { std::optional<CSPDirectiveName> GetDirectiveTypeFromRequestContextType( mojom::blink::RequestContextType context) { … } // [spec] https://w3c.github.io/webappsec-csp/#does-resource-hint-violate-policy bool AllowResourceHintRequestForPolicy( network::mojom::blink::ContentSecurityPolicy& csp, ContentSecurityPolicy* policy, const KURL& url, const String& nonce, const IntegrityMetadataSet& integrity_metadata, ParserDisposition parser_disposition, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition) { … } } // namespace // https://w3c.github.io/webappsec-csp/#does-request-violate-policy bool ContentSecurityPolicy::AllowRequest( mojom::blink::RequestContextType context, network::mojom::RequestDestination request_destination, const KURL& url, const String& nonce, const IntegrityMetadataSet& integrity_metadata, ParserDisposition parser_disposition, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition, CheckHeaderType check_header_type) { … } void ContentSecurityPolicy::UsesScriptHashAlgorithms(uint8_t algorithms) { … } void ContentSecurityPolicy::UsesStyleHashAlgorithms(uint8_t algorithms) { … } bool ContentSecurityPolicy::AllowFromSource( CSPDirectiveName type, const KURL& url, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition, CheckHeaderType check_header_type, const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition parser_disposition) { … } bool ContentSecurityPolicy::AllowBaseURI(const KURL& url) { … } bool ContentSecurityPolicy::AllowConnectToSource( const KURL& url, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition, CheckHeaderType check_header_type) { … } bool ContentSecurityPolicy::AllowFormAction(const KURL& url) { … } bool ContentSecurityPolicy::AllowImageFromSource( const KURL& url, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition, CheckHeaderType check_header_type) { … } bool ContentSecurityPolicy::AllowMediaFromSource(const KURL& url) { … } bool ContentSecurityPolicy::AllowObjectFromSource(const KURL& url) { … } bool ContentSecurityPolicy::AllowScriptFromSource( const KURL& url, const String& nonce, const IntegrityMetadataSet& hashes, ParserDisposition parser_disposition, const KURL& url_before_redirects, RedirectStatus redirect_status, ReportingDisposition reporting_disposition, CheckHeaderType check_header_type) { … } bool ContentSecurityPolicy::AllowWorkerContextFromSource(const KURL& url) { … } // The return value indicates whether the policy is allowed or not. // If the return value is false, the out-parameter violation_details indicates // the type of the violation, and if the return value is true, // it indicates if a report-only violation occurred. bool ContentSecurityPolicy::AllowTrustedTypePolicy( const String& policy_name, bool is_duplicate, AllowTrustedTypePolicyDetails& violation_details, std::optional<base::UnguessableToken> issue_id) { … } bool ContentSecurityPolicy::AllowTrustedTypeAssignmentFailure( const String& message, const String& sample, const String& sample_prefix, std::optional<base::UnguessableToken> issue_id) { … } bool ContentSecurityPolicy::IsActive() const { … } bool ContentSecurityPolicy::IsActiveForConnections() const { … } const KURL ContentSecurityPolicy::FallbackUrlForPlugin() const { … } void ContentSecurityPolicy::EnforceSandboxFlags( network::mojom::blink::WebSandboxFlags mask) { … } void ContentSecurityPolicy::RequireTrustedTypes() { … } void ContentSecurityPolicy::EnforceStrictMixedContentChecking() { … } void ContentSecurityPolicy::UpgradeInsecureRequests() { … } // https://www.w3.org/TR/CSP3/#strip-url-for-use-in-reports static String StripURLForUseInReport(const SecurityOrigin* security_origin, const KURL& url, CSPDirectiveName effective_type) { … } namespace { std::unique_ptr<SourceLocation> GatherSecurityPolicyViolationEventData( SecurityPolicyViolationEventInit* init, ContentSecurityPolicyDelegate* delegate, const String& directive_text, CSPDirectiveName effective_type, const KURL& blocked_url, const String& header, ContentSecurityPolicyType header_type, ContentSecurityPolicyViolationType violation_type, std::unique_ptr<SourceLocation> source_location, const String& script_source, const String& sample_prefix) { … } } // namespace void ContentSecurityPolicy::ReportViolation( const String& directive_text, CSPDirectiveName effective_type, const String& console_message, const KURL& blocked_url, const Vector<String>& report_endpoints, bool use_reporting_api, const String& header, ContentSecurityPolicyType header_type, ContentSecurityPolicyViolationType violation_type, std::unique_ptr<SourceLocation> source_location, LocalFrame* context_frame, Element* element, const String& source, const String& source_prefix, std::optional<base::UnguessableToken> issue_id) { … } void ContentSecurityPolicy::PostViolationReport( const SecurityPolicyViolationEventInit* violation_data, LocalFrame* context_frame, const Vector<String>& report_endpoints, bool use_reporting_api) { … } void ContentSecurityPolicy::ReportMixedContent(const KURL& blocked_url, RedirectStatus redirect_status) { … } void ContentSecurityPolicy::ReportReportOnlyInMeta(const String& header) { … } void ContentSecurityPolicy::ReportMetaOutsideHead(const String& header) { … } void ContentSecurityPolicy::LogToConsole(const String& message, mojom::ConsoleMessageLevel level) { … } mojom::blink::ContentSecurityPolicyViolationType ContentSecurityPolicy::BuildCSPViolationType( ContentSecurityPolicyViolationType violation_type) { … } void ContentSecurityPolicy::LogToConsole(ConsoleMessage* console_message, LocalFrame* frame) { … } void ContentSecurityPolicy::ReportBlockedScriptExecutionToInspector( const String& directive_text) const { … } bool ContentSecurityPolicy::ExperimentalFeaturesEnabled() const { … } bool ContentSecurityPolicy::RequiresTrustedTypes() const { … } // static bool ContentSecurityPolicy::ShouldBypassMainWorldDeprecated( const ExecutionContext* context) { … } // static bool ContentSecurityPolicy::ShouldBypassMainWorldDeprecated( const DOMWrapperWorld* world) { … } bool ContentSecurityPolicy::ShouldSendViolationReport( const String& report) const { … } void ContentSecurityPolicy::DidSendViolationReport(const String& report) { … } const char* ContentSecurityPolicy::GetDirectiveName(CSPDirectiveName type) { … } CSPDirectiveName ContentSecurityPolicy::GetDirectiveType(const String& name) { … } bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy( const KURL& url, SchemeRegistry::PolicyAreas area) const { … } const WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr>& ContentSecurityPolicy::GetParsedPolicies() const { … } bool ContentSecurityPolicy::HasPolicyFromSource( ContentSecurityPolicySource source) const { … } bool ContentSecurityPolicy::AllowFencedFrameOpaqueURL() const { … } bool ContentSecurityPolicy::HasEnforceFrameAncestorsDirectives() { … } void ContentSecurityPolicy::Count(WebFeature feature) const { … } } // namespace blink
Codebase Browser
chromium