2015-05-03 22:32:37 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2014-05-14 22:03:43 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
2016-06-29 17:48:44 +03:00
|
|
|
#include "nsAttrValue.h"
|
2016-05-19 11:59:48 +03:00
|
|
|
#include "nsCharSeparatedTokenizer.h"
|
2016-06-29 17:48:44 +03:00
|
|
|
#include "nsContentUtils.h"
|
2014-05-14 22:03:43 +04:00
|
|
|
#include "nsCSPUtils.h"
|
|
|
|
#include "nsDebug.h"
|
2020-11-10 00:03:52 +03:00
|
|
|
#include "nsCSPParser.h"
|
2020-11-23 19:21:38 +03:00
|
|
|
#include "nsComponentManagerUtils.h"
|
2014-05-14 22:03:43 +04:00
|
|
|
#include "nsIConsoleService.h"
|
2019-05-22 02:14:27 +03:00
|
|
|
#include "nsIChannel.h"
|
2014-05-14 22:03:43 +04:00
|
|
|
#include "nsICryptoHash.h"
|
|
|
|
#include "nsIScriptError.h"
|
|
|
|
#include "nsIStringBundle.h"
|
2015-07-07 05:17:00 +03:00
|
|
|
#include "nsIURL.h"
|
2020-11-23 19:21:38 +03:00
|
|
|
#include "nsNetUtil.h"
|
2014-05-14 22:03:43 +04:00
|
|
|
#include "nsReadableUtils.h"
|
2016-06-29 17:48:44 +03:00
|
|
|
#include "nsSandboxFlags.h"
|
2020-11-23 19:21:38 +03:00
|
|
|
#include "nsServiceManagerUtils.h"
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2020-11-10 00:03:52 +03:00
|
|
|
#include "mozilla/dom/CSPDictionariesBinding.h"
|
2019-07-30 10:14:09 +03:00
|
|
|
#include "mozilla/dom/Document.h"
|
|
|
|
#include "mozilla/StaticPrefs_security.h"
|
|
|
|
|
2016-07-22 12:32:41 +03:00
|
|
|
#define DEFAULT_PORT -1
|
|
|
|
|
2015-11-23 22:09:25 +03:00
|
|
|
static mozilla::LogModule* GetCspUtilsLog() {
|
|
|
|
static mozilla::LazyLogModule gCspUtilsPRLog("CSPUtils");
|
2014-05-14 22:03:43 +04:00
|
|
|
return gCspUtilsPRLog;
|
|
|
|
}
|
|
|
|
|
2015-06-04 01:25:57 +03:00
|
|
|
#define CSPUTILSLOG(args) \
|
|
|
|
MOZ_LOG(GetCspUtilsLog(), mozilla::LogLevel::Debug, args)
|
|
|
|
#define CSPUTILSLOGENABLED() \
|
|
|
|
MOZ_LOG_TEST(GetCspUtilsLog(), mozilla::LogLevel::Debug)
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2016-09-06 13:29:26 +03:00
|
|
|
void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr) {
|
|
|
|
outDecStr.Truncate();
|
|
|
|
|
|
|
|
// helper function that should not be visible outside this methods scope
|
|
|
|
struct local {
|
|
|
|
static inline char16_t convertHexDig(char16_t aHexDig) {
|
|
|
|
if (isNumberToken(aHexDig)) {
|
|
|
|
return aHexDig - '0';
|
|
|
|
}
|
|
|
|
if (aHexDig >= 'A' && aHexDig <= 'F') {
|
|
|
|
return aHexDig - 'A' + 10;
|
|
|
|
}
|
|
|
|
// must be a lower case character
|
|
|
|
// (aHexDig >= 'a' && aHexDig <= 'f')
|
|
|
|
return aHexDig - 'a' + 10;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
const char16_t *cur, *end, *hexDig1, *hexDig2;
|
|
|
|
cur = aEncStr.BeginReading();
|
|
|
|
end = aEncStr.EndReading();
|
|
|
|
|
|
|
|
while (cur != end) {
|
|
|
|
// if it's not a percent sign then there is
|
|
|
|
// nothing to do for that character
|
|
|
|
if (*cur != PERCENT_SIGN) {
|
|
|
|
outDecStr.Append(*cur);
|
|
|
|
cur++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// get the two hexDigs following the '%'-sign
|
|
|
|
hexDig1 = cur + 1;
|
|
|
|
hexDig2 = cur + 2;
|
|
|
|
|
|
|
|
// if there are no hexdigs after the '%' then
|
|
|
|
// there is nothing to do for us.
|
|
|
|
if (hexDig1 == end || hexDig2 == end || !isValidHexDig(*hexDig1) ||
|
|
|
|
!isValidHexDig(*hexDig2)) {
|
|
|
|
outDecStr.Append(PERCENT_SIGN);
|
|
|
|
cur++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// decode "% hexDig1 hexDig2" into a character.
|
|
|
|
char16_t decChar =
|
|
|
|
(local::convertHexDig(*hexDig1) << 4) + local::convertHexDig(*hexDig2);
|
|
|
|
outDecStr.Append(decChar);
|
|
|
|
|
|
|
|
// increment 'cur' to after the second hexDig
|
|
|
|
cur = ++hexDig2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-22 02:14:27 +03:00
|
|
|
// The Content Security Policy should be inherited for
|
|
|
|
// local schemes like: "about", "blob", "data", or "filesystem".
|
|
|
|
// see: https://w3c.github.io/webappsec-csp/#initialize-document-csp
|
|
|
|
bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel) {
|
|
|
|
if (!aChannel) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
2019-07-30 10:23:18 +03:00
|
|
|
bool isAbout = uri->SchemeIs("about");
|
2019-05-22 02:14:27 +03:00
|
|
|
if (isAbout) {
|
|
|
|
nsAutoCString aboutSpec;
|
|
|
|
rv = uri->GetSpec(aboutSpec);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
// also allow about:blank#foo
|
|
|
|
if (StringBeginsWith(aboutSpec, "about:blank"_ns) ||
|
|
|
|
StringBeginsWith(aboutSpec, "about:srcdoc"_ns)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-30 10:23:18 +03:00
|
|
|
return uri->SchemeIs("blob") || uri->SchemeIs("data") ||
|
|
|
|
uri->SchemeIs("filesystem") || uri->SchemeIs("javascript");
|
2019-05-22 02:14:27 +03:00
|
|
|
}
|
|
|
|
|
2019-07-30 10:14:09 +03:00
|
|
|
void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
|
|
|
|
const nsAString& aPolicyStr) {
|
2020-11-10 00:03:52 +03:00
|
|
|
if (!mozilla::StaticPrefs::security_csp_enable() || aDoc.IsLoadedAsData()) {
|
2019-07-30 10:14:09 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsAutoString policyStr(
|
|
|
|
nsContentUtils::TrimWhitespace<nsContentUtils::IsHTMLWhitespace>(
|
|
|
|
aPolicyStr));
|
|
|
|
|
|
|
|
if (policyStr.IsEmpty()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIContentSecurityPolicy> csp = aDoc.GetCsp();
|
|
|
|
if (!csp) {
|
|
|
|
MOZ_ASSERT(false, "how come there is no CSP");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Multiple CSPs (delivered through either header of meta tag) need to
|
|
|
|
// be joined together, see:
|
|
|
|
// https://w3c.github.io/webappsec/specs/content-security-policy/#delivery-html-meta-element
|
|
|
|
nsresult rv =
|
|
|
|
csp->AppendPolicy(policyStr,
|
|
|
|
false, // csp via meta tag can not be report only
|
|
|
|
true); // delivered through the meta tag
|
|
|
|
NS_ENSURE_SUCCESS_VOID(rv);
|
|
|
|
if (nsPIDOMWindowInner* inner = aDoc.GetInnerWindow()) {
|
|
|
|
inner->SetCsp(csp);
|
|
|
|
}
|
|
|
|
aDoc.ApplySettingsFromCSP(false);
|
|
|
|
}
|
|
|
|
|
2019-06-11 18:51:51 +03:00
|
|
|
void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
|
|
|
|
nsAString& outResult) {
|
2014-05-14 22:03:43 +04:00
|
|
|
nsCOMPtr<nsIStringBundle> keyStringBundle;
|
|
|
|
nsCOMPtr<nsIStringBundleService> stringBundleService =
|
|
|
|
mozilla::services::GetStringBundleService();
|
|
|
|
|
|
|
|
NS_ASSERTION(stringBundleService, "String bundle service must be present!");
|
|
|
|
stringBundleService->CreateBundle(
|
|
|
|
"chrome://global/locale/security/csp.properties",
|
|
|
|
getter_AddRefs(keyStringBundle));
|
|
|
|
|
|
|
|
NS_ASSERTION(keyStringBundle, "Key string bundle must be available!");
|
|
|
|
|
|
|
|
if (!keyStringBundle) {
|
|
|
|
return;
|
|
|
|
}
|
2019-06-11 18:51:51 +03:00
|
|
|
keyStringBundle->FormatStringFromName(aName, aParams, outResult);
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void CSP_LogStrMessage(const nsAString& aMsg) {
|
|
|
|
nsCOMPtr<nsIConsoleService> console(
|
|
|
|
do_GetService("@mozilla.org/consoleservice;1"));
|
|
|
|
|
|
|
|
if (!console) {
|
|
|
|
return;
|
|
|
|
}
|
2018-09-11 20:17:05 +03:00
|
|
|
nsString msg(aMsg);
|
2014-05-14 22:03:43 +04:00
|
|
|
console->LogStringMessage(msg.get());
|
|
|
|
}
|
|
|
|
|
|
|
|
void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
|
|
|
|
const nsAString& aSourceLine, uint32_t aLineNumber,
|
|
|
|
uint32_t aColumnNumber, uint32_t aFlags,
|
2018-07-20 20:57:21 +03:00
|
|
|
const nsACString& aCategory, uint64_t aInnerWindowID,
|
2018-03-13 08:40:38 +03:00
|
|
|
bool aFromPrivateWindow) {
|
2014-05-14 22:03:43 +04:00
|
|
|
nsCOMPtr<nsIConsoleService> console(
|
|
|
|
do_GetService(NS_CONSOLESERVICE_CONTRACTID));
|
|
|
|
|
|
|
|
nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
|
|
|
|
|
|
|
|
if (!console || !error) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Prepending CSP to the outgoing console message
|
|
|
|
nsString cspMsg;
|
2017-09-08 04:32:54 +03:00
|
|
|
cspMsg.AppendLiteral(u"Content Security Policy: ");
|
2014-05-14 22:03:43 +04:00
|
|
|
cspMsg.Append(aMessage);
|
|
|
|
|
2016-09-19 11:18:55 +03:00
|
|
|
// Currently 'aSourceLine' is not logged to the console, because similar
|
|
|
|
// information is already included within the source link of the message.
|
|
|
|
// For inline violations however, the line and column number are 0 and
|
|
|
|
// information contained within 'aSourceLine' can be really useful for devs.
|
|
|
|
// E.g. 'aSourceLine' might be: 'onclick attribute on DIV element'.
|
|
|
|
// In such cases we append 'aSourceLine' directly to the error message.
|
|
|
|
if (!aSourceLine.IsEmpty()) {
|
2018-07-19 12:11:43 +03:00
|
|
|
cspMsg.AppendLiteral(u" Source: ");
|
2016-09-19 11:18:55 +03:00
|
|
|
cspMsg.Append(aSourceLine);
|
2017-09-08 04:32:54 +03:00
|
|
|
cspMsg.AppendLiteral(u".");
|
2016-09-19 11:18:55 +03:00
|
|
|
}
|
|
|
|
|
2018-07-20 20:57:21 +03:00
|
|
|
// Since we are leveraging csp errors as the category names which
|
|
|
|
// we pass to devtools, we should prepend them with "CSP_" to
|
|
|
|
// allow easy distincution in devtools code. e.g.
|
|
|
|
// upgradeInsecureRequest -> CSP_upgradeInsecureRequest
|
|
|
|
nsCString category("CSP_");
|
|
|
|
category.Append(aCategory);
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
nsresult rv;
|
|
|
|
if (aInnerWindowID > 0) {
|
|
|
|
rv = error->InitWithWindowID(cspMsg, aSourceName, aSourceLine, aLineNumber,
|
|
|
|
aColumnNumber, aFlags, category,
|
2018-07-20 20:57:21 +03:00
|
|
|
aInnerWindowID);
|
2014-05-14 22:03:43 +04:00
|
|
|
} else {
|
|
|
|
rv = error->Init(cspMsg, aSourceName, aSourceLine, aLineNumber,
|
2019-04-02 01:42:34 +03:00
|
|
|
aColumnNumber, aFlags, category.get(), aFromPrivateWindow,
|
|
|
|
true /* from chrome context */);
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
console->LogMessage(error);
|
|
|
|
}
|
|
|
|
|
2014-05-20 18:20:00 +04:00
|
|
|
/**
|
|
|
|
* Combines CSP_LogMessage and CSP_GetLocalizedStr into one call.
|
|
|
|
*/
|
2019-06-11 18:51:51 +03:00
|
|
|
void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
|
|
|
|
const nsAString& aSourceName,
|
2014-05-20 18:20:00 +04:00
|
|
|
const nsAString& aSourceLine, uint32_t aLineNumber,
|
|
|
|
uint32_t aColumnNumber, uint32_t aFlags,
|
2018-07-20 20:57:21 +03:00
|
|
|
const nsACString& aCategory, uint64_t aInnerWindowID,
|
2018-03-13 08:40:38 +03:00
|
|
|
bool aFromPrivateWindow) {
|
2017-08-04 07:40:52 +03:00
|
|
|
nsAutoString logMsg;
|
2019-06-11 18:51:51 +03:00
|
|
|
CSP_GetLocalizedStr(aName, aParams, logMsg);
|
2014-05-20 18:20:00 +04:00
|
|
|
CSP_LogMessage(logMsg, aSourceName, aSourceLine, aLineNumber, aColumnNumber,
|
2018-03-13 08:40:38 +03:00
|
|
|
aFlags, aCategory, aInnerWindowID, aFromPrivateWindow);
|
2014-05-20 18:20:00 +04:00
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
/* ===== Helpers ============================ */
|
2014-12-10 15:54:00 +03:00
|
|
|
CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
|
|
|
|
switch (aType) {
|
|
|
|
case nsIContentPolicy::TYPE_IMAGE:
|
|
|
|
case nsIContentPolicy::TYPE_IMAGESET:
|
|
|
|
return nsIContentSecurityPolicy::IMG_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
// BLock XSLT as script, see bug 910139
|
|
|
|
case nsIContentPolicy::TYPE_XSLT:
|
|
|
|
case nsIContentPolicy::TYPE_SCRIPT:
|
2015-10-29 02:32:27 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD:
|
2019-02-12 16:16:32 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_MODULE:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_MODULE_PRELOAD:
|
2017-02-15 17:55:58 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS:
|
2020-03-17 14:29:33 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_AUDIOWORKLET:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_PAINTWORKLET:
|
2020-07-24 14:52:02 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT:
|
2020-08-10 12:04:37 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT:
|
2014-12-10 15:54:00 +03:00
|
|
|
return nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_STYLESHEET:
|
|
|
|
return nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_FONT:
|
2020-05-11 17:13:16 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_FONT_PRELOAD:
|
2014-12-10 15:54:00 +03:00
|
|
|
return nsIContentSecurityPolicy::FONT_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_MEDIA:
|
|
|
|
return nsIContentSecurityPolicy::MEDIA_SRC_DIRECTIVE;
|
|
|
|
|
2015-06-02 22:42:19 +03:00
|
|
|
case nsIContentPolicy::TYPE_WEB_MANIFEST:
|
|
|
|
return nsIContentSecurityPolicy::WEB_MANIFEST_SRC_DIRECTIVE;
|
|
|
|
|
2015-10-29 02:32:27 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_WORKER:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
|
2017-10-30 20:45:36 +03:00
|
|
|
return nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE;
|
2015-10-29 02:32:27 +03:00
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
case nsIContentPolicy::TYPE_SUBDOCUMENT:
|
|
|
|
return nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_WEBSOCKET:
|
|
|
|
case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
|
|
|
|
case nsIContentPolicy::TYPE_BEACON:
|
2016-06-24 16:25:11 +03:00
|
|
|
case nsIContentPolicy::TYPE_PING:
|
2014-12-10 15:54:00 +03:00
|
|
|
case nsIContentPolicy::TYPE_FETCH:
|
2020-08-11 15:33:14 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD:
|
2014-12-10 15:54:00 +03:00
|
|
|
return nsIContentSecurityPolicy::CONNECT_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT:
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST:
|
|
|
|
return nsIContentSecurityPolicy::OBJECT_SRC_DIRECTIVE;
|
|
|
|
|
|
|
|
case nsIContentPolicy::TYPE_DTD:
|
|
|
|
case nsIContentPolicy::TYPE_OTHER:
|
2018-03-24 01:27:08 +03:00
|
|
|
case nsIContentPolicy::TYPE_SPECULATIVE:
|
2019-07-03 20:28:25 +03:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_DTD:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_FORCE_ALLOWED_DTD:
|
2014-12-10 15:54:00 +03:00
|
|
|
return nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
|
|
|
|
|
2014-12-18 01:19:25 +03:00
|
|
|
// csp shold not block top level loads, e.g. in case
|
|
|
|
// of a redirect.
|
|
|
|
case nsIContentPolicy::TYPE_DOCUMENT:
|
|
|
|
// CSP can not block csp reports
|
2014-12-10 15:54:00 +03:00
|
|
|
case nsIContentPolicy::TYPE_CSP_REPORT:
|
2014-12-18 01:19:25 +03:00
|
|
|
return nsIContentSecurityPolicy::NO_DIRECTIVE;
|
|
|
|
|
2018-01-16 17:03:02 +03:00
|
|
|
case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD:
|
|
|
|
return nsIContentSecurityPolicy::NO_DIRECTIVE;
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
// Fall through to error for all other directives
|
2019-09-11 01:33:51 +03:00
|
|
|
// Note that we should never end up here for navigate-to
|
2021-01-05 17:47:22 +03:00
|
|
|
default:
|
2014-12-10 15:54:00 +03:00
|
|
|
MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective");
|
|
|
|
}
|
|
|
|
return nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
|
|
|
|
}
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2017-04-27 10:59:16 +03:00
|
|
|
nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI) {
|
2014-05-14 22:03:43 +04:00
|
|
|
// Create the host first
|
|
|
|
nsCString host;
|
2017-04-27 10:59:16 +03:00
|
|
|
aSelfURI->GetAsciiHost(host);
|
2014-05-14 22:03:43 +04:00
|
|
|
nsCSPHostSrc* hostsrc = new nsCSPHostSrc(NS_ConvertUTF8toUTF16(host));
|
2017-04-27 10:59:16 +03:00
|
|
|
hostsrc->setGeneratedFromSelfKeyword();
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
// Add the scheme.
|
|
|
|
nsCString scheme;
|
2017-04-27 10:59:16 +03:00
|
|
|
aSelfURI->GetScheme(scheme);
|
2014-05-14 22:03:43 +04:00
|
|
|
hostsrc->setScheme(NS_ConvertUTF8toUTF16(scheme));
|
|
|
|
|
2017-08-23 11:05:12 +03:00
|
|
|
// An empty host (e.g. for data:) indicates it's effectively a unique origin.
|
|
|
|
// Please note that we still need to set the scheme on hostsrc (see above),
|
|
|
|
// because it's used for reporting.
|
|
|
|
if (host.EqualsLiteral("")) {
|
|
|
|
hostsrc->setIsUniqueOrigin();
|
|
|
|
// no need to query the port in that case.
|
|
|
|
return hostsrc;
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
int32_t port;
|
2017-04-27 10:59:16 +03:00
|
|
|
aSelfURI->GetPort(&port);
|
2014-05-14 22:03:43 +04:00
|
|
|
// Only add port if it's not default port.
|
|
|
|
if (port > 0) {
|
|
|
|
nsAutoString portStr;
|
|
|
|
portStr.AppendInt(port);
|
|
|
|
hostsrc->setPort(portStr);
|
|
|
|
}
|
|
|
|
return hostsrc;
|
|
|
|
}
|
|
|
|
|
2018-03-07 05:48:26 +03:00
|
|
|
bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir) {
|
|
|
|
return (aDir.Length() == 0 && aValue.Length() == 0);
|
|
|
|
}
|
2021-01-05 17:47:22 +03:00
|
|
|
bool CSP_IsValidDirective(const nsAString& aDir) {
|
|
|
|
uint32_t numDirs = (sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0]));
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < numDirs; i++) {
|
|
|
|
if (aDir.LowerCaseEqualsASCII(CSPStrDirectives[i])) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2014-12-10 15:54:00 +03:00
|
|
|
bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir) {
|
|
|
|
return aValue.LowerCaseEqualsASCII(CSP_CSPDirectiveToString(aDir));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey) {
|
2017-10-06 08:16:52 +03:00
|
|
|
return aValue.LowerCaseEqualsASCII(CSP_EnumToUTF8Keyword(aKey));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
bool CSP_IsQuotelessKeyword(const nsAString& aKey) {
|
2018-09-11 20:17:05 +03:00
|
|
|
nsString lowerKey;
|
|
|
|
ToLowerCase(aKey, lowerKey);
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
nsAutoString keyword;
|
|
|
|
for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
|
|
|
|
// skipping the leading ' and trimming the trailing '
|
2017-10-06 08:16:52 +03:00
|
|
|
keyword.AssignASCII(gCSPUTF8Keywords[i] + 1);
|
2014-05-14 22:03:43 +04:00
|
|
|
keyword.Trim("'", false, true);
|
|
|
|
if (lowerKey.Equals(keyword)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
/*
|
|
|
|
* Checks whether the current directive permits a specific
|
|
|
|
* scheme. This function is called from nsCSPSchemeSrc() and
|
|
|
|
* also nsCSPHostSrc.
|
|
|
|
* @param aEnforcementScheme
|
|
|
|
* The scheme that this directive allows
|
|
|
|
* @param aUri
|
|
|
|
* The uri of the subresource load.
|
|
|
|
* @param aReportOnly
|
|
|
|
* Whether the enforced policy is report only or not.
|
|
|
|
* @param aUpgradeInsecure
|
|
|
|
* Whether the policy makes use of the directive
|
|
|
|
* 'upgrade-insecure-requests'.
|
2017-04-27 10:59:16 +03:00
|
|
|
* @param aFromSelfURI
|
|
|
|
* Whether a scheme was generated from the keyword 'self'
|
|
|
|
* which then allows schemeless sources to match ws and wss.
|
2015-07-10 19:13:54 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
bool permitsScheme(const nsAString& aEnforcementScheme, nsIURI* aUri,
|
2017-04-27 10:59:16 +03:00
|
|
|
bool aReportOnly, bool aUpgradeInsecure, bool aFromSelfURI) {
|
2015-07-10 19:13:54 +03:00
|
|
|
nsAutoCString scheme;
|
|
|
|
nsresult rv = aUri->GetScheme(scheme);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
// no scheme to enforce, let's allow the load (e.g. script-src *)
|
|
|
|
if (aEnforcementScheme.IsEmpty()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if the scheme matches, all good - allow the load
|
|
|
|
if (aEnforcementScheme.EqualsASCII(scheme.get())) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// allow scheme-less sources where the protected resource is http
|
|
|
|
// and the load is https, see:
|
|
|
|
// http://www.w3.org/TR/CSP2/#match-source-expression
|
2017-04-27 10:59:16 +03:00
|
|
|
if (aEnforcementScheme.EqualsASCII("http")) {
|
|
|
|
if (scheme.EqualsASCII("https")) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
if ((scheme.EqualsASCII("ws") || scheme.EqualsASCII("wss")) &&
|
|
|
|
aFromSelfURI) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (aEnforcementScheme.EqualsASCII("https")) {
|
|
|
|
if (scheme.EqualsLiteral("wss") && aFromSelfURI) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (aEnforcementScheme.EqualsASCII("ws") && scheme.EqualsASCII("wss")) {
|
2015-07-10 19:13:54 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Allow the load when enforcing upgrade-insecure-requests with the
|
|
|
|
// promise the request gets upgraded from http to https and ws to wss.
|
|
|
|
// See nsHttpChannel::Connect() and also WebSocket.cpp. Please note,
|
|
|
|
// the report only policies should not allow the load and report
|
|
|
|
// the error back to the page.
|
|
|
|
return (
|
|
|
|
(aUpgradeInsecure && !aReportOnly) &&
|
|
|
|
((scheme.EqualsASCII("http") &&
|
|
|
|
aEnforcementScheme.EqualsASCII("https")) ||
|
|
|
|
(scheme.EqualsASCII("ws") && aEnforcementScheme.EqualsASCII("wss"))));
|
|
|
|
}
|
|
|
|
|
2016-06-30 07:31:59 +03:00
|
|
|
/*
|
|
|
|
* A helper function for appending a CSP header to an existing CSP
|
|
|
|
* policy.
|
|
|
|
*
|
|
|
|
* @param aCsp the CSP policy
|
|
|
|
* @param aHeaderValue the header
|
|
|
|
* @param aReportOnly is this a report-only header?
|
|
|
|
*/
|
|
|
|
|
|
|
|
nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
|
|
|
|
const nsAString& aHeaderValue,
|
|
|
|
bool aReportOnly) {
|
|
|
|
NS_ENSURE_ARG(aCsp);
|
|
|
|
|
|
|
|
// Need to tokenize the header value since multiple headers could be
|
|
|
|
// concatenated into one comma-separated list of policies.
|
|
|
|
// See RFC2616 section 4.2 (last paragraph)
|
|
|
|
nsresult rv = NS_OK;
|
2020-12-16 22:10:34 +03:00
|
|
|
for (const nsAString& policy :
|
|
|
|
nsCharSeparatedTokenizer(aHeaderValue, ',').ToRange()) {
|
2016-06-30 07:31:59 +03:00
|
|
|
rv = aCsp->AppendPolicy(policy, aReportOnly, false);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
{
|
|
|
|
CSPUTILSLOG(("CSP refined with policy: \"%s\"",
|
|
|
|
NS_ConvertUTF16toUTF8(policy).get()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
/* ===== nsCSPSrc ============================ */
|
|
|
|
|
|
|
|
nsCSPBaseSrc::nsCSPBaseSrc() : mInvalidated(false) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPBaseSrc::~nsCSPBaseSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
// ::permits is only called for external load requests, therefore:
|
|
|
|
// nsCSPKeywordSrc and nsCSPHashSource fall back to this base class
|
|
|
|
// implementation which will never allow the load.
|
2015-07-10 19:13:54 +03:00
|
|
|
bool nsCSPBaseSrc::permits(nsIURI* aUri, const nsAString& aNonce,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure, bool aParserCreated) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2016-08-26 09:02:31 +03:00
|
|
|
CSPUTILSLOG(
|
|
|
|
("nsCSPBaseSrc::permits, aUri: %s", aUri->GetSpecOrDefault().get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ::allows is only called for inlined loads, therefore:
|
|
|
|
// nsCSPSchemeSrc, nsCSPHostSrc fall back
|
|
|
|
// to this base class implementation which will never allow the load.
|
2016-11-08 14:55:23 +03:00
|
|
|
bool nsCSPBaseSrc::allows(enum CSPKeyword aKeyword,
|
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPBaseSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
|
2017-10-06 08:16:52 +03:00
|
|
|
aKeyword == CSP_HASH ? "hash" : CSP_EnumToUTF8Keyword(aKeyword),
|
2014-05-14 22:03:43 +04:00
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ====== nsCSPSchemeSrc ===================== */
|
|
|
|
|
|
|
|
nsCSPSchemeSrc::nsCSPSchemeSrc(const nsAString& aScheme) : mScheme(aScheme) {
|
|
|
|
ToLowerCase(mScheme);
|
|
|
|
}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPSchemeSrc::~nsCSPSchemeSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
bool nsCSPSchemeSrc::permits(nsIURI* aUri, const nsAString& aNonce,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure, bool aParserCreated) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2016-08-26 09:02:31 +03:00
|
|
|
CSPUTILSLOG(
|
|
|
|
("nsCSPSchemeSrc::permits, aUri: %s", aUri->GetSpecOrDefault().get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
2015-07-10 19:13:54 +03:00
|
|
|
MOZ_ASSERT((!mScheme.EqualsASCII("")), "scheme can not be the empty string");
|
2016-11-08 14:55:23 +03:00
|
|
|
if (mInvalidated) {
|
|
|
|
return false;
|
|
|
|
}
|
2017-04-27 10:59:16 +03:00
|
|
|
return permitsScheme(mScheme, aUri, aReportOnly, aUpgradeInsecure, false);
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPSchemeSrc::visit(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
return aVisitor->visitSchemeSrc(*this);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPSchemeSrc::toString(nsAString& outStr) const {
|
|
|
|
outStr.Append(mScheme);
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral(":");
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ===== nsCSPHostSrc ======================== */
|
|
|
|
|
|
|
|
nsCSPHostSrc::nsCSPHostSrc(const nsAString& aHost)
|
|
|
|
: mHost(aHost),
|
2017-04-27 10:59:16 +03:00
|
|
|
mGeneratedFromSelfKeyword(false),
|
2017-08-23 11:05:12 +03:00
|
|
|
mIsUniqueOrigin(false),
|
2017-06-06 10:12:13 +03:00
|
|
|
mWithinFrameAncstorsDir(false) {
|
2014-05-14 22:03:43 +04:00
|
|
|
ToLowerCase(mHost);
|
|
|
|
}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPHostSrc::~nsCSPHostSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2016-07-22 12:32:41 +03:00
|
|
|
/*
|
|
|
|
* Checks whether the current directive permits a specific port.
|
|
|
|
* @param aEnforcementScheme
|
|
|
|
* The scheme that this directive allows
|
|
|
|
* (used to query the default port for that scheme)
|
|
|
|
* @param aEnforcementPort
|
|
|
|
* The port that this directive allows
|
|
|
|
* @param aResourceURI
|
|
|
|
* The uri of the subresource load
|
|
|
|
*/
|
|
|
|
bool permitsPort(const nsAString& aEnforcementScheme,
|
|
|
|
const nsAString& aEnforcementPort, nsIURI* aResourceURI) {
|
|
|
|
// If enforcement port is the wildcard, don't block the load.
|
|
|
|
if (aEnforcementPort.EqualsASCII("*")) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
int32_t resourcePort;
|
|
|
|
nsresult rv = aResourceURI->GetPort(&resourcePort);
|
2020-02-10 21:23:29 +03:00
|
|
|
if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
|
|
|
|
// If we cannot get a Port (e.g. because of an Custom Protocol handler)
|
|
|
|
// We need to check if a default port is associated with the Scheme
|
|
|
|
if (aEnforcementScheme.IsEmpty()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
int defaultPortforScheme =
|
|
|
|
NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
|
|
|
|
|
|
|
|
// If there is no default port associated with the Scheme (
|
|
|
|
// defaultPortforScheme == -1) or it is an externally handled protocol (
|
|
|
|
// defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
|
|
|
|
// allow not having a port
|
|
|
|
return (defaultPortforScheme == -1 || defaultPortforScheme == -0);
|
|
|
|
}
|
2016-07-22 12:32:41 +03:00
|
|
|
// Avoid unnecessary string creation/manipulation and don't block the
|
|
|
|
// load if the resource to be loaded uses the default port for that
|
|
|
|
// scheme and there is no port to be enforced.
|
|
|
|
// Note, this optimization relies on scheme checks within permitsScheme().
|
|
|
|
if (resourcePort == DEFAULT_PORT && aEnforcementPort.IsEmpty()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// By now we know at that either the resourcePort does not use the default
|
|
|
|
// port or there is a port restriction to be enforced. A port value of -1
|
|
|
|
// corresponds to the protocol's default port (eg. -1 implies port 80 for
|
|
|
|
// http URIs), in such a case we have to query the default port of the
|
|
|
|
// resource to be loaded.
|
|
|
|
if (resourcePort == DEFAULT_PORT) {
|
|
|
|
nsAutoCString resourceScheme;
|
|
|
|
rv = aResourceURI->GetScheme(resourceScheme);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
resourcePort = NS_GetDefaultPort(resourceScheme.get());
|
|
|
|
}
|
|
|
|
|
|
|
|
// If there is a port to be enforced and the ports match, then
|
|
|
|
// don't block the load.
|
|
|
|
nsString resourcePortStr;
|
|
|
|
resourcePortStr.AppendInt(resourcePort);
|
|
|
|
if (aEnforcementPort.Equals(resourcePortStr)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If there is no port to be enforced, query the default port for the load.
|
|
|
|
nsString enforcementPort(aEnforcementPort);
|
|
|
|
if (enforcementPort.IsEmpty()) {
|
|
|
|
// For scheme less sources, our parser always generates a scheme
|
|
|
|
// which is the scheme of the protected resource.
|
|
|
|
MOZ_ASSERT(!aEnforcementScheme.IsEmpty(),
|
|
|
|
"need a scheme to query default port");
|
|
|
|
int32_t defaultEnforcementPort =
|
|
|
|
NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
|
|
|
|
enforcementPort.Truncate();
|
|
|
|
enforcementPort.AppendInt(defaultEnforcementPort);
|
|
|
|
}
|
|
|
|
|
|
|
|
// If default ports match, don't block the load
|
|
|
|
if (enforcementPort.Equals(resourcePortStr)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Additional port matching where the regular URL matching algorithm
|
|
|
|
// treats insecure ports as matching their secure variants.
|
|
|
|
// default port for http is :80
|
|
|
|
// default port for https is :443
|
|
|
|
if (enforcementPort.EqualsLiteral("80") &&
|
|
|
|
resourcePortStr.EqualsLiteral("443")) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ports do not match, block the load.
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
bool nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure, bool aParserCreated) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2016-08-26 09:02:31 +03:00
|
|
|
CSPUTILSLOG(
|
|
|
|
("nsCSPHostSrc::permits, aUri: %s", aUri->GetSpecOrDefault().get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2017-08-23 11:05:12 +03:00
|
|
|
if (mInvalidated || mIsUniqueOrigin) {
|
2016-11-08 14:55:23 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2014-10-01 15:59:05 +04:00
|
|
|
// we are following the enforcement rules from the spec, see:
|
|
|
|
// http://www.w3.org/TR/CSP11/#match-source-expression
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2014-10-01 15:59:05 +04:00
|
|
|
// 4.3) scheme matching: Check if the scheme matches.
|
2017-04-27 10:59:16 +03:00
|
|
|
if (!permitsScheme(mScheme, aUri, aReportOnly, aUpgradeInsecure,
|
|
|
|
mGeneratedFromSelfKeyword)) {
|
2015-07-10 19:13:54 +03:00
|
|
|
return false;
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// The host in nsCSpHostSrc should never be empty. In case we are enforcing
|
|
|
|
// just a specific scheme, the parser should generate a nsCSPSchemeSource.
|
|
|
|
NS_ASSERTION((!mHost.IsEmpty()), "host can not be the empty string");
|
|
|
|
|
2019-07-04 14:30:17 +03:00
|
|
|
// Before we can check if the host matches, we have to
|
|
|
|
// extract the host part from aUri.
|
|
|
|
nsAutoCString uriHost;
|
|
|
|
nsresult rv = aUri->GetAsciiHost(uriHost);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
nsString decodedUriHost;
|
|
|
|
CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriHost), decodedUriHost);
|
|
|
|
|
2014-10-01 15:59:05 +04:00
|
|
|
// 2) host matching: Enforce a single *
|
|
|
|
if (mHost.EqualsASCII("*")) {
|
2015-02-07 01:54:11 +03:00
|
|
|
// The single ASTERISK character (*) does not match a URI's scheme of a type
|
|
|
|
// designating a globally unique identifier (such as blob:, data:, or
|
|
|
|
// filesystem:) At the moment firefox does not support filesystem; but for
|
|
|
|
// future compatibility we support it in CSP according to the spec,
|
2020-06-03 02:15:13 +03:00
|
|
|
// see: 4.2.2 Matching Source Expressions Note, that allowlisting any of
|
2015-02-07 01:54:11 +03:00
|
|
|
// these schemes would call nsCSPSchemeSrc::permits().
|
2019-07-30 10:23:18 +03:00
|
|
|
if (aUri->SchemeIs("blob") || aUri->SchemeIs("data") ||
|
|
|
|
aUri->SchemeIs("filesystem")) {
|
2015-02-07 01:54:11 +03:00
|
|
|
return false;
|
|
|
|
}
|
2016-09-06 13:29:26 +03:00
|
|
|
|
2019-07-04 14:30:17 +03:00
|
|
|
// If no scheme is present there also wont be a port and folder to check
|
|
|
|
// which means we can return early
|
|
|
|
if (mScheme.IsEmpty()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2014-10-01 15:59:05 +04:00
|
|
|
// 4.5) host matching: Check if the allowed host starts with a wilcard.
|
2019-07-04 14:30:17 +03:00
|
|
|
else if (mHost.First() == '*') {
|
2014-05-14 22:03:43 +04:00
|
|
|
NS_ASSERTION(
|
|
|
|
mHost[1] == '.',
|
|
|
|
"Second character needs to be '.' whenever host starts with '*'");
|
|
|
|
|
2014-06-30 21:53:17 +04:00
|
|
|
// Eliminate leading "*", but keeping the FULL STOP (.) thereafter before
|
2014-10-01 15:59:05 +04:00
|
|
|
// checking if the remaining characters match
|
2014-05-14 22:03:43 +04:00
|
|
|
nsString wildCardHost = mHost;
|
2014-06-30 21:53:17 +04:00
|
|
|
wildCardHost = Substring(wildCardHost, 1, wildCardHost.Length() - 1);
|
2016-09-06 13:29:26 +03:00
|
|
|
if (!StringEndsWith(decodedUriHost, wildCardHost)) {
|
2014-05-14 22:03:43 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2014-10-01 15:59:05 +04:00
|
|
|
// 4.6) host matching: Check if hosts match.
|
2016-09-06 13:29:26 +03:00
|
|
|
else if (!mHost.Equals(decodedUriHost)) {
|
2014-05-14 22:03:43 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-07-22 12:32:41 +03:00
|
|
|
// Port matching: Check if the ports match.
|
|
|
|
if (!permitsPort(mScheme, mPort, aUri)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2014-10-01 15:59:05 +04:00
|
|
|
// 4.9) Path matching: If there is a path, we have to enforce
|
|
|
|
// path-level matching, unless the channel got redirected, see:
|
2014-08-12 23:55:08 +04:00
|
|
|
// http://www.w3.org/TR/CSP11/#source-list-paths-and-redirects
|
|
|
|
if (!aWasRedirected && !mPath.IsEmpty()) {
|
2015-03-26 08:09:10 +03:00
|
|
|
// converting aUri into nsIURL so we can strip query and ref
|
|
|
|
// example.com/test#foo -> example.com/test
|
|
|
|
// example.com/test?val=foo -> example.com/test
|
|
|
|
nsCOMPtr<nsIURL> url = do_QueryInterface(aUri);
|
|
|
|
if (!url) {
|
|
|
|
NS_ASSERTION(false, "can't QI into nsIURI");
|
|
|
|
return false;
|
|
|
|
}
|
2014-08-12 23:55:08 +04:00
|
|
|
nsAutoCString uriPath;
|
2015-03-26 08:09:10 +03:00
|
|
|
rv = url->GetFilePath(uriPath);
|
2014-08-12 23:55:08 +04:00
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
2016-09-06 13:29:26 +03:00
|
|
|
|
2017-06-06 10:12:13 +03:00
|
|
|
if (mWithinFrameAncstorsDir) {
|
|
|
|
// no path matching for frame-ancestors to not leak any path information.
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-09-06 13:29:26 +03:00
|
|
|
nsString decodedUriPath;
|
|
|
|
CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriPath), decodedUriPath);
|
|
|
|
|
2014-08-12 23:55:08 +04:00
|
|
|
// check if the last character of mPath is '/'; if so
|
|
|
|
// we just have to check loading resource is within
|
|
|
|
// the allowed path.
|
|
|
|
if (mPath.Last() == '/') {
|
2016-09-06 13:29:26 +03:00
|
|
|
if (!StringBeginsWith(decodedUriPath, mPath)) {
|
2014-08-12 23:55:08 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2020-06-03 02:15:13 +03:00
|
|
|
// otherwise mPath refers to a specific file, and we have to
|
|
|
|
// check if the loading resource matches the file.
|
2014-08-12 23:55:08 +04:00
|
|
|
else {
|
2016-09-06 13:29:26 +03:00
|
|
|
if (!mPath.Equals(decodedUriPath)) {
|
2014-08-12 23:55:08 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-22 12:32:41 +03:00
|
|
|
// At the end: scheme, host, port and path match -> allow the load.
|
2014-05-14 22:03:43 +04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPHostSrc::visit(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
return aVisitor->visitHostSrc(*this);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPHostSrc::toString(nsAString& outStr) const {
|
2018-07-22 19:08:17 +03:00
|
|
|
if (mGeneratedFromSelfKeyword) {
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("'self'");
|
2018-07-22 19:08:17 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
// If mHost is a single "*", we append the wildcard and return.
|
|
|
|
if (mHost.EqualsASCII("*") && mScheme.IsEmpty() && mPort.IsEmpty()) {
|
|
|
|
outStr.Append(mHost);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// append scheme
|
|
|
|
outStr.Append(mScheme);
|
|
|
|
|
|
|
|
// append host
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("://");
|
2014-05-14 22:03:43 +04:00
|
|
|
outStr.Append(mHost);
|
|
|
|
|
|
|
|
// append port
|
|
|
|
if (!mPort.IsEmpty()) {
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral(":");
|
2014-05-14 22:03:43 +04:00
|
|
|
outStr.Append(mPort);
|
|
|
|
}
|
|
|
|
|
2014-08-12 23:55:08 +04:00
|
|
|
// append path
|
|
|
|
outStr.Append(mPath);
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
void nsCSPHostSrc::setScheme(const nsAString& aScheme) {
|
2014-05-14 22:03:43 +04:00
|
|
|
mScheme = aScheme;
|
|
|
|
ToLowerCase(mScheme);
|
|
|
|
}
|
|
|
|
|
|
|
|
void nsCSPHostSrc::setPort(const nsAString& aPort) { mPort = aPort; }
|
|
|
|
|
|
|
|
void nsCSPHostSrc::appendPath(const nsAString& aPath) { mPath.Append(aPath); }
|
|
|
|
|
|
|
|
/* ===== nsCSPKeywordSrc ===================== */
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
nsCSPKeywordSrc::nsCSPKeywordSrc(enum CSPKeyword aKeyword)
|
2015-04-07 19:06:05 +03:00
|
|
|
: mKeyword(aKeyword) {
|
2014-05-14 22:03:43 +04:00
|
|
|
NS_ASSERTION((aKeyword != CSP_SELF),
|
|
|
|
"'self' should have been replaced in the parser");
|
|
|
|
}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPKeywordSrc::~nsCSPKeywordSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
bool nsCSPKeywordSrc::permits(nsIURI* aUri, const nsAString& aNonce,
|
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure,
|
|
|
|
bool aParserCreated) const {
|
|
|
|
// no need to check for invalidated, this will always return false unless
|
|
|
|
// it is an nsCSPKeywordSrc for 'strict-dynamic', which should allow non
|
|
|
|
// parser created scripts.
|
|
|
|
return ((mKeyword == CSP_STRICT_DYNAMIC) && !aParserCreated);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool nsCSPKeywordSrc::allows(enum CSPKeyword aKeyword,
|
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2015-04-07 19:06:05 +03:00
|
|
|
CSPUTILSLOG(
|
|
|
|
("nsCSPKeywordSrc::allows, aKeyWord: %s, aHashOrNonce: %s, mInvalidated: "
|
|
|
|
"%s",
|
2017-10-06 08:16:52 +03:00
|
|
|
CSP_EnumToUTF8Keyword(aKeyword),
|
2015-04-07 19:06:05 +03:00
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get(),
|
|
|
|
mInvalidated ? "yes" : "false"));
|
2016-11-08 14:55:23 +03:00
|
|
|
|
2015-04-07 19:06:05 +03:00
|
|
|
if (mInvalidated) {
|
2019-12-19 18:19:04 +03:00
|
|
|
// only 'self', 'report-sample' and 'unsafe-inline' are keywords that can be
|
|
|
|
// ignored. Please note that the parser already translates 'self' into a uri
|
|
|
|
// (see assertion in constructor).
|
|
|
|
MOZ_ASSERT(mKeyword == CSP_UNSAFE_INLINE || mKeyword == CSP_REPORT_SAMPLE,
|
2016-11-08 14:55:23 +03:00
|
|
|
"should only invalidate unsafe-inline");
|
2015-04-07 19:06:05 +03:00
|
|
|
return false;
|
|
|
|
}
|
2016-11-08 14:55:23 +03:00
|
|
|
// either the keyword allows the load or the policy contains 'strict-dynamic',
|
2018-05-07 21:59:51 +03:00
|
|
|
// in which case we have to make sure the script is not parser created before
|
|
|
|
// allowing the load and also eval should be blocked even if 'strict-dynamic'
|
|
|
|
// is present. Should be allowed only if 'unsafe-eval' is present.
|
2016-11-08 14:55:23 +03:00
|
|
|
return ((mKeyword == aKeyword) ||
|
2018-05-07 21:59:51 +03:00
|
|
|
((mKeyword == CSP_STRICT_DYNAMIC) && !aParserCreated &&
|
|
|
|
aKeyword != CSP_UNSAFE_EVAL));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPKeywordSrc::visit(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
return aVisitor->visitKeywordSrc(*this);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPKeywordSrc::toString(nsAString& outStr) const {
|
2017-10-06 08:16:52 +03:00
|
|
|
outStr.Append(CSP_EnumToUTF16Keyword(mKeyword));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ===== nsCSPNonceSrc ==================== */
|
|
|
|
|
|
|
|
nsCSPNonceSrc::nsCSPNonceSrc(const nsAString& aNonce) : mNonce(aNonce) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPNonceSrc::~nsCSPNonceSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
bool nsCSPNonceSrc::permits(nsIURI* aUri, const nsAString& aNonce,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure, bool aParserCreated) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPNonceSrc::permits, aUri: %s, aNonce: %s",
|
2016-08-26 09:02:31 +03:00
|
|
|
aUri->GetSpecOrDefault().get(),
|
|
|
|
NS_ConvertUTF16toUTF8(aNonce).get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2019-09-02 17:49:27 +03:00
|
|
|
if (aReportOnly && aWasRedirected && aNonce.IsEmpty()) {
|
|
|
|
/* Fix for Bug 1505412
|
|
|
|
* If we land here, we're currently handling a script-preload which got
|
|
|
|
* redirected. Preloads do not have any info about the nonce assiociated.
|
|
|
|
* Because of Report-Only the preload passes the 1st CSP-check so the
|
|
|
|
* preload does not get retried with a nonce attached.
|
|
|
|
* Currently we're relying on the script-manager to
|
|
|
|
* provide a fake loadinfo to check the preloads against csp.
|
|
|
|
* So during HTTPChannel->OnRedirect we cant check csp for this case.
|
|
|
|
* But as the script-manager already checked the csp,
|
|
|
|
* a report would already have been send,
|
|
|
|
* if the nonce didnt match.
|
|
|
|
* So we can pass the check here for Report-Only Cases.
|
|
|
|
*/
|
|
|
|
MOZ_ASSERT(aParserCreated == false,
|
|
|
|
"Skipping nonce-check is only allowed for Preloads");
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
// nonces can not be invalidated by strict-dynamic
|
2014-05-14 22:03:43 +04:00
|
|
|
return mNonce.Equals(aNonce);
|
|
|
|
}
|
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
bool nsCSPNonceSrc::allows(enum CSPKeyword aKeyword,
|
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPNonceSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
|
2017-10-06 08:16:52 +03:00
|
|
|
CSP_EnumToUTF8Keyword(aKeyword),
|
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
if (aKeyword != CSP_NONCE) {
|
|
|
|
return false;
|
|
|
|
}
|
2016-11-08 14:55:23 +03:00
|
|
|
// nonces can not be invalidated by strict-dynamic
|
2014-05-14 22:03:43 +04:00
|
|
|
return mNonce.Equals(aHashOrNonce);
|
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPNonceSrc::visit(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
return aVisitor->visitNonceSrc(*this);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPNonceSrc::toString(nsAString& outStr) const {
|
2017-10-06 08:16:52 +03:00
|
|
|
outStr.Append(CSP_EnumToUTF16Keyword(CSP_NONCE));
|
2014-05-14 22:03:43 +04:00
|
|
|
outStr.Append(mNonce);
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("'");
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ===== nsCSPHashSrc ===================== */
|
|
|
|
|
|
|
|
nsCSPHashSrc::nsCSPHashSrc(const nsAString& aAlgo, const nsAString& aHash)
|
|
|
|
: mAlgorithm(aAlgo), mHash(aHash) {
|
|
|
|
// Only the algo should be rewritten to lowercase, the hash must remain the
|
|
|
|
// same.
|
|
|
|
ToLowerCase(mAlgorithm);
|
|
|
|
}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPHashSrc::~nsCSPHashSrc() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
bool nsCSPHashSrc::allows(enum CSPKeyword aKeyword,
|
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPHashSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
|
2017-10-06 08:16:52 +03:00
|
|
|
CSP_EnumToUTF8Keyword(aKeyword),
|
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
if (aKeyword != CSP_HASH) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
// hashes can not be invalidated by strict-dynamic
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
// Convert aHashOrNonce to UTF-8
|
|
|
|
NS_ConvertUTF16toUTF8 utf8_hash(aHashOrNonce);
|
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
nsCOMPtr<nsICryptoHash> hasher;
|
|
|
|
hasher = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
rv = hasher->InitWithString(NS_ConvertUTF16toUTF8(mAlgorithm));
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
rv = hasher->Update((uint8_t*)utf8_hash.get(), utf8_hash.Length());
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
nsAutoCString hash;
|
|
|
|
rv = hasher->Finish(true, hash);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
return NS_ConvertUTF16toUTF8(mHash).Equals(hash);
|
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPHashSrc::visit(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
return aVisitor->visitHashSrc(*this);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPHashSrc::toString(nsAString& outStr) const {
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("'");
|
2014-05-14 22:03:43 +04:00
|
|
|
outStr.Append(mAlgorithm);
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("-");
|
2014-05-14 22:03:43 +04:00
|
|
|
outStr.Append(mHash);
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral("'");
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ===== nsCSPReportURI ===================== */
|
|
|
|
|
|
|
|
nsCSPReportURI::nsCSPReportURI(nsIURI* aURI) : mReportURI(aURI) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPReportURI::~nsCSPReportURI() = default;
|
2014-05-14 22:03:43 +04:00
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPReportURI::visit(nsCSPSrcVisitor* aVisitor) const { return false; }
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
void nsCSPReportURI::toString(nsAString& outStr) const {
|
|
|
|
nsAutoCString spec;
|
|
|
|
nsresult rv = mReportURI->GetSpec(spec);
|
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
outStr.AppendASCII(spec.get());
|
|
|
|
}
|
|
|
|
|
2016-06-29 17:48:44 +03:00
|
|
|
/* ===== nsCSPSandboxFlags ===================== */
|
|
|
|
|
|
|
|
nsCSPSandboxFlags::nsCSPSandboxFlags(const nsAString& aFlags) : mFlags(aFlags) {
|
2016-08-19 19:41:45 +03:00
|
|
|
ToLowerCase(mFlags);
|
2016-06-29 17:48:44 +03:00
|
|
|
}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPSandboxFlags::~nsCSPSandboxFlags() = default;
|
2016-06-29 17:48:44 +03:00
|
|
|
|
|
|
|
bool nsCSPSandboxFlags::visit(nsCSPSrcVisitor* aVisitor) const { return false; }
|
|
|
|
|
|
|
|
void nsCSPSandboxFlags::toString(nsAString& outStr) const {
|
|
|
|
outStr.Append(mFlags);
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
/* ===== nsCSPDirective ====================== */
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
nsCSPDirective::nsCSPDirective(CSPDirective aDirective) {
|
2014-05-14 22:03:43 +04:00
|
|
|
mDirective = aDirective;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCSPDirective::~nsCSPDirective() {
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
|
|
|
delete mSrcs[i];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
bool nsCSPDirective::permits(nsIURI* aUri, const nsAString& aNonce,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aWasRedirected, bool aReportOnly,
|
|
|
|
bool aUpgradeInsecure, bool aParserCreated) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2016-08-26 09:02:31 +03:00
|
|
|
CSPUTILSLOG(
|
|
|
|
("nsCSPDirective::permits, aUri: %s", aUri->GetSpecOrDefault().get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
2016-11-08 14:55:23 +03:00
|
|
|
if (mSrcs[i]->permits(aUri, aNonce, aWasRedirected, aReportOnly,
|
|
|
|
aUpgradeInsecure, aParserCreated)) {
|
2014-05-14 22:03:43 +04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-11-08 14:55:23 +03:00
|
|
|
bool nsCSPDirective::allows(enum CSPKeyword aKeyword,
|
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPDirective::allows, aKeyWord: %s, a HashOrNonce: %s",
|
2017-10-06 08:16:52 +03:00
|
|
|
CSP_EnumToUTF8Keyword(aKeyword),
|
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
2016-11-08 14:55:23 +03:00
|
|
|
if (mSrcs[i]->allows(aKeyword, aHashOrNonce, aParserCreated)) {
|
2014-05-14 22:03:43 +04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
void nsCSPDirective::toString(nsAString& outStr) const {
|
|
|
|
// Append directive name
|
2014-12-10 15:54:00 +03:00
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(mDirective));
|
2018-09-08 01:12:04 +03:00
|
|
|
outStr.AppendLiteral(" ");
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
// Append srcs
|
2020-12-17 17:58:18 +03:00
|
|
|
StringJoinAppend(outStr, u" "_ns, mSrcs,
|
|
|
|
[](nsAString& dest, nsCSPBaseSrc* cspBaseSrc) {
|
|
|
|
cspBaseSrc->toString(dest);
|
|
|
|
});
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2015-05-21 21:16:04 +03:00
|
|
|
void nsCSPDirective::toDomCSPStruct(mozilla::dom::CSP& outCSP) const {
|
|
|
|
mozilla::dom::Sequence<nsString> srcs;
|
|
|
|
nsString src;
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
|
|
|
src.Truncate();
|
|
|
|
mSrcs[i]->toString(src);
|
2020-04-24 17:34:15 +03:00
|
|
|
if (!srcs.AppendElement(src, mozilla::fallible)) {
|
|
|
|
// XXX(Bug 1632090) Instead of extending the array 1-by-1 (which might
|
|
|
|
// involve multiple reallocations) and potentially crashing here,
|
|
|
|
// SetCapacity could be called outside the loop once.
|
|
|
|
mozalloc_handle_oom(0);
|
|
|
|
}
|
2015-05-21 21:16:04 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
switch (mDirective) {
|
|
|
|
case nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE:
|
|
|
|
outCSP.mDefault_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mDefault_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE:
|
|
|
|
outCSP.mScript_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mScript_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::OBJECT_SRC_DIRECTIVE:
|
|
|
|
outCSP.mObject_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mObject_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE:
|
|
|
|
outCSP.mStyle_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mStyle_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::IMG_SRC_DIRECTIVE:
|
|
|
|
outCSP.mImg_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mImg_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::MEDIA_SRC_DIRECTIVE:
|
|
|
|
outCSP.mMedia_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mMedia_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE:
|
|
|
|
outCSP.mFrame_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mFrame_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::FONT_SRC_DIRECTIVE:
|
|
|
|
outCSP.mFont_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mFont_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::CONNECT_SRC_DIRECTIVE:
|
|
|
|
outCSP.mConnect_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mConnect_src.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE:
|
|
|
|
outCSP.mReport_uri.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mReport_uri.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::FRAME_ANCESTORS_DIRECTIVE:
|
|
|
|
outCSP.mFrame_ancestors.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mFrame_ancestors.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
2015-06-02 22:42:19 +03:00
|
|
|
case nsIContentSecurityPolicy::WEB_MANIFEST_SRC_DIRECTIVE:
|
|
|
|
outCSP.mManifest_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mManifest_src.Value() = std::move(srcs);
|
2015-06-02 22:42:19 +03:00
|
|
|
return;
|
2015-05-21 21:16:04 +03:00
|
|
|
// not supporting REFLECTED_XSS_DIRECTIVE
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::BASE_URI_DIRECTIVE:
|
|
|
|
outCSP.mBase_uri.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mBase_uri.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
case nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE:
|
|
|
|
outCSP.mForm_action.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mForm_action.Value() = std::move(srcs);
|
2015-05-21 21:16:04 +03:00
|
|
|
return;
|
|
|
|
|
2016-01-14 07:58:16 +03:00
|
|
|
case nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT:
|
|
|
|
outCSP.mBlock_all_mixed_content.Construct();
|
|
|
|
// does not have any srcs
|
|
|
|
return;
|
|
|
|
|
2015-07-10 19:16:01 +03:00
|
|
|
case nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE:
|
|
|
|
outCSP.mUpgrade_insecure_requests.Construct();
|
|
|
|
// does not have any srcs
|
|
|
|
return;
|
|
|
|
|
2015-10-29 02:32:27 +03:00
|
|
|
case nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE:
|
|
|
|
outCSP.mChild_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mChild_src.Value() = std::move(srcs);
|
2015-10-29 02:32:27 +03:00
|
|
|
return;
|
|
|
|
|
2016-06-29 17:48:44 +03:00
|
|
|
case nsIContentSecurityPolicy::SANDBOX_DIRECTIVE:
|
|
|
|
outCSP.mSandbox.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mSandbox.Value() = std::move(srcs);
|
2016-06-29 17:48:44 +03:00
|
|
|
return;
|
|
|
|
|
2017-10-30 20:45:36 +03:00
|
|
|
case nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE:
|
|
|
|
outCSP.mWorker_src.Construct();
|
2018-05-30 22:15:35 +03:00
|
|
|
outCSP.mWorker_src.Value() = std::move(srcs);
|
2017-10-30 20:45:36 +03:00
|
|
|
return;
|
|
|
|
|
2015-05-21 21:16:04 +03:00
|
|
|
default:
|
|
|
|
NS_ASSERTION(false, "cannot find directive to convert CSP to JSON");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-20 18:20:00 +04:00
|
|
|
void nsCSPDirective::getReportURIs(nsTArray<nsString>& outReportURIs) const {
|
2014-12-10 15:54:00 +03:00
|
|
|
NS_ASSERTION((mDirective == nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE),
|
|
|
|
"not a report-uri directive");
|
2014-05-20 18:20:00 +04:00
|
|
|
|
|
|
|
// append uris
|
|
|
|
nsString tmpReportURI;
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
|
|
|
tmpReportURI.Truncate();
|
|
|
|
mSrcs[i]->toString(tmpReportURI);
|
|
|
|
outReportURIs.AppendElement(tmpReportURI);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-24 06:42:43 +03:00
|
|
|
bool nsCSPDirective::visitSrcs(nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
|
|
|
|
if (!mSrcs[i]->visit(aVisitor)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-10-29 02:32:27 +03:00
|
|
|
bool nsCSPDirective::equals(CSPDirective aDirective) const {
|
|
|
|
return (mDirective == aDirective);
|
|
|
|
}
|
|
|
|
|
2018-01-16 23:59:00 +03:00
|
|
|
void nsCSPDirective::getDirName(nsAString& outStr) const {
|
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(mDirective));
|
|
|
|
}
|
|
|
|
|
2018-07-06 09:01:49 +03:00
|
|
|
bool nsCSPDirective::hasReportSampleKeyword() const {
|
|
|
|
for (nsCSPBaseSrc* src : mSrcs) {
|
|
|
|
if (src->isReportSample()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-10-29 02:32:27 +03:00
|
|
|
/* =============== nsCSPChildSrcDirective ============= */
|
|
|
|
|
|
|
|
nsCSPChildSrcDirective::nsCSPChildSrcDirective(CSPDirective aDirective)
|
|
|
|
: nsCSPDirective(aDirective),
|
2017-10-30 20:45:36 +03:00
|
|
|
mRestrictFrames(false),
|
|
|
|
mRestrictWorkers(false) {}
|
2015-10-29 02:32:27 +03:00
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPChildSrcDirective::~nsCSPChildSrcDirective() = default;
|
2015-10-29 02:32:27 +03:00
|
|
|
|
2017-10-30 15:19:29 +03:00
|
|
|
bool nsCSPChildSrcDirective::equals(CSPDirective aDirective) const {
|
|
|
|
if (aDirective == nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE) {
|
2017-10-30 20:45:36 +03:00
|
|
|
return mRestrictFrames;
|
|
|
|
}
|
|
|
|
if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) {
|
|
|
|
return mRestrictWorkers;
|
2017-10-30 11:10:36 +03:00
|
|
|
}
|
2017-10-30 20:45:36 +03:00
|
|
|
return (mDirective == aDirective);
|
|
|
|
}
|
2017-10-30 11:10:36 +03:00
|
|
|
|
2017-10-30 20:45:36 +03:00
|
|
|
/* =============== nsCSPScriptSrcDirective ============= */
|
|
|
|
|
|
|
|
nsCSPScriptSrcDirective::nsCSPScriptSrcDirective(CSPDirective aDirective)
|
|
|
|
: nsCSPDirective(aDirective), mRestrictWorkers(false) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsCSPScriptSrcDirective::~nsCSPScriptSrcDirective() = default;
|
2017-10-30 20:45:36 +03:00
|
|
|
|
|
|
|
bool nsCSPScriptSrcDirective::equals(CSPDirective aDirective) const {
|
|
|
|
if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) {
|
|
|
|
return mRestrictWorkers;
|
|
|
|
}
|
|
|
|
return (mDirective == aDirective);
|
2015-10-29 02:32:27 +03:00
|
|
|
}
|
|
|
|
|
2016-01-14 07:58:16 +03:00
|
|
|
/* =============== nsBlockAllMixedContentDirective ============= */
|
|
|
|
|
|
|
|
nsBlockAllMixedContentDirective::nsBlockAllMixedContentDirective(
|
|
|
|
CSPDirective aDirective)
|
|
|
|
: nsCSPDirective(aDirective) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsBlockAllMixedContentDirective::~nsBlockAllMixedContentDirective() = default;
|
2016-01-14 07:58:16 +03:00
|
|
|
|
|
|
|
void nsBlockAllMixedContentDirective::toString(nsAString& outStr) const {
|
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(
|
|
|
|
nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT));
|
|
|
|
}
|
|
|
|
|
2018-01-16 23:59:00 +03:00
|
|
|
void nsBlockAllMixedContentDirective::getDirName(nsAString& outStr) const {
|
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(
|
|
|
|
nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT));
|
|
|
|
}
|
|
|
|
|
2015-07-10 19:13:54 +03:00
|
|
|
/* =============== nsUpgradeInsecureDirective ============= */
|
|
|
|
|
|
|
|
nsUpgradeInsecureDirective::nsUpgradeInsecureDirective(CSPDirective aDirective)
|
|
|
|
: nsCSPDirective(aDirective) {}
|
|
|
|
|
2020-03-04 01:07:43 +03:00
|
|
|
nsUpgradeInsecureDirective::~nsUpgradeInsecureDirective() = default;
|
2015-07-10 19:13:54 +03:00
|
|
|
|
|
|
|
void nsUpgradeInsecureDirective::toString(nsAString& outStr) const {
|
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(
|
|
|
|
nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE));
|
|
|
|
}
|
|
|
|
|
2018-01-16 23:59:00 +03:00
|
|
|
void nsUpgradeInsecureDirective::getDirName(nsAString& outStr) const {
|
|
|
|
outStr.AppendASCII(CSP_CSPDirectiveToString(
|
|
|
|
nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE));
|
|
|
|
}
|
|
|
|
|
2014-05-14 22:03:43 +04:00
|
|
|
/* ===== nsCSPPolicy ========================= */
|
|
|
|
|
|
|
|
nsCSPPolicy::nsCSPPolicy()
|
2015-07-10 19:13:54 +03:00
|
|
|
: mUpgradeInsecDir(nullptr),
|
|
|
|
mReportOnly(false),
|
2018-11-20 02:18:21 +03:00
|
|
|
mDeliveredViaMetaTag(false) {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPPolicy::nsCSPPolicy"));
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCSPPolicy::~nsCSPPolicy() {
|
|
|
|
CSPUTILSLOG(("nsCSPPolicy::~nsCSPPolicy"));
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
|
|
|
delete mDirectives[i];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri,
|
2014-05-14 22:03:43 +04:00
|
|
|
const nsAString& aNonce, bool aWasRedirected,
|
2016-11-08 14:55:23 +03:00
|
|
|
bool aSpecific, bool aParserCreated,
|
2014-05-14 22:03:43 +04:00
|
|
|
nsAString& outViolatedDirective) const {
|
2015-05-12 00:22:04 +03:00
|
|
|
if (CSPUTILSLOGENABLED()) {
|
2014-12-10 15:54:00 +03:00
|
|
|
CSPUTILSLOG(("nsCSPPolicy::permits, aUri: %s, aDir: %d, aSpecific: %s",
|
2016-08-26 09:02:31 +03:00
|
|
|
aUri->GetSpecOrDefault().get(), aDir,
|
|
|
|
aSpecific ? "true" : "false"));
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
NS_ASSERTION(aUri, "permits needs an uri to perform the check!");
|
2016-05-17 16:34:53 +03:00
|
|
|
outViolatedDirective.Truncate();
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
nsCSPDirective* defaultDir = nullptr;
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
// Try to find a relevant directive
|
2014-05-14 22:03:43 +04:00
|
|
|
// These directive arrays are short (1-5 elements), not worth using a
|
|
|
|
// hashtable.
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
2014-12-10 15:54:00 +03:00
|
|
|
if (mDirectives[i]->equals(aDir)) {
|
2016-11-08 14:55:23 +03:00
|
|
|
if (!mDirectives[i]->permits(aUri, aNonce, aWasRedirected, mReportOnly,
|
|
|
|
mUpgradeInsecDir, aParserCreated)) {
|
2018-01-16 23:59:00 +03:00
|
|
|
mDirectives[i]->getDirName(outViolatedDirective);
|
2014-05-14 22:03:43 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
if (mDirectives[i]->isDefaultDirective()) {
|
|
|
|
defaultDir = mDirectives[i];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the above loop runs through, we haven't found a matching directive.
|
|
|
|
// Avoid relooping, just store the result of default-src while looping.
|
2014-12-10 15:54:00 +03:00
|
|
|
if (!aSpecific && defaultDir) {
|
2016-11-08 14:55:23 +03:00
|
|
|
if (!defaultDir->permits(aUri, aNonce, aWasRedirected, mReportOnly,
|
|
|
|
mUpgradeInsecDir, aParserCreated)) {
|
2018-01-16 23:59:00 +03:00
|
|
|
defaultDir->getDirName(outViolatedDirective);
|
2014-05-14 22:03:43 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
// Nothing restricts this, so we're allowing the load
|
|
|
|
// See bug 764937
|
2014-11-18 03:12:00 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-01-07 18:18:52 +03:00
|
|
|
bool nsCSPPolicy::allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
|
2016-11-08 14:55:23 +03:00
|
|
|
const nsAString& aHashOrNonce,
|
|
|
|
bool aParserCreated) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
CSPUTILSLOG(("nsCSPPolicy::allows, aKeyWord: %s, a HashOrNonce: %s",
|
2017-10-06 08:16:52 +03:00
|
|
|
CSP_EnumToUTF8Keyword(aKeyword),
|
|
|
|
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
|
2014-05-14 22:03:43 +04:00
|
|
|
|
|
|
|
nsCSPDirective* defaultDir = nullptr;
|
|
|
|
|
|
|
|
// Try to find a matching directive
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
2021-01-07 18:18:52 +03:00
|
|
|
if (mDirectives[i]->isDefaultDirective()) {
|
|
|
|
defaultDir = mDirectives[i];
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (mDirectives[i]->equals(aDirective)) {
|
2016-11-08 14:55:23 +03:00
|
|
|
if (mDirectives[i]->allows(aKeyword, aHashOrNonce, aParserCreated)) {
|
2014-05-14 22:03:43 +04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-26 02:11:04 +03:00
|
|
|
// {nonce,hash}-source should not consult default-src:
|
|
|
|
// * return false if default-src is specified
|
|
|
|
// * but allow the load if default-src is *not* specified (Bug 1198422)
|
2014-05-14 22:03:43 +04:00
|
|
|
if (aKeyword == CSP_NONCE || aKeyword == CSP_HASH) {
|
2015-08-26 02:11:04 +03:00
|
|
|
if (!defaultDir) {
|
|
|
|
return true;
|
|
|
|
}
|
2014-05-14 22:03:43 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the above loop runs through, we haven't found a matching directive.
|
|
|
|
// Avoid relooping, just store the result of default-src while looping.
|
|
|
|
if (defaultDir) {
|
2016-11-08 14:55:23 +03:00
|
|
|
return defaultDir->allows(aKeyword, aHashOrNonce, aParserCreated);
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Allowing the load; see Bug 885433
|
|
|
|
// a) inline scripts (also unsafe eval) should only be blocked
|
|
|
|
// if there is a [script-src] or [default-src]
|
|
|
|
// b) inline styles should only be blocked
|
|
|
|
// if there is a [style-src] or [default-src]
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void nsCSPPolicy::toString(nsAString& outStr) const {
|
2020-12-17 17:58:18 +03:00
|
|
|
StringJoinAppend(outStr, u"; "_ns, mDirectives,
|
|
|
|
[](nsAString& dest, nsCSPDirective* cspDirective) {
|
|
|
|
cspDirective->toString(dest);
|
|
|
|
});
|
2014-05-14 22:03:43 +04:00
|
|
|
}
|
|
|
|
|
2015-05-21 21:16:04 +03:00
|
|
|
void nsCSPPolicy::toDomCSPStruct(mozilla::dom::CSP& outCSP) const {
|
|
|
|
outCSP.mReport_only = mReportOnly;
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); ++i) {
|
2018-05-09 14:15:08 +03:00
|
|
|
mDirectives[i]->toDomCSPStruct(outCSP);
|
2015-05-21 21:16:04 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
bool nsCSPPolicy::hasDirective(CSPDirective aDir) const {
|
2014-05-14 22:03:43 +04:00
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
|
|
|
if (mDirectives[i]->equals(aDir)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2014-05-20 18:20:00 +04:00
|
|
|
|
2019-09-11 01:33:51 +03:00
|
|
|
bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
|
2020-06-03 02:15:13 +03:00
|
|
|
bool aEnforceAllowlist) const {
|
2019-09-11 01:33:51 +03:00
|
|
|
bool allowsNavigateTo = true;
|
|
|
|
|
|
|
|
for (unsigned long i = 0; i < mDirectives.Length(); i++) {
|
|
|
|
if (mDirectives[i]->equals(
|
|
|
|
nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
|
2020-06-03 02:15:13 +03:00
|
|
|
// Early return if we can skip the allowlist AND 'unsafe-allow-redirects'
|
2019-09-11 01:33:51 +03:00
|
|
|
// is present.
|
2020-06-03 02:15:13 +03:00
|
|
|
if (!aEnforceAllowlist &&
|
2020-09-23 18:17:15 +03:00
|
|
|
mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns, false)) {
|
2019-09-11 01:33:51 +03:00
|
|
|
return true;
|
|
|
|
}
|
2020-06-03 02:15:13 +03:00
|
|
|
// Otherwise, check against the allowlist.
|
2020-09-23 18:17:15 +03:00
|
|
|
if (!mDirectives[i]->permits(aURI, u""_ns, aWasRedirected, false, false,
|
|
|
|
false)) {
|
2019-09-11 01:33:51 +03:00
|
|
|
allowsNavigateTo = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return allowsNavigateTo;
|
|
|
|
}
|
|
|
|
|
2014-10-18 03:33:02 +04:00
|
|
|
/*
|
|
|
|
* Use this function only after ::allows() returned 'false'. Most and
|
|
|
|
* foremost it's used to get the violated directive before sending reports.
|
|
|
|
* The parameter outDirective is the equivalent of 'outViolatedDirective'
|
|
|
|
* for the ::permits() function family.
|
|
|
|
*/
|
2018-07-06 09:01:49 +03:00
|
|
|
void nsCSPPolicy::getDirectiveStringAndReportSampleForContentType(
|
2021-01-07 18:18:52 +03:00
|
|
|
CSPDirective aDirective, nsAString& outDirective,
|
2018-07-06 09:01:49 +03:00
|
|
|
bool* aReportSample) const {
|
|
|
|
MOZ_ASSERT(aReportSample);
|
|
|
|
*aReportSample = false;
|
|
|
|
|
2014-10-18 03:33:02 +04:00
|
|
|
nsCSPDirective* defaultDir = nullptr;
|
2014-05-20 18:20:00 +04:00
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
2021-01-07 18:18:52 +03:00
|
|
|
if (mDirectives[i]->isDefaultDirective()) {
|
|
|
|
defaultDir = mDirectives[i];
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (mDirectives[i]->equals(aDirective)) {
|
2018-01-16 23:59:00 +03:00
|
|
|
mDirectives[i]->getDirName(outDirective);
|
2018-07-06 09:01:49 +03:00
|
|
|
*aReportSample = mDirectives[i]->hasReportSampleKeyword();
|
2014-05-20 18:20:00 +04:00
|
|
|
return;
|
|
|
|
}
|
2014-10-18 03:33:02 +04:00
|
|
|
}
|
|
|
|
// if we haven't found a matching directive yet,
|
|
|
|
// the contentType must be restricted by the default directive
|
|
|
|
if (defaultDir) {
|
2018-01-16 23:59:00 +03:00
|
|
|
defaultDir->getDirName(outDirective);
|
2018-07-06 09:01:49 +03:00
|
|
|
*aReportSample = defaultDir->hasReportSampleKeyword();
|
2014-10-18 03:33:02 +04:00
|
|
|
return;
|
2014-05-20 18:20:00 +04:00
|
|
|
}
|
2014-10-18 03:33:02 +04:00
|
|
|
NS_ASSERTION(false, "Can not query directive string for contentType!");
|
2018-09-08 01:12:04 +03:00
|
|
|
outDirective.AppendLiteral("couldNotQueryViolatedDirective");
|
2014-05-20 18:20:00 +04:00
|
|
|
}
|
|
|
|
|
2014-12-10 15:54:00 +03:00
|
|
|
void nsCSPPolicy::getDirectiveAsString(CSPDirective aDir,
|
|
|
|
nsAString& outDirective) const {
|
2014-08-16 03:26:59 +04:00
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
2014-11-18 03:12:00 +03:00
|
|
|
if (mDirectives[i]->equals(aDir)) {
|
2014-08-16 03:26:59 +04:00
|
|
|
mDirectives[i]->toString(outDirective);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-29 17:48:44 +03:00
|
|
|
/*
|
|
|
|
* Helper function that returns the underlying bit representation of sandbox
|
|
|
|
* flags. The function returns SANDBOXED_NONE if there are no sandbox
|
|
|
|
* directives.
|
|
|
|
*/
|
|
|
|
uint32_t nsCSPPolicy::getSandboxFlags() const {
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
|
|
|
if (mDirectives[i]->equals(nsIContentSecurityPolicy::SANDBOX_DIRECTIVE)) {
|
|
|
|
nsAutoString flags;
|
|
|
|
mDirectives[i]->toString(flags);
|
|
|
|
|
|
|
|
if (flags.IsEmpty()) {
|
|
|
|
return SANDBOX_ALL_FLAGS;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsAttrValue attr;
|
|
|
|
attr.ParseAtomArray(flags);
|
|
|
|
|
|
|
|
return nsContentUtils::ParseSandboxAttributeToFlags(&attr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return SANDBOXED_NONE;
|
|
|
|
}
|
|
|
|
|
2014-05-20 18:20:00 +04:00
|
|
|
void nsCSPPolicy::getReportURIs(nsTArray<nsString>& outReportURIs) const {
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
2014-12-10 15:54:00 +03:00
|
|
|
if (mDirectives[i]->equals(
|
|
|
|
nsIContentSecurityPolicy::REPORT_URI_DIRECTIVE)) {
|
2014-05-20 18:20:00 +04:00
|
|
|
mDirectives[i]->getReportURIs(outReportURIs);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-04-24 06:42:43 +03:00
|
|
|
|
|
|
|
bool nsCSPPolicy::visitDirectiveSrcs(CSPDirective aDir,
|
|
|
|
nsCSPSrcVisitor* aVisitor) const {
|
|
|
|
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
|
|
|
|
if (mDirectives[i]->equals(aDir)) {
|
|
|
|
return mDirectives[i]->visitSrcs(aVisitor);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|