зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1896344: part 7) Move effective directive to `CSPViolationData`. r=tschuster
Differential Revision: https://phabricator.services.mozilla.com/D213573
This commit is contained in:
Родитель
13c04b7b15
Коммит
17effd0a6d
|
@ -34,11 +34,13 @@ static nsString MaybeTruncateSample(const nsAString& aSample) {
|
||||||
|
|
||||||
CSPViolationData::CSPViolationData(uint32_t aViolatedPolicyIndex,
|
CSPViolationData::CSPViolationData(uint32_t aViolatedPolicyIndex,
|
||||||
Resource&& aResource,
|
Resource&& aResource,
|
||||||
|
const CSPDirective aEffectiveDirective,
|
||||||
const nsAString& aSourceFile,
|
const nsAString& aSourceFile,
|
||||||
uint32_t aLineNumber, uint32_t aColumnNumber,
|
uint32_t aLineNumber, uint32_t aColumnNumber,
|
||||||
Element* aElement, const nsAString& aSample)
|
Element* aElement, const nsAString& aSample)
|
||||||
: mViolatedPolicyIndex{aViolatedPolicyIndex},
|
: mViolatedPolicyIndex{aViolatedPolicyIndex},
|
||||||
mResource{std::move(aResource)},
|
mResource{std::move(aResource)},
|
||||||
|
mEffectiveDirective{aEffectiveDirective},
|
||||||
mSourceFile{aSourceFile},
|
mSourceFile{aSourceFile},
|
||||||
mLineNumber{aLineNumber},
|
mLineNumber{aLineNumber},
|
||||||
mColumnNumber{aColumnNumber},
|
mColumnNumber{aColumnNumber},
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
#define DOM_SECURITY_CSPVIOLATION_H_
|
#define DOM_SECURITY_CSPVIOLATION_H_
|
||||||
|
|
||||||
#include "nsCOMPtr.h"
|
#include "nsCOMPtr.h"
|
||||||
|
#include "nsIContentSecurityPolicy.h"
|
||||||
#include "nsIURI.h"
|
#include "nsIURI.h"
|
||||||
#include "nsString.h"
|
#include "nsString.h"
|
||||||
#include "mozilla/RefPtr.h"
|
#include "mozilla/RefPtr.h"
|
||||||
|
@ -21,6 +22,7 @@ namespace mozilla::dom {
|
||||||
class Element;
|
class Element;
|
||||||
|
|
||||||
// Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
|
// Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
|
||||||
|
// The remaining parts can be deduced from the corresponding nsCSPContext.
|
||||||
struct CSPViolationData {
|
struct CSPViolationData {
|
||||||
enum class BlockedContentSource {
|
enum class BlockedContentSource {
|
||||||
Unknown,
|
Unknown,
|
||||||
|
@ -34,6 +36,7 @@ struct CSPViolationData {
|
||||||
|
|
||||||
// @param aSample Will be truncated if necessary.
|
// @param aSample Will be truncated if necessary.
|
||||||
CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
|
CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
|
||||||
|
const CSPDirective aEffectiveDirective,
|
||||||
const nsAString& aSourceFile, uint32_t aLineNumber,
|
const nsAString& aSourceFile, uint32_t aLineNumber,
|
||||||
uint32_t aColumnNumber, Element* aElement,
|
uint32_t aColumnNumber, Element* aElement,
|
||||||
const nsAString& aSample);
|
const nsAString& aSample);
|
||||||
|
@ -44,6 +47,7 @@ struct CSPViolationData {
|
||||||
|
|
||||||
const uint32_t mViolatedPolicyIndex;
|
const uint32_t mViolatedPolicyIndex;
|
||||||
const Resource mResource;
|
const Resource mResource;
|
||||||
|
const CSPDirective mEffectiveDirective;
|
||||||
// String representation of the URL. The empty string represents a null-URL.
|
// String representation of the URL. The empty string represents a null-URL.
|
||||||
const nsString mSourceFile;
|
const nsString mSourceFile;
|
||||||
const uint32_t mLineNumber;
|
const uint32_t mLineNumber;
|
||||||
|
|
|
@ -224,6 +224,7 @@ bool nsCSPContext::permitsInternal(
|
||||||
|
|
||||||
CSPViolationData cspViolationData{p,
|
CSPViolationData cspViolationData{p,
|
||||||
std::move(resource),
|
std::move(resource),
|
||||||
|
aDir,
|
||||||
spec,
|
spec,
|
||||||
lineNumber,
|
lineNumber,
|
||||||
columnNumber,
|
columnNumber,
|
||||||
|
@ -235,7 +236,6 @@ bool nsCSPContext::permitsInternal(
|
||||||
aOriginalURIIfRedirect, /* in case of redirect originalURI is not
|
aOriginalURIIfRedirect, /* in case of redirect originalURI is not
|
||||||
null */
|
null */
|
||||||
violatedDirective, violatedDirectiveString,
|
violatedDirective, violatedDirectiveString,
|
||||||
aDir, // aViolatedDirective
|
|
||||||
u""_ns, // no observer subject
|
u""_ns, // no observer subject
|
||||||
false); // aReportSample (no sample)
|
false); // aReportSample (no sample)
|
||||||
}
|
}
|
||||||
|
@ -568,6 +568,7 @@ void nsCSPContext::reportInlineViolation(
|
||||||
aViolatedPolicyIndex,
|
aViolatedPolicyIndex,
|
||||||
CSPViolationData::Resource{
|
CSPViolationData::Resource{
|
||||||
CSPViolationData::BlockedContentSource::Inline},
|
CSPViolationData::BlockedContentSource::Inline},
|
||||||
|
aEffectiveDirective,
|
||||||
sourceFile,
|
sourceFile,
|
||||||
lineNumber,
|
lineNumber,
|
||||||
columnNumber,
|
columnNumber,
|
||||||
|
@ -578,7 +579,6 @@ void nsCSPContext::reportInlineViolation(
|
||||||
mSelfURI, // aOriginalURI
|
mSelfURI, // aOriginalURI
|
||||||
aViolatedDirective, // aViolatedDirective
|
aViolatedDirective, // aViolatedDirective
|
||||||
aViolatedDirectiveString,
|
aViolatedDirectiveString,
|
||||||
aEffectiveDirective, // aEffectiveDirective
|
|
||||||
observerSubject, // aObserverSubject
|
observerSubject, // aObserverSubject
|
||||||
aReportSample); // aReportSample
|
aReportSample); // aReportSample
|
||||||
}
|
}
|
||||||
|
@ -762,6 +762,7 @@ nsCSPContext::LogViolationDetails(
|
||||||
CSPViolationData cspViolationData{
|
CSPViolationData cspViolationData{
|
||||||
p,
|
p,
|
||||||
CSPViolationData::Resource{blockedContentSource},
|
CSPViolationData::Resource{blockedContentSource},
|
||||||
|
/* aEffectiveDirective */ CSPDirective::SCRIPT_SRC_DIRECTIVE,
|
||||||
aSourceFile,
|
aSourceFile,
|
||||||
static_cast<uint32_t>(aLineNum),
|
static_cast<uint32_t>(aLineNum),
|
||||||
static_cast<uint32_t>(aColumnNum),
|
static_cast<uint32_t>(aColumnNum),
|
||||||
|
@ -771,7 +772,6 @@ nsCSPContext::LogViolationDetails(
|
||||||
AsyncReportViolation(
|
AsyncReportViolation(
|
||||||
aCSPEventListener, std::move(cspViolationData), nullptr,
|
aCSPEventListener, std::move(cspViolationData), nullptr,
|
||||||
violatedDirectiveName, violatedDirectiveNameAndValue,
|
violatedDirectiveName, violatedDirectiveNameAndValue,
|
||||||
CSPDirective::SCRIPT_SRC_DIRECTIVE /* aEffectiveDirective */,
|
|
||||||
observerSubject, reportSample);
|
observerSubject, reportSample);
|
||||||
}
|
}
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
@ -1402,7 +1402,6 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
nsIURI* aOriginalURI, bool aReportOnlyFlag,
|
nsIURI* aOriginalURI, bool aReportOnlyFlag,
|
||||||
const nsAString& aViolatedDirectiveName,
|
const nsAString& aViolatedDirectiveName,
|
||||||
const nsAString& aViolatedDirectiveNameAndValue,
|
const nsAString& aViolatedDirectiveNameAndValue,
|
||||||
const CSPDirective aEffectiveDirective,
|
|
||||||
const nsAString& aObserverSubject, bool aReportSample,
|
const nsAString& aObserverSubject, bool aReportSample,
|
||||||
nsCSPContext* aCSPContext)
|
nsCSPContext* aCSPContext)
|
||||||
: mozilla::Runnable("CSPReportSenderRunnable"),
|
: mozilla::Runnable("CSPReportSenderRunnable"),
|
||||||
|
@ -1413,7 +1412,6 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
mReportSample(aReportSample),
|
mReportSample(aReportSample),
|
||||||
mViolatedDirectiveName(aViolatedDirectiveName),
|
mViolatedDirectiveName(aViolatedDirectiveName),
|
||||||
mViolatedDirectiveNameAndValue(aViolatedDirectiveNameAndValue),
|
mViolatedDirectiveNameAndValue(aViolatedDirectiveNameAndValue),
|
||||||
mEffectiveDirective(aEffectiveDirective),
|
|
||||||
mCSPContext(aCSPContext) {
|
mCSPContext(aCSPContext) {
|
||||||
NS_ASSERTION(!aViolatedDirectiveName.IsEmpty(),
|
NS_ASSERTION(!aViolatedDirectiveName.IsEmpty(),
|
||||||
"Can not send reports without a violated directive");
|
"Can not send reports without a violated directive");
|
||||||
|
@ -1450,7 +1448,7 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
|
|
||||||
nsAutoString effectiveDirective;
|
nsAutoString effectiveDirective;
|
||||||
effectiveDirective.AssignASCII(
|
effectiveDirective.AssignASCII(
|
||||||
CSP_CSPDirectiveToString(mEffectiveDirective));
|
CSP_CSPDirectiveToString(mCSPViolationData.mEffectiveDirective));
|
||||||
|
|
||||||
nsresult rv = mCSPContext->GatherSecurityPolicyViolationEventData(
|
nsresult rv = mCSPContext->GatherSecurityPolicyViolationEventData(
|
||||||
mOriginalURI, effectiveDirective, mCSPViolationData,
|
mOriginalURI, effectiveDirective, mCSPViolationData,
|
||||||
|
@ -1486,7 +1484,7 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
private:
|
private:
|
||||||
void ReportToConsole() const {
|
void ReportToConsole() const {
|
||||||
NS_ConvertUTF8toUTF16 effectiveDirective(
|
NS_ConvertUTF8toUTF16 effectiveDirective(
|
||||||
CSP_CSPDirectiveToString(mEffectiveDirective));
|
CSP_CSPDirectiveToString(mCSPViolationData.mEffectiveDirective));
|
||||||
|
|
||||||
const auto blockedContentSource =
|
const auto blockedContentSource =
|
||||||
mCSPViolationData.BlockedContentSourceOrUnknown();
|
mCSPViolationData.BlockedContentSourceOrUnknown();
|
||||||
|
@ -1494,16 +1492,18 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
switch (blockedContentSource) {
|
switch (blockedContentSource) {
|
||||||
case CSPViolationData::BlockedContentSource::Inline: {
|
case CSPViolationData::BlockedContentSource::Inline: {
|
||||||
const char* errorName = nullptr;
|
const char* errorName = nullptr;
|
||||||
if (mEffectiveDirective == CSPDirective::STYLE_SRC_ATTR_DIRECTIVE ||
|
if (mCSPViolationData.mEffectiveDirective ==
|
||||||
mEffectiveDirective == CSPDirective::STYLE_SRC_ELEM_DIRECTIVE) {
|
CSPDirective::STYLE_SRC_ATTR_DIRECTIVE ||
|
||||||
|
mCSPViolationData.mEffectiveDirective ==
|
||||||
|
CSPDirective::STYLE_SRC_ELEM_DIRECTIVE) {
|
||||||
errorName = mReportOnlyFlag ? "CSPROInlineStyleViolation"
|
errorName = mReportOnlyFlag ? "CSPROInlineStyleViolation"
|
||||||
: "CSPInlineStyleViolation";
|
: "CSPInlineStyleViolation";
|
||||||
} else if (mEffectiveDirective ==
|
} else if (mCSPViolationData.mEffectiveDirective ==
|
||||||
CSPDirective::SCRIPT_SRC_ATTR_DIRECTIVE) {
|
CSPDirective::SCRIPT_SRC_ATTR_DIRECTIVE) {
|
||||||
errorName = mReportOnlyFlag ? "CSPROEventHandlerScriptViolation"
|
errorName = mReportOnlyFlag ? "CSPROEventHandlerScriptViolation"
|
||||||
: "CSPEventHandlerScriptViolation";
|
: "CSPEventHandlerScriptViolation";
|
||||||
} else {
|
} else {
|
||||||
MOZ_ASSERT(mEffectiveDirective ==
|
MOZ_ASSERT(mCSPViolationData.mEffectiveDirective ==
|
||||||
CSPDirective::SCRIPT_SRC_ELEM_DIRECTIVE);
|
CSPDirective::SCRIPT_SRC_ELEM_DIRECTIVE);
|
||||||
errorName = mReportOnlyFlag ? "CSPROInlineScriptViolation"
|
errorName = mReportOnlyFlag ? "CSPROInlineScriptViolation"
|
||||||
: "CSPInlineScriptViolation";
|
: "CSPInlineScriptViolation";
|
||||||
|
@ -1563,7 +1563,7 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* errorName = nullptr;
|
const char* errorName = nullptr;
|
||||||
switch (mEffectiveDirective) {
|
switch (mCSPViolationData.mEffectiveDirective) {
|
||||||
case CSPDirective::STYLE_SRC_ELEM_DIRECTIVE:
|
case CSPDirective::STYLE_SRC_ELEM_DIRECTIVE:
|
||||||
errorName =
|
errorName =
|
||||||
mReportOnlyFlag ? "CSPROStyleViolation" : "CSPStyleViolation";
|
mReportOnlyFlag ? "CSPROStyleViolation" : "CSPStyleViolation";
|
||||||
|
@ -1598,7 +1598,6 @@ class CSPReportSenderRunnable final : public Runnable {
|
||||||
bool mReportSample;
|
bool mReportSample;
|
||||||
nsString mViolatedDirectiveName;
|
nsString mViolatedDirectiveName;
|
||||||
nsString mViolatedDirectiveNameAndValue;
|
nsString mViolatedDirectiveNameAndValue;
|
||||||
CSPDirective mEffectiveDirective;
|
|
||||||
nsCOMPtr<nsISupports> mObserverSubject;
|
nsCOMPtr<nsISupports> mObserverSubject;
|
||||||
RefPtr<nsCSPContext> mCSPContext;
|
RefPtr<nsCSPContext> mCSPContext;
|
||||||
};
|
};
|
||||||
|
@ -1621,8 +1620,7 @@ nsresult nsCSPContext::AsyncReportViolation(
|
||||||
mozilla::dom::CSPViolationData&& aCSPViolationData, nsIURI* aOriginalURI,
|
mozilla::dom::CSPViolationData&& aCSPViolationData, nsIURI* aOriginalURI,
|
||||||
const nsAString& aViolatedDirectiveName,
|
const nsAString& aViolatedDirectiveName,
|
||||||
const nsAString& aViolatedDirectiveNameAndValue,
|
const nsAString& aViolatedDirectiveNameAndValue,
|
||||||
const CSPDirective aEffectiveDirective, const nsAString& aObserverSubject,
|
const nsAString& aObserverSubject, bool aReportSample) {
|
||||||
bool aReportSample) {
|
|
||||||
EnsureIPCPoliciesRead();
|
EnsureIPCPoliciesRead();
|
||||||
NS_ENSURE_ARG_MAX(aCSPViolationData.mViolatedPolicyIndex,
|
NS_ENSURE_ARG_MAX(aCSPViolationData.mViolatedPolicyIndex,
|
||||||
mPolicies.Length() - 1);
|
mPolicies.Length() - 1);
|
||||||
|
@ -1630,8 +1628,8 @@ nsresult nsCSPContext::AsyncReportViolation(
|
||||||
nsCOMPtr<nsIRunnable> task = new CSPReportSenderRunnable(
|
nsCOMPtr<nsIRunnable> task = new CSPReportSenderRunnable(
|
||||||
aCSPEventListener, std::move(aCSPViolationData), aOriginalURI,
|
aCSPEventListener, std::move(aCSPViolationData), aOriginalURI,
|
||||||
mPolicies[aCSPViolationData.mViolatedPolicyIndex]->getReportOnlyFlag(),
|
mPolicies[aCSPViolationData.mViolatedPolicyIndex]->getReportOnlyFlag(),
|
||||||
aViolatedDirectiveName, aViolatedDirectiveNameAndValue,
|
aViolatedDirectiveName, aViolatedDirectiveNameAndValue, aObserverSubject,
|
||||||
aEffectiveDirective, aObserverSubject, aReportSample, this);
|
aReportSample, this);
|
||||||
|
|
||||||
if (XRE_IsContentProcess()) {
|
if (XRE_IsContentProcess()) {
|
||||||
if (mEventTarget) {
|
if (mEventTarget) {
|
||||||
|
|
|
@ -111,8 +111,7 @@ class nsCSPContext : public nsIContentSecurityPolicy {
|
||||||
mozilla::dom::CSPViolationData&& aCSPViolationData, nsIURI* aOriginalURI,
|
mozilla::dom::CSPViolationData&& aCSPViolationData, nsIURI* aOriginalURI,
|
||||||
const nsAString& aViolatedDirectiveName,
|
const nsAString& aViolatedDirectiveName,
|
||||||
const nsAString& aViolatedDirectiveNameAndValue,
|
const nsAString& aViolatedDirectiveNameAndValue,
|
||||||
const CSPDirective aEffectiveDirective, const nsAString& aObserverSubject,
|
const nsAString& aObserverSubject, bool aReportSample);
|
||||||
bool aReportSample);
|
|
||||||
|
|
||||||
// Hands off! Don't call this method unless you know what you
|
// Hands off! Don't call this method unless you know what you
|
||||||
// are doing. It's only supposed to be called from within
|
// are doing. It's only supposed to be called from within
|
||||||
|
|
Загрузка…
Ссылка в новой задаче