зеркало из https://github.com/mozilla/gecko-dev.git
703 строки
23 KiB
C++
703 строки
23 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef nsCSPUtils_h___
|
|
#define nsCSPUtils_h___
|
|
|
|
#include "nsCOMPtr.h"
|
|
#include "nsIContentSecurityPolicy.h"
|
|
#include "nsIURI.h"
|
|
#include "nsLiteralString.h"
|
|
#include "nsString.h"
|
|
#include "nsTArray.h"
|
|
#include "nsUnicharUtils.h"
|
|
#include "mozilla/Logging.h"
|
|
|
|
class nsIChannel;
|
|
|
|
namespace mozilla::dom {
|
|
struct CSP;
|
|
class Document;
|
|
} // namespace mozilla::dom
|
|
|
|
/* =============== Logging =================== */
|
|
|
|
void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
|
|
const nsAString& aSourceName,
|
|
const nsAString& aSourceLine, uint32_t aLineNumber,
|
|
uint32_t aColumnNumber, uint32_t aFlags,
|
|
const nsACString& aCategory, uint64_t aInnerWindowID,
|
|
bool aFromPrivateWindow);
|
|
|
|
void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
|
|
nsAString& outResult);
|
|
|
|
void CSP_LogStrMessage(const nsAString& aMsg);
|
|
|
|
void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
|
|
const nsAString& aSourceLine, uint32_t aLineNumber,
|
|
uint32_t aColumnNumber, uint32_t aFlags,
|
|
const nsACString& aCategory, uint64_t aInnerWindowID,
|
|
bool aFromPrivateWindow);
|
|
|
|
/* =============== Constant and Type Definitions ================== */
|
|
|
|
#define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
|
|
"violated base restriction: Inline Stylesheets will not apply"
|
|
#define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
|
|
"violated base restriction: Inline Scripts will not execute"
|
|
#define EVAL_VIOLATION_OBSERVER_TOPIC \
|
|
"violated base restriction: Code will not be created from strings"
|
|
#define WASM_EVAL_VIOLATION_OBSERVER_TOPIC \
|
|
"violated base restriction: WebAssembly code will not be created from " \
|
|
"dynamically"
|
|
#define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
|
|
#define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
|
|
#define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
|
|
#define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
|
|
|
|
// these strings map to the CSPDirectives in nsIContentSecurityPolicy
|
|
// NOTE: When implementing a new directive, you will need to add it here but
|
|
// also add a corresponding entry to the constants in
|
|
// nsIContentSecurityPolicy.idl and also create an entry for the new directive
|
|
// in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
|
|
// Order of elements below important! Make sure it matches the order as in
|
|
// nsIContentSecurityPolicy.idl
|
|
static const char* CSPStrDirectives[] = {
|
|
"-error-", // NO_DIRECTIVE
|
|
"default-src", // DEFAULT_SRC_DIRECTIVE
|
|
"script-src", // SCRIPT_SRC_DIRECTIVE
|
|
"object-src", // OBJECT_SRC_DIRECTIVE
|
|
"style-src", // STYLE_SRC_DIRECTIVE
|
|
"img-src", // IMG_SRC_DIRECTIVE
|
|
"media-src", // MEDIA_SRC_DIRECTIVE
|
|
"frame-src", // FRAME_SRC_DIRECTIVE
|
|
"font-src", // FONT_SRC_DIRECTIVE
|
|
"connect-src", // CONNECT_SRC_DIRECTIVE
|
|
"report-uri", // REPORT_URI_DIRECTIVE
|
|
"frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
|
|
"reflected-xss", // REFLECTED_XSS_DIRECTIVE
|
|
"base-uri", // BASE_URI_DIRECTIVE
|
|
"form-action", // FORM_ACTION_DIRECTIVE
|
|
"manifest-src", // MANIFEST_SRC_DIRECTIVE
|
|
"upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
|
|
"child-src", // CHILD_SRC_DIRECTIVE
|
|
"block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
|
|
"sandbox", // SANDBOX_DIRECTIVE
|
|
"worker-src", // WORKER_SRC_DIRECTIVE
|
|
"navigate-to", // NAVIGATE_TO_DIRECTIVE
|
|
"script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
|
|
"script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
|
|
"style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
|
|
"style-src-attr", // STYLE_SRC_ATTR_DIRECTIVE
|
|
};
|
|
|
|
inline const char* CSP_CSPDirectiveToString(CSPDirective aDir) {
|
|
return CSPStrDirectives[static_cast<uint32_t>(aDir)];
|
|
}
|
|
|
|
inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
|
|
nsString lowerDir = PromiseFlatString(aDir);
|
|
ToLowerCase(lowerDir);
|
|
|
|
uint32_t numDirs = (sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0]));
|
|
for (uint32_t i = 1; i < numDirs; i++) {
|
|
if (lowerDir.EqualsASCII(CSPStrDirectives[i])) {
|
|
return static_cast<CSPDirective>(i);
|
|
}
|
|
}
|
|
return nsIContentSecurityPolicy::NO_DIRECTIVE;
|
|
}
|
|
|
|
#define FOR_EACH_CSP_KEYWORD(MACRO) \
|
|
MACRO(CSP_SELF, "'self'") \
|
|
MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
|
|
MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
|
|
MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
|
|
MACRO(CSP_NONE, "'none'") \
|
|
MACRO(CSP_NONCE, "'nonce-") \
|
|
MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
|
|
MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
|
|
MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \
|
|
MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
|
|
|
|
enum CSPKeyword {
|
|
#define KEYWORD_ENUM(id_, string_) id_,
|
|
FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM)
|
|
#undef KEYWORD_ENUM
|
|
|
|
// CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
|
|
// because we use it to calculate the size for the char* array.
|
|
CSP_LAST_KEYWORD_VALUE,
|
|
|
|
// Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
|
|
// keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
|
|
// to identify allowed hashes in ::allows.
|
|
CSP_HASH
|
|
};
|
|
|
|
// The keywords, in UTF-8 form.
|
|
static const char* gCSPUTF8Keywords[] = {
|
|
#define KEYWORD_UTF8_LITERAL(id_, string_) string_,
|
|
FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL)
|
|
#undef KEYWORD_UTF8_LITERAL
|
|
};
|
|
|
|
// The keywords, in UTF-16 form.
|
|
static const char16_t* gCSPUTF16Keywords[] = {
|
|
#define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
|
|
FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL)
|
|
#undef KEYWORD_UTF16_LITERAL
|
|
};
|
|
|
|
#undef FOR_EACH_CSP_KEYWORD
|
|
|
|
inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey) {
|
|
// Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
|
|
static_assert((sizeof(gCSPUTF8Keywords) / sizeof(gCSPUTF8Keywords[0]) ==
|
|
CSP_LAST_KEYWORD_VALUE),
|
|
"CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
|
|
|
|
if (static_cast<uint32_t>(aKey) <
|
|
static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
|
|
return gCSPUTF8Keywords[static_cast<uint32_t>(aKey)];
|
|
}
|
|
return "error: invalid keyword in CSP_EnumToUTF8Keyword";
|
|
}
|
|
|
|
inline const char16_t* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey) {
|
|
// Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
|
|
static_assert((sizeof(gCSPUTF16Keywords) / sizeof(gCSPUTF16Keywords[0]) ==
|
|
CSP_LAST_KEYWORD_VALUE),
|
|
"CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
|
|
|
|
if (static_cast<uint32_t>(aKey) <
|
|
static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
|
|
return gCSPUTF16Keywords[static_cast<uint32_t>(aKey)];
|
|
}
|
|
return u"error: invalid keyword in CSP_EnumToUTF16Keyword";
|
|
}
|
|
|
|
inline CSPKeyword CSP_UTF16KeywordToEnum(const nsAString& aKey) {
|
|
nsString lowerKey = PromiseFlatString(aKey);
|
|
ToLowerCase(lowerKey);
|
|
|
|
for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
|
|
if (lowerKey.Equals(gCSPUTF16Keywords[i])) {
|
|
return static_cast<CSPKeyword>(i);
|
|
}
|
|
}
|
|
NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
|
|
return CSP_LAST_KEYWORD_VALUE;
|
|
}
|
|
|
|
nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
|
|
const nsAString& aHeaderValue,
|
|
bool aReportOnly);
|
|
|
|
/* =============== Helpers ================== */
|
|
|
|
class nsCSPHostSrc;
|
|
|
|
nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
|
|
bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
|
|
bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
|
|
bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
|
|
bool CSP_IsQuotelessKeyword(const nsAString& aKey);
|
|
CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType);
|
|
|
|
class nsCSPSrcVisitor;
|
|
|
|
void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr);
|
|
bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel);
|
|
|
|
void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
|
|
const nsAString& aPolicyStr);
|
|
|
|
/* =============== nsCSPSrc ================== */
|
|
|
|
class nsCSPBaseSrc {
|
|
public:
|
|
nsCSPBaseSrc();
|
|
virtual ~nsCSPBaseSrc();
|
|
|
|
virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
|
|
bool aWasRedirected, bool aReportOnly,
|
|
bool aUpgradeInsecure, bool aParserCreated) const;
|
|
virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const;
|
|
virtual bool visit(nsCSPSrcVisitor* aVisitor) const = 0;
|
|
virtual void toString(nsAString& outStr) const = 0;
|
|
|
|
virtual void invalidate() const { mInvalidated = true; }
|
|
|
|
virtual bool isReportSample() const { return false; }
|
|
|
|
protected:
|
|
// invalidate srcs if 'script-dynamic' is present or also invalidate
|
|
// unsafe-inline' if nonce- or hash-source specified
|
|
mutable bool mInvalidated;
|
|
};
|
|
|
|
/* =============== nsCSPSchemeSrc ============ */
|
|
|
|
class nsCSPSchemeSrc : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPSchemeSrc(const nsAString& aScheme);
|
|
virtual ~nsCSPSchemeSrc();
|
|
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override;
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
|
|
|
|
private:
|
|
nsString mScheme;
|
|
};
|
|
|
|
/* =============== nsCSPHostSrc ============== */
|
|
|
|
class nsCSPHostSrc : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPHostSrc(const nsAString& aHost);
|
|
virtual ~nsCSPHostSrc();
|
|
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override;
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
void setScheme(const nsAString& aScheme);
|
|
void setPort(const nsAString& aPort);
|
|
void appendPath(const nsAString& aPath);
|
|
|
|
inline void setGeneratedFromSelfKeyword() {
|
|
mGeneratedFromSelfKeyword = true;
|
|
}
|
|
|
|
inline void setGeneratedScheme(bool aValue) { mGeneratedScheme = aValue; }
|
|
|
|
inline void setIsUniqueOrigin() { mIsUniqueOrigin = true; }
|
|
|
|
inline void setWithinFrameAncestorsDir(bool aValue) {
|
|
mWithinFrameAncstorsDir = aValue;
|
|
}
|
|
|
|
inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
|
|
|
|
inline void getHost(nsAString& outStr) const { outStr.Assign(mHost); };
|
|
|
|
inline void getPort(nsAString& outStr) const { outStr.Assign(mPort); };
|
|
|
|
inline void getPath(nsAString& outStr) const { outStr.Assign(mPath); };
|
|
|
|
private:
|
|
nsString mScheme;
|
|
nsString mHost;
|
|
nsString mPort;
|
|
nsString mPath;
|
|
bool mGeneratedFromSelfKeyword = false;
|
|
bool mGeneratedScheme = false;
|
|
bool mIsUniqueOrigin = false;
|
|
bool mWithinFrameAncstorsDir = false;
|
|
};
|
|
|
|
/* =============== nsCSPKeywordSrc ============ */
|
|
|
|
class nsCSPKeywordSrc : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPKeywordSrc(CSPKeyword aKeyword);
|
|
virtual ~nsCSPKeywordSrc();
|
|
|
|
bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const override;
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override;
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
inline CSPKeyword getKeyword() const { return mKeyword; };
|
|
|
|
inline void invalidate() const override {
|
|
// keywords that need to invalidated
|
|
if (mKeyword == CSP_SELF || mKeyword == CSP_UNSAFE_INLINE ||
|
|
mKeyword == CSP_REPORT_SAMPLE) {
|
|
mInvalidated = true;
|
|
}
|
|
}
|
|
|
|
bool isReportSample() const override { return mKeyword == CSP_REPORT_SAMPLE; }
|
|
|
|
private:
|
|
CSPKeyword mKeyword;
|
|
};
|
|
|
|
/* =============== nsCSPNonceSource =========== */
|
|
|
|
class nsCSPNonceSrc : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPNonceSrc(const nsAString& aNonce);
|
|
virtual ~nsCSPNonceSrc();
|
|
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override;
|
|
bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const override;
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
inline void getNonce(nsAString& outStr) const { outStr.Assign(mNonce); };
|
|
|
|
inline void invalidate() const override {
|
|
// overwrite nsCSPBaseSRC::invalidate() and explicitily
|
|
// do *not* invalidate, because 'strict-dynamic' should
|
|
// not invalidate nonces.
|
|
}
|
|
|
|
private:
|
|
nsString mNonce;
|
|
};
|
|
|
|
/* =============== nsCSPHashSource ============ */
|
|
|
|
class nsCSPHashSrc : public nsCSPBaseSrc {
|
|
public:
|
|
nsCSPHashSrc(const nsAString& algo, const nsAString& hash);
|
|
virtual ~nsCSPHashSrc();
|
|
|
|
bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
|
|
inline void getAlgorithm(nsAString& outStr) const {
|
|
outStr.Assign(mAlgorithm);
|
|
};
|
|
|
|
inline void getHash(nsAString& outStr) const { outStr.Assign(mHash); };
|
|
|
|
inline void invalidate() const override {
|
|
// overwrite nsCSPBaseSRC::invalidate() and explicitily
|
|
// do *not* invalidate, because 'strict-dynamic' should
|
|
// not invalidate hashes.
|
|
}
|
|
|
|
private:
|
|
nsString mAlgorithm;
|
|
nsString mHash;
|
|
};
|
|
|
|
/* =============== nsCSPReportURI ============ */
|
|
|
|
class nsCSPReportURI : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPReportURI(nsIURI* aURI);
|
|
virtual ~nsCSPReportURI();
|
|
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
private:
|
|
nsCOMPtr<nsIURI> mReportURI;
|
|
};
|
|
|
|
/* =============== nsCSPSandboxFlags ================== */
|
|
|
|
class nsCSPSandboxFlags : public nsCSPBaseSrc {
|
|
public:
|
|
explicit nsCSPSandboxFlags(const nsAString& aFlags);
|
|
virtual ~nsCSPSandboxFlags();
|
|
|
|
bool visit(nsCSPSrcVisitor* aVisitor) const override;
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
private:
|
|
nsString mFlags;
|
|
};
|
|
|
|
/* =============== nsCSPSrcVisitor ================== */
|
|
|
|
class nsCSPSrcVisitor {
|
|
public:
|
|
virtual bool visitSchemeSrc(const nsCSPSchemeSrc& src) = 0;
|
|
|
|
virtual bool visitHostSrc(const nsCSPHostSrc& src) = 0;
|
|
|
|
virtual bool visitKeywordSrc(const nsCSPKeywordSrc& src) = 0;
|
|
|
|
virtual bool visitNonceSrc(const nsCSPNonceSrc& src) = 0;
|
|
|
|
virtual bool visitHashSrc(const nsCSPHashSrc& src) = 0;
|
|
|
|
protected:
|
|
explicit nsCSPSrcVisitor() = default;
|
|
virtual ~nsCSPSrcVisitor() = default;
|
|
};
|
|
|
|
/* =============== nsCSPDirective ============= */
|
|
|
|
class nsCSPDirective {
|
|
public:
|
|
explicit nsCSPDirective(CSPDirective aDirective);
|
|
virtual ~nsCSPDirective();
|
|
|
|
virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
|
|
bool aWasRedirected, bool aReportOnly,
|
|
bool aUpgradeInsecure, bool aParserCreated) const;
|
|
virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const;
|
|
virtual void toString(nsAString& outStr) const;
|
|
void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
|
|
|
|
virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) {
|
|
mSrcs = aSrcs.Clone();
|
|
}
|
|
|
|
inline bool isDefaultDirective() const {
|
|
return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
|
|
}
|
|
|
|
virtual bool equals(CSPDirective aDirective) const;
|
|
|
|
void getReportURIs(nsTArray<nsString>& outReportURIs) const;
|
|
|
|
bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
|
|
|
|
virtual void getDirName(nsAString& outStr) const;
|
|
|
|
bool hasReportSampleKeyword() const;
|
|
|
|
protected:
|
|
CSPDirective mDirective;
|
|
nsTArray<nsCSPBaseSrc*> mSrcs;
|
|
};
|
|
|
|
/* =============== nsCSPChildSrcDirective ============= */
|
|
|
|
/*
|
|
* In CSP 3 child-src is deprecated. For backwards compatibility
|
|
* child-src needs to restrict:
|
|
* (*) frames, in case frame-src is not expicitly specified
|
|
* (*) workers, in case worker-src is not expicitly specified
|
|
*/
|
|
class nsCSPChildSrcDirective : public nsCSPDirective {
|
|
public:
|
|
explicit nsCSPChildSrcDirective(CSPDirective aDirective);
|
|
virtual ~nsCSPChildSrcDirective();
|
|
|
|
void setRestrictFrames() { mRestrictFrames = true; }
|
|
|
|
void setRestrictWorkers() { mRestrictWorkers = true; }
|
|
|
|
virtual bool equals(CSPDirective aDirective) const override;
|
|
|
|
private:
|
|
bool mRestrictFrames;
|
|
bool mRestrictWorkers;
|
|
};
|
|
|
|
/* =============== nsCSPScriptSrcDirective ============= */
|
|
|
|
/*
|
|
* In CSP 3 worker-src restricts workers, for backwards compatibily
|
|
* script-src has to restrict workers as the ultimate fallback if
|
|
* neither worker-src nor child-src is present in a CSP.
|
|
*/
|
|
class nsCSPScriptSrcDirective : public nsCSPDirective {
|
|
public:
|
|
explicit nsCSPScriptSrcDirective(CSPDirective aDirective);
|
|
virtual ~nsCSPScriptSrcDirective();
|
|
|
|
void setRestrictWorkers() { mRestrictWorkers = true; }
|
|
void setRestrictScriptElem() { mRestrictScriptElem = true; }
|
|
void setRestrictScriptAttr() { mRestrictScriptAttr = true; }
|
|
|
|
bool equals(CSPDirective aDirective) const override;
|
|
|
|
private:
|
|
bool mRestrictWorkers = false;
|
|
bool mRestrictScriptElem = false;
|
|
bool mRestrictScriptAttr = false;
|
|
};
|
|
|
|
/* =============== nsCSPStyleSrcDirective ============= */
|
|
|
|
/*
|
|
* In CSP 3 style-src is use as a fallback for style-src-elem and
|
|
* style-src-attr.
|
|
*/
|
|
class nsCSPStyleSrcDirective : public nsCSPDirective {
|
|
public:
|
|
explicit nsCSPStyleSrcDirective(CSPDirective aDirective);
|
|
virtual ~nsCSPStyleSrcDirective();
|
|
|
|
void setRestrictStyleElem() { mRestrictStyleElem = true; }
|
|
void setRestrictStyleAttr() { mRestrictStyleAttr = true; }
|
|
|
|
bool equals(CSPDirective aDirective) const override;
|
|
|
|
private:
|
|
bool mRestrictStyleElem = false;
|
|
bool mRestrictStyleAttr = false;
|
|
};
|
|
|
|
/* =============== nsBlockAllMixedContentDirective === */
|
|
|
|
class nsBlockAllMixedContentDirective : public nsCSPDirective {
|
|
public:
|
|
explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
|
|
~nsBlockAllMixedContentDirective();
|
|
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override {
|
|
return false;
|
|
}
|
|
|
|
bool permits(nsIURI* aUri) const { return false; }
|
|
|
|
bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const override {
|
|
return false;
|
|
}
|
|
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
|
|
MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
|
|
}
|
|
|
|
void getDirName(nsAString& outStr) const override;
|
|
};
|
|
|
|
/* =============== nsUpgradeInsecureDirective === */
|
|
|
|
/*
|
|
* Upgrading insecure requests includes the following actors:
|
|
* (1) CSP:
|
|
* The CSP implementation allowlists the http-request
|
|
* in case the policy is executed in enforcement mode.
|
|
* The CSP implementation however does not allow http
|
|
* requests to succeed if executed in report-only mode.
|
|
* In such a case the CSP implementation reports the
|
|
* error back to the page.
|
|
*
|
|
* (2) MixedContent:
|
|
* The evalution of MixedContent allowlists all http
|
|
* requests with the promise that the http requests
|
|
* gets upgraded to https before any data is fetched
|
|
* from the network.
|
|
*
|
|
* (3) CORS:
|
|
* Does not consider the http request to be of a
|
|
* different origin in case the scheme is the only
|
|
* difference in otherwise matching URIs.
|
|
*
|
|
* (4) nsHttpChannel:
|
|
* Before connecting, the channel gets redirected
|
|
* to use https.
|
|
*
|
|
* (5) WebSocketChannel:
|
|
* Similar to the httpChannel, the websocketchannel
|
|
* gets upgraded from ws to wss.
|
|
*/
|
|
class nsUpgradeInsecureDirective : public nsCSPDirective {
|
|
public:
|
|
explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
|
|
~nsUpgradeInsecureDirective();
|
|
|
|
bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
|
|
bool aReportOnly, bool aUpgradeInsecure,
|
|
bool aParserCreated) const override {
|
|
return false;
|
|
}
|
|
|
|
bool permits(nsIURI* aUri) const { return false; }
|
|
|
|
bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
|
|
bool aParserCreated) const override {
|
|
return false;
|
|
}
|
|
|
|
void toString(nsAString& outStr) const override;
|
|
|
|
void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
|
|
MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
|
|
}
|
|
|
|
void getDirName(nsAString& outStr) const override;
|
|
};
|
|
|
|
/* =============== nsCSPPolicy ================== */
|
|
|
|
class nsCSPPolicy {
|
|
public:
|
|
nsCSPPolicy();
|
|
virtual ~nsCSPPolicy();
|
|
|
|
bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce,
|
|
bool aWasRedirected, bool aSpecific, bool aParserCreated,
|
|
nsAString& outViolatedDirective) const;
|
|
bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
|
|
const nsAString& aHashOrNonce, bool aParserCreated) const;
|
|
void toString(nsAString& outStr) const;
|
|
void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
|
|
|
|
inline void addDirective(nsCSPDirective* aDir) {
|
|
mDirectives.AppendElement(aDir);
|
|
}
|
|
|
|
inline void addUpgradeInsecDir(nsUpgradeInsecureDirective* aDir) {
|
|
mUpgradeInsecDir = aDir;
|
|
addDirective(aDir);
|
|
}
|
|
|
|
bool hasDirective(CSPDirective aDir) const;
|
|
|
|
inline void setDeliveredViaMetaTagFlag(bool aFlag) {
|
|
mDeliveredViaMetaTag = aFlag;
|
|
}
|
|
|
|
inline bool getDeliveredViaMetaTagFlag() const {
|
|
return mDeliveredViaMetaTag;
|
|
}
|
|
|
|
inline void setReportOnlyFlag(bool aFlag) { mReportOnly = aFlag; }
|
|
|
|
inline bool getReportOnlyFlag() const { return mReportOnly; }
|
|
|
|
void getReportURIs(nsTArray<nsString>& outReportURIs) const;
|
|
|
|
void getDirectiveStringAndReportSampleForContentType(
|
|
CSPDirective aDirective, nsAString& outDirective,
|
|
bool* aReportSample) const;
|
|
|
|
void getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const;
|
|
|
|
uint32_t getSandboxFlags() const;
|
|
|
|
inline uint32_t getNumDirectives() const { return mDirectives.Length(); }
|
|
|
|
bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
|
|
|
|
bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
|
|
bool aEnforceAllowlist) const;
|
|
|
|
private:
|
|
nsUpgradeInsecureDirective* mUpgradeInsecDir;
|
|
nsTArray<nsCSPDirective*> mDirectives;
|
|
bool mReportOnly;
|
|
bool mDeliveredViaMetaTag;
|
|
};
|
|
|
|
#endif /* nsCSPUtils_h___ */
|