[ tor-browser ].git.dasho

WorkerCSPContext.cpp (3100B)
      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "WorkerCSPContext.h"
      6 
      7 #include "mozilla/StaticPrefs_dom.h"
      8 #include "mozilla/dom/WorkerCommon.h"
      9 #include "mozilla/dom/WorkerPrivate.h"
     10 #include "mozilla/dom/nsCSPParser.h"
     11 #include "mozilla/dom/nsCSPUtils.h"
     12 #include "mozilla/ipc/BackgroundUtils.h"
     13 #include "nsNetUtil.h"
     14 
     15 namespace mozilla::dom {
     16 
     17 /* static */
     18 Result<UniquePtr<WorkerCSPContext>, nsresult> WorkerCSPContext::CreateFromCSP(
     19    nsIContentSecurityPolicy* aCSP) {
     20  AssertIsOnMainThread();
     21 
     22  mozilla::ipc::CSPInfo cspInfo;
     23  nsresult rv = CSPToCSPInfo(aCSP, &cspInfo);
     24  if (NS_FAILED(rv)) {
     25    return Err(rv);
     26  }
     27  return MakeUnique<WorkerCSPContext>(std::move(cspInfo));
     28 }
     29 
     30 const nsTArray<UniquePtr<const nsCSPPolicy>>& WorkerCSPContext::Policies() {
     31  EnsureIPCPoliciesRead();
     32  return mPolicies;
     33 }
     34 
     35 bool WorkerCSPContext::IsEvalAllowed(bool& aReportViolation) {
     36  MOZ_ASSERT(!aReportViolation);
     37 
     38  bool trustedTypesRequired =
     39      (mCSPInfo.requireTrustedTypesForDirectiveState() ==
     40       RequireTrustedTypesForDirectiveState::ENFORCE);
     41 
     42  for (const UniquePtr<const nsCSPPolicy>& policy : Policies()) {
     43    if (!(trustedTypesRequired &&
     44          policy->allows(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
     45                         CSP_TRUSTED_TYPES_EVAL, u""_ns)) &&
     46        !policy->allows(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
     47                        CSP_UNSAFE_EVAL, u""_ns)) {
     48      aReportViolation = true;
     49      if (!policy->getReportOnlyFlag()) {
     50        return false;
     51      }
     52    }
     53  }
     54  return true;
     55 }
     56 
     57 bool WorkerCSPContext::IsWasmEvalAllowed(bool& aReportViolation) {
     58  MOZ_ASSERT(!aReportViolation);
     59  for (const UniquePtr<const nsCSPPolicy>& policy : Policies()) {
     60    // Either 'unsafe-eval' or 'wasm-unsafe-eval' can allow this
     61    if (!policy->allows(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
     62                        CSP_WASM_UNSAFE_EVAL, u""_ns) &&
     63        !policy->allows(nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE,
     64                        CSP_UNSAFE_EVAL, u""_ns)) {
     65      aReportViolation = true;
     66      if (!policy->getReportOnlyFlag()) {
     67        return false;
     68      }
     69    }
     70  }
     71  return true;
     72 }
     73 
     74 void WorkerCSPContext::EnsureIPCPoliciesRead() {
     75  MOZ_DIAGNOSTIC_ASSERT(!!GetCurrentThreadWorkerPrivate());
     76 
     77  if (!mPolicies.IsEmpty() || mCSPInfo.policyInfos().IsEmpty()) {
     78    return;
     79  }
     80 
     81  nsCOMPtr<nsIURI> selfURI;
     82  if (NS_WARN_IF(NS_FAILED(
     83          NS_NewURI(getter_AddRefs(selfURI), mCSPInfo.selfURISpec())))) {
     84    return;
     85  }
     86 
     87  for (const auto& policy : mCSPInfo.policyInfos()) {
     88    UniquePtr<const nsCSPPolicy> cspPolicy(
     89        nsCSPParser::parseContentSecurityPolicy(
     90            policy.policy(), selfURI, policy.reportOnlyFlag(), nullptr,
     91            policy.deliveredViaMetaTagFlag(),
     92            /* aSuppressLogMessages */ true));
     93    if (cspPolicy) {
     94      mPolicies.AppendElement(std::move(cspPolicy));
     95    }
     96  }
     97 }
     98 
     99 }  // namespace mozilla::dom
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE