diff options
Diffstat (limited to 'dom/security/nsCSPContext.cpp')
| -rw-r--r-- | dom/security/nsCSPContext.cpp | 82 |
1 files changed, 46 insertions, 36 deletions
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp index de67e2bf1c..b9675e39fc 100644 --- a/dom/security/nsCSPContext.cpp +++ b/dom/security/nsCSPContext.cpp @@ -6,6 +6,7 @@ #include <string> #include <unordered_set> +#include <utility> #include "nsCOMPtr.h" #include "nsContentPolicyUtils.h" @@ -42,6 +43,7 @@ #include "mozilla/Logging.h" #include "mozilla/Preferences.h" #include "mozilla/StaticPrefs_security.h" +#include "mozilla/Variant.h" #include "mozilla/dom/CSPReportBinding.h" #include "mozilla/dom/CSPDictionariesBinding.h" #include "mozilla/ipc/PBackgroundSharedTypes.h" @@ -741,16 +743,16 @@ nsCSPContext::LogViolationDetails( continue; } - nsAutoString violatedDirective; - nsAutoString violatedDirectiveString; + nsAutoString violatedDirectiveName; + nsAutoString violatedDirectiveNameAndValue; bool reportSample = false; mPolicies[p]->getViolatedDirectiveInformation( - SCRIPT_SRC_DIRECTIVE, violatedDirective, violatedDirectiveString, - &reportSample); + SCRIPT_SRC_DIRECTIVE, violatedDirectiveName, + violatedDirectiveNameAndValue, &reportSample); AsyncReportViolation( aTriggeringElement, aCSPEventListener, nullptr, blockedContentSource, - nullptr, violatedDirective, violatedDirectiveString, + nullptr, violatedDirectiveName, violatedDirectiveNameAndValue, CSPDirective::SCRIPT_SRC_DIRECTIVE /* aEffectiveDirective */, p, observerSubject, aSourceFile, reportSample, aScriptSample, aLineNum, aColumnNum); @@ -965,7 +967,7 @@ void StripURIForReporting(nsIURI* aSelfURI, nsIURI* aURI, } nsresult nsCSPContext::GatherSecurityPolicyViolationEventData( - nsIURI* aBlockedURI, const nsACString& aBlockedString, nsIURI* aOriginalURI, + Resource& aResource, nsIURI* aOriginalURI, const nsAString& aEffectiveDirective, uint32_t aViolatedPolicyIndex, const nsAString& aSourceFile, const nsAString& aScriptSample, uint32_t aLineNum, uint32_t aColumnNum, @@ -988,13 +990,19 @@ nsresult nsCSPContext::GatherSecurityPolicyViolationEventData( CopyUTF8toUTF16(mReferrer, aViolationEventInit.mReferrer); // blocked-uri - if (aBlockedURI) { + // Corresponds to + // <https://w3c.github.io/webappsec-csp/#obtain-violation-blocked-uri>. + if (aResource.is<nsIURI*>()) { nsAutoCString reportBlockedURI; - StripURIForReporting(mSelfURI, aOriginalURI ? aOriginalURI : aBlockedURI, + StripURIForReporting(mSelfURI, + aOriginalURI ? aOriginalURI : aResource.as<nsIURI*>(), aEffectiveDirective, reportBlockedURI); CopyUTF8toUTF16(reportBlockedURI, aViolationEventInit.mBlockedURI); } else { - CopyUTF8toUTF16(aBlockedString, aViolationEventInit.mBlockedURI); + nsAutoCString blockedContentSource; + BlockedContentSourceToString(aResource.as<BlockedContentSource>(), + blockedContentSource); + CopyUTF8toUTF16(blockedContentSource, aViolationEventInit.mBlockedURI); } // effective-directive @@ -1372,8 +1380,8 @@ class CSPReportSenderRunnable final : public Runnable { nsIURI* aBlockedURI, nsCSPContext::BlockedContentSource aBlockedContentSource, nsIURI* aOriginalURI, uint32_t aViolatedPolicyIndex, bool aReportOnlyFlag, - const nsAString& aViolatedDirective, - const nsAString& aViolatedDirectiveString, + const nsAString& aViolatedDirectiveName, + const nsAString& aViolatedDirectiveNameAndValue, const CSPDirective aEffectiveDirective, const nsAString& aObserverSubject, const nsAString& aSourceFile, bool aReportSample, const nsAString& aScriptSample, uint32_t aLineNum, uint32_t aColumnNum, @@ -1387,15 +1395,15 @@ class CSPReportSenderRunnable final : public Runnable { mViolatedPolicyIndex(aViolatedPolicyIndex), mReportOnlyFlag(aReportOnlyFlag), mReportSample(aReportSample), - mViolatedDirective(aViolatedDirective), - mViolatedDirectiveString(aViolatedDirectiveString), + mViolatedDirectiveName(aViolatedDirectiveName), + mViolatedDirectiveNameAndValue(aViolatedDirectiveNameAndValue), mEffectiveDirective(aEffectiveDirective), mSourceFile(aSourceFile), mScriptSample(aScriptSample), mLineNum(aLineNum), mColumnNum(aColumnNum), mCSPContext(aCSPContext) { - NS_ASSERTION(!aViolatedDirective.IsEmpty(), + NS_ASSERTION(!aViolatedDirectiveName.IsEmpty(), "Can not send reports without a violated directive"); // the observer subject is an nsISupports: either an nsISupportsCString // from the arg passed in directly, or if that's empty, it's the blocked @@ -1439,18 +1447,19 @@ class CSPReportSenderRunnable final : public Runnable { // 0) prepare violation data mozilla::dom::SecurityPolicyViolationEventInit init; - nsAutoCString blockedContentSource; - BlockedContentSourceToString(mBlockedContentSource, blockedContentSource); - nsAutoString effectiveDirective; effectiveDirective.AssignASCII( CSP_CSPDirectiveToString(mEffectiveDirective)); + using Resource = nsCSPContext::Resource; + + Resource resource = mBlockedURI ? Resource(mBlockedURI.get()) + : Resource(mBlockedContentSource); + nsresult rv = mCSPContext->GatherSecurityPolicyViolationEventData( - mBlockedURI, blockedContentSource, mOriginalURI, effectiveDirective, - mViolatedPolicyIndex, mSourceFile, - mReportSample ? mScriptSample : EmptyString(), mLineNum, mColumnNum, - init); + resource, mOriginalURI, effectiveDirective, mViolatedPolicyIndex, + mSourceFile, mReportSample ? mScriptSample : EmptyString(), mLineNum, + mColumnNum, init); NS_ENSURE_SUCCESS(rv, rv); // 1) notify observers @@ -1458,7 +1467,7 @@ class CSPReportSenderRunnable final : public Runnable { mozilla::services::GetObserverService(); if (mObserverSubject && observerService) { rv = observerService->NotifyObservers( - mObserverSubject, CSP_VIOLATION_TOPIC, mViolatedDirective.get()); + mObserverSubject, CSP_VIOLATION_TOPIC, mViolatedDirectiveName.get()); NS_ENSURE_SUCCESS(rv, rv); } @@ -1471,7 +1480,7 @@ class CSPReportSenderRunnable final : public Runnable { // 4) fire violation event // A frame-ancestors violation has occurred, but we should not dispatch // the violation event to a potentially cross-origin ancestor. - if (!mViolatedDirective.EqualsLiteral("frame-ancestors")) { + if (!mViolatedDirectiveName.EqualsLiteral("frame-ancestors")) { mCSPContext->FireViolationEvent(mTriggeringElement, mCSPEventListener, init); } @@ -1502,7 +1511,7 @@ class CSPReportSenderRunnable final : public Runnable { : "CSPInlineScriptViolation"; } - AutoTArray<nsString, 2> params = {mViolatedDirectiveString, + AutoTArray<nsString, 2> params = {mViolatedDirectiveNameAndValue, effectiveDirective}; mCSPContext->logToConsole(errorName, params, mSourceFile, mScriptSample, mLineNum, mColumnNum, @@ -1511,7 +1520,7 @@ class CSPReportSenderRunnable final : public Runnable { } case nsCSPContext::BlockedContentSource::eEval: { - AutoTArray<nsString, 2> params = {mViolatedDirectiveString, + AutoTArray<nsString, 2> params = {mViolatedDirectiveNameAndValue, effectiveDirective}; mCSPContext->logToConsole(mReportOnlyFlag ? "CSPROEvalScriptViolation" : "CSPEvalScriptViolation", @@ -1521,7 +1530,7 @@ class CSPReportSenderRunnable final : public Runnable { } case nsCSPContext::BlockedContentSource::eWasmEval: { - AutoTArray<nsString, 2> params = {mViolatedDirectiveString, + AutoTArray<nsString, 2> params = {mViolatedDirectiveNameAndValue, effectiveDirective}; mCSPContext->logToConsole(mReportOnlyFlag ? "CSPROWasmEvalScriptViolation" @@ -1569,8 +1578,8 @@ class CSPReportSenderRunnable final : public Runnable { : "CSPGenericViolation"; } - AutoTArray<nsString, 3> params = {mViolatedDirectiveString, source, - effectiveDirective}; + AutoTArray<nsString, 3> params = {mViolatedDirectiveNameAndValue, + source, effectiveDirective}; mCSPContext->logToConsole(errorName, params, mSourceFile, mScriptSample, mLineNum, mColumnNum, nsIScriptError::errorFlag); @@ -1586,8 +1595,8 @@ class CSPReportSenderRunnable final : public Runnable { uint32_t mViolatedPolicyIndex; bool mReportOnlyFlag; bool mReportSample; - nsString mViolatedDirective; - nsString mViolatedDirectiveString; + nsString mViolatedDirectiveName; + nsString mViolatedDirectiveNameAndValue; CSPDirective mEffectiveDirective; nsCOMPtr<nsISupports> mObserverSubject; nsString mSourceFile; @@ -1609,7 +1618,7 @@ class CSPReportSenderRunnable final : public Runnable { * of the violation. * @param aOriginalUri * The original URI if the blocked content is a redirect, else null - * @param aViolatedDirective + * @param aViolatedDirectiveName * the directive that was violated (string). * @param aViolatedPolicyIndex * the index of the policy that was violated (so we know where to send @@ -1629,8 +1638,8 @@ class CSPReportSenderRunnable final : public Runnable { nsresult nsCSPContext::AsyncReportViolation( Element* aTriggeringElement, nsICSPEventListener* aCSPEventListener, nsIURI* aBlockedURI, BlockedContentSource aBlockedContentSource, - nsIURI* aOriginalURI, const nsAString& aViolatedDirective, - const nsAString& aViolatedDirectiveString, + nsIURI* aOriginalURI, const nsAString& aViolatedDirectiveName, + const nsAString& aViolatedDirectiveNameAndValue, const CSPDirective aEffectiveDirective, uint32_t aViolatedPolicyIndex, const nsAString& aObserverSubject, const nsAString& aSourceFile, bool aReportSample, const nsAString& aScriptSample, uint32_t aLineNum, @@ -1641,9 +1650,10 @@ nsresult nsCSPContext::AsyncReportViolation( nsCOMPtr<nsIRunnable> task = new CSPReportSenderRunnable( aTriggeringElement, aCSPEventListener, aBlockedURI, aBlockedContentSource, aOriginalURI, aViolatedPolicyIndex, - mPolicies[aViolatedPolicyIndex]->getReportOnlyFlag(), aViolatedDirective, - aViolatedDirectiveString, aEffectiveDirective, aObserverSubject, - aSourceFile, aReportSample, aScriptSample, aLineNum, aColumnNum, this); + mPolicies[aViolatedPolicyIndex]->getReportOnlyFlag(), + aViolatedDirectiveName, aViolatedDirectiveNameAndValue, + aEffectiveDirective, aObserverSubject, aSourceFile, aReportSample, + aScriptSample, aLineNum, aColumnNum, this); if (XRE_IsContentProcess()) { if (mEventTarget) { |