From 8dd16259287f58f9273002717ec4d27e97127719 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 07:43:14 +0200 Subject: Merging upstream version 127.0. Signed-off-by: Daniel Baumann --- dom/security/nsCSPUtils.cpp | 85 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 76 insertions(+), 9 deletions(-) (limited to 'dom/security/nsCSPUtils.cpp') diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index 11d09909f7..f4aecfaf44 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -23,6 +23,7 @@ #include "nsServiceManagerUtils.h" #include "nsWhitespaceTokenizer.h" +#include "mozilla/Assertions.h" #include "mozilla/Components.h" #include "mozilla/dom/CSPDictionariesBinding.h" #include "mozilla/dom/Document.h" @@ -243,6 +244,20 @@ void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName, console->LogMessage(error); } +CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) { + nsString lowerDir = PromiseFlatString(aDir); + ToLowerCase(lowerDir); + + uint32_t numDirs = (sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0])); + + for (uint32_t i = 1; i < numDirs; i++) { + if (lowerDir.EqualsASCII(CSPStrDirectives[i])) { + return static_cast(i); + } + } + return nsIContentSecurityPolicy::NO_DIRECTIVE; +} + /** * Combines CSP_LogMessage and CSP_GetLocalizedStr into one call. */ @@ -997,6 +1012,41 @@ void nsCSPSandboxFlags::toString(nsAString& outStr) const { outStr.Append(mFlags); } +/* ===== nsCSPRequireTrustedTypesForDirectiveValue ===================== */ + +nsCSPRequireTrustedTypesForDirectiveValue:: + nsCSPRequireTrustedTypesForDirectiveValue(const nsAString& aValue) + : mValue{aValue} {} + +bool nsCSPRequireTrustedTypesForDirectiveValue::visit( + nsCSPSrcVisitor* aVisitor) const { + MOZ_ASSERT_UNREACHABLE( + "This method should only be called for other overloads of this method."); + return false; +} + +void nsCSPRequireTrustedTypesForDirectiveValue::toString( + nsAString& aOutStr) const { + aOutStr.Append(mValue); +} + +/* =============== nsCSPTrustedTypesDirectivePolicyName =============== */ + +nsCSPTrustedTypesDirectivePolicyName::nsCSPTrustedTypesDirectivePolicyName( + const nsAString& aName) + : mName{aName} {} + +bool nsCSPTrustedTypesDirectivePolicyName::visit( + nsCSPSrcVisitor* aVisitor) const { + MOZ_ASSERT_UNREACHABLE( + "Should only be called for other overloads of this method."); + return false; +} + +void nsCSPTrustedTypesDirectivePolicyName::toString(nsAString& aOutStr) const { + aOutStr.Append(mName); +} + /* ===== nsCSPDirective ====================== */ nsCSPDirective::nsCSPDirective(CSPDirective aDirective) { @@ -1279,6 +1329,9 @@ bool nsCSPDirective::allowsAllInlineBehavior(CSPDirective aDir) const { void nsCSPDirective::toString(nsAString& outStr) const { // Append directive name outStr.AppendASCII(CSP_CSPDirectiveToString(mDirective)); + + MOZ_ASSERT(!mSrcs.IsEmpty()); + outStr.AppendLiteral(" "); // Append srcs @@ -1414,6 +1467,21 @@ void nsCSPDirective::toDomCSPStruct(mozilla::dom::CSP& outCSP) const { outCSP.mScript_src_attr.Value() = std::move(srcs); return; + case nsIContentSecurityPolicy::REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE: + outCSP.mRequire_trusted_types_for.Construct(); + + // Here, the srcs represent the sink group + // (https://w3c.github.io/trusted-types/dist/spec/#integration-with-content-security-policy). + outCSP.mRequire_trusted_types_for.Value() = std::move(srcs); + return; + + case nsIContentSecurityPolicy::TRUSTED_TYPES_DIRECTIVE: + outCSP.mTrusted_types.Construct(); + // Here, "srcs" represents tt-expressions + // (https://w3c.github.io/trusted-types/dist/spec/#trusted-types-csp-directive). + outCSP.mTrusted_types.Value() = std::move(srcs); + return; + default: NS_ASSERTION(false, "cannot find directive to convert CSP to JSON"); } @@ -1693,24 +1761,23 @@ bool nsCSPPolicy::allowsAllInlineBehavior(CSPDirective aDir) const { /* * Use this function only after ::allows() returned 'false'. Most and * foremost it's used to get the violated directive before sending reports. - * The parameter outDirective is the equivalent of 'outViolatedDirective' + * The parameter aDirectiveName is the equivalent of 'outViolatedDirective' * for the ::permits() function family. */ -void nsCSPPolicy::getViolatedDirectiveInformation(CSPDirective aDirective, - nsAString& outDirective, - nsAString& outDirectiveString, - bool* aReportSample) const { +void nsCSPPolicy::getViolatedDirectiveInformation( + CSPDirective aDirective, nsAString& aDirectiveName, + nsAString& aDirectiveNameAndValue, bool* aReportSample) const { *aReportSample = false; nsCSPDirective* directive = matchingOrDefaultDirective(aDirective); if (!directive) { MOZ_ASSERT_UNREACHABLE("Can not query violated directive"); - outDirective.AppendLiteral("couldNotQueryViolatedDirective"); - outDirective.Truncate(); + aDirectiveName.Truncate(); + aDirectiveNameAndValue.Truncate(); return; } - directive->getDirName(outDirective); - directive->toString(outDirectiveString); + directive->getDirName(aDirectiveName); + directive->toString(aDirectiveNameAndValue); *aReportSample = directive->hasReportSampleKeyword(); } -- cgit v1.2.3