1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
import os, sys, json, json5, re
import collections
script_directory = os.path.dirname(os.path.abspath(__file__))
template_directory = os.path.abspath(
os.path.join(script_directory, 'template'))
test_root_directory = os.path.abspath(
os.path.join(script_directory, '..', '..', '..'))
def get_template(basename):
with open(os.path.join(template_directory, basename), "r") as f:
return f.read()
def write_file(filename, contents):
with open(filename, "w") as f:
f.write(contents)
def read_nth_line(fp, line_number):
fp.seek(0)
for i, line in enumerate(fp):
if (i + 1) == line_number:
return line
def load_spec_json(path_to_spec):
re_error_location = re.compile('line ([0-9]+) column ([0-9]+)')
with open(path_to_spec, "r") as f:
try:
return json5.load(f, object_pairs_hook=collections.OrderedDict)
except ValueError as ex:
print(ex.message)
match = re_error_location.search(ex.message)
if match:
line_number, column = int(match.group(1)), int(match.group(2))
print(read_nth_line(f, line_number).rstrip())
print(" " * (column - 1) + "^")
sys.exit(1)
class ShouldSkip(Exception):
'''
Raised when the given combination of subresource type, source context type,
delivery type etc. are not supported and we should skip that configuration.
ShouldSkip is expected in normal generator execution (and thus subsequent
generation continues), as we first enumerate a broad range of configurations
first, and later raise ShouldSkip to filter out unsupported combinations.
ShouldSkip is distinguished from other general errors that cause immediate
termination of the generator and require fix.
'''
def __init__(self):
pass
class PolicyDelivery(object):
'''
See `@typedef PolicyDelivery` comments in
`common/security-features/resources/common.sub.js`.
'''
def __init__(self, delivery_type, key, value):
self.delivery_type = delivery_type
self.key = key
self.value = value
def __eq__(self, other):
return type(self) is type(other) and self.__dict__ == other.__dict__
@classmethod
def list_from_json(cls, list, target_policy_delivery,
supported_delivery_types):
# type: (dict, PolicyDelivery, typing.List[str]) -> typing.List[PolicyDelivery]
'''
Parses a JSON object `list` that represents a list of `PolicyDelivery`
and returns a list of `PolicyDelivery`, plus supporting placeholders
(see `from_json()` comments below or
`common/security-features/README.md`).
Can raise `ShouldSkip`.
'''
if list is None:
return []
out = []
for obj in list:
policy_delivery = PolicyDelivery.from_json(
obj, target_policy_delivery, supported_delivery_types)
# Drop entries with null values.
if policy_delivery.value is None:
continue
out.append(policy_delivery)
return out
@classmethod
def from_json(cls, obj, target_policy_delivery, supported_delivery_types):
# type: (dict, PolicyDelivery, typing.List[str]) -> PolicyDelivery
'''
Parses a JSON object `obj` and returns a `PolicyDelivery` object.
In addition to dicts (in the same format as to_json() outputs),
this method accepts the following placeholders:
"policy":
`target_policy_delivery`
"policyIfNonNull":
`target_policy_delivery` if its value is not None.
"anotherPolicy":
A PolicyDelivery that has the same key as
`target_policy_delivery` but a different value.
The delivery type is selected from `supported_delivery_types`.
Can raise `ShouldSkip`.
'''
if obj == "policy":
policy_delivery = target_policy_delivery
elif obj == "nonNullPolicy":
if target_policy_delivery.value is None:
raise ShouldSkip()
policy_delivery = target_policy_delivery
elif obj == "anotherPolicy":
if len(supported_delivery_types) == 0:
raise ShouldSkip()
policy_delivery = target_policy_delivery.get_another_policy(
supported_delivery_types[0])
elif isinstance(obj, dict):
policy_delivery = PolicyDelivery(obj['deliveryType'], obj['key'],
obj['value'])
else:
raise Exception('policy delivery is invalid: ' + obj)
# Omit unsupported combinations of source contexts and delivery type.
if policy_delivery.delivery_type not in supported_delivery_types:
raise ShouldSkip()
return policy_delivery
def to_json(self):
# type: () -> dict
return {
"deliveryType": self.delivery_type,
"key": self.key,
"value": self.value
}
def get_another_policy(self, delivery_type):
# type: (str) -> PolicyDelivery
if self.key == 'referrerPolicy':
# Return 'unsafe-url' (i.e. more unsafe policy than `self.value`)
# as long as possible, to make sure the tests to fail if the
# returned policy is used unexpectedly instead of `self.value`.
# Using safer policy wouldn't be distinguishable from acceptable
# arbitrary policy enforcement by user agents, as specified at
# Step 7 of
# https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer:
# "The user agent MAY alter referrerURL or referrerOrigin at this
# point to enforce arbitrary policy considerations in the
# interests of minimizing data leakage."
# See also the comments at `referrerUrlResolver` in
# `wpt/referrer-policy/generic/test-case.sub.js`.
if self.value != 'unsafe-url':
return PolicyDelivery(delivery_type, self.key, 'unsafe-url')
else:
return PolicyDelivery(delivery_type, self.key, 'no-referrer')
elif self.key == 'mixedContent':
if self.value == 'opt-in':
return PolicyDelivery(delivery_type, self.key, None)
else:
return PolicyDelivery(delivery_type, self.key, 'opt-in')
elif self.key == 'contentSecurityPolicy':
if self.value is not None:
return PolicyDelivery(delivery_type, self.key, None)
else:
return PolicyDelivery(delivery_type, self.key, 'worker-src-none')
elif self.key == 'upgradeInsecureRequests':
if self.value == 'upgrade':
return PolicyDelivery(delivery_type, self.key, None)
else:
return PolicyDelivery(delivery_type, self.key, 'upgrade')
else:
raise Exception('delivery key is invalid: ' + self.key)
class SourceContext(object):
def __init__(self, source_context_type, policy_deliveries):
# type: (unicode, typing.List[PolicyDelivery]) -> None
self.source_context_type = source_context_type
self.policy_deliveries = policy_deliveries
def __eq__(self, other):
return type(self) is type(other) and self.__dict__ == other.__dict__
@classmethod
def from_json(cls, obj, target_policy_delivery, source_context_schema):
'''
Parses a JSON object `obj` and returns a `SourceContext` object.
`target_policy_delivery` and `source_context_schema` are used for
policy delivery placeholders and filtering out unsupported
delivery types.
Can raise `ShouldSkip`.
'''
source_context_type = obj.get('sourceContextType')
policy_deliveries = PolicyDelivery.list_from_json(
obj.get('policyDeliveries'), target_policy_delivery,
source_context_schema['supported_delivery_type']
[source_context_type])
return SourceContext(source_context_type, policy_deliveries)
def to_json(self):
return {
"sourceContextType": self.source_context_type,
"policyDeliveries": [x.to_json() for x in self.policy_deliveries]
}
class CustomEncoder(json.JSONEncoder):
'''
Used to dump dicts containing `SourceContext`/`PolicyDelivery` into JSON.
'''
def default(self, obj):
if isinstance(obj, SourceContext):
return obj.to_json()
if isinstance(obj, PolicyDelivery):
return obj.to_json()
return json.JSONEncoder.default(self, obj)
|