Changeset 78569 in webkit


Ignore:
Timestamp:
Feb 15, 2011 8:47:38 AM (13 years ago)
Author:
abarth@webkit.org
Message:

2011-02-15 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Sketch script-src for Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=54381

  • http/tests/security/contentSecurityPolicy/script-loads-with-img-src-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html: Added.
    • Test that we don't block scripts when the policy is just img-src.
  • http/tests/security/contentSecurityPolicy/script-src-in-iframe.html:
  • http/tests/security/contentSecurityPolicy/script-src-none.html:
  • http/tests/security/contentSecurityPolicy/script-src-redirect.html:
    • Turns out we need to escape the ; character in order for it to be echoed back correctly in the header.

2011-02-15 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.

Sketch script-src for Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=54381

This patch provides a sketch of the script-src directive. We still do
not parse the value of the directive, and the wiring into the rest of
WebCore is incorrect, but those are things we can fix in future
patches. For the momemnt, this patch lets us test what we're doing.

Test: http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html

  • page/ContentSecurityPolicy.cpp: (WebCore::CSPDirective::CSPDirective): (WebCore::CSPDirective::allows): (WebCore::ContentSecurityPolicy::didReceiveHeader): (WebCore::ContentSecurityPolicy::canLoadExternalScriptFromSrc): (WebCore::ContentSecurityPolicy::parse): (WebCore::ContentSecurityPolicy::emitDirective):
  • page/ContentSecurityPolicy.h:
Location:
trunk
Files:
2 added
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r78567 r78569  
     12011-02-15  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Sketch script-src for Content Security Policy
     6        https://bugs.webkit.org/show_bug.cgi?id=54381
     7
     8        * http/tests/security/contentSecurityPolicy/script-loads-with-img-src-expected.txt: Added.
     9        * http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html: Added.
     10            - Test that we don't block scripts when the policy is just img-src.
     11        * http/tests/security/contentSecurityPolicy/script-src-in-iframe.html:
     12        * http/tests/security/contentSecurityPolicy/script-src-none.html:
     13        * http/tests/security/contentSecurityPolicy/script-src-redirect.html:
     14            - Turns out we need to escape the ; character in order for it to be
     15              echoed back correctly in the header.
     16
    1172011-02-15  Mario Sanchez Prada  <msanchez@igalia.com>
    218

  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-in-iframe.html

    r78058 r78569  
    1313    Loads an iframe (a) which loads an iframe (b) which in turns tries to load an external script. The iframe (a) has a content security policy disabling external scripts. As this policy does not apply to (b), the script should be executed.
    1414  </p>
    15   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-iframe.pl?q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script-src.html&csp=allow%20*;%20script-src%20'none'"></iframe>
     15  <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-iframe.pl?q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script-src.html&csp=allow%20*%3B%20script-src%20'none'"></iframe>
    1616</body>
    1717</html>

  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-none.html

    r78058 r78569  
    1313    Loads an iframe which in turns tries to load an external script. The iframe has a content security policy disabling external scripts. So the script should not get executed.
    1414  </p>
    15   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*;%20script-src%20'none'"></iframe>
     15  <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'"></iframe>
    1616</body>
    1717</html>

  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-redirect.html

    r78058 r78569  
    1313    Loads an iframe which in turns tries to load an external script. The request for the script is redirected to 'localhost'. The iframe has a content security policy disabling external scripts from hosts other than 'localhost'. So the script should be allowed to run.
    1414  </p>
    15   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&csp=allow%20*;%20script-src%20'localhost'&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php%3furl=http://localhost:8000/security/contentSecurityPolicy/resources/script.js"></iframe>
     15  <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&csp=allow%20*%3B%20script-src%20'localhost'&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redir.php%3furl=http://localhost:8000/security/contentSecurityPolicy/resources/script.js"></iframe>
    1616</body>
    1717</html>

  • trunk/Source/WebCore/ChangeLog

    r78568 r78569  
     12011-02-15  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Eric Seidel.
     4
     5        Sketch script-src for Content Security Policy
     6        https://bugs.webkit.org/show_bug.cgi?id=54381
     7
     8        This patch provides a sketch of the script-src directive.  We still do
     9        not parse the value of the directive, and the wiring into the rest of
     10        WebCore is incorrect, but those are things we can fix in future
     11        patches.  For the momemnt, this patch lets us test what we're doing.
     12
     13        Test: http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html
     14
     15        * page/ContentSecurityPolicy.cpp:
     16        (WebCore::CSPDirective::CSPDirective):
     17        (WebCore::CSPDirective::allows):
     18        (WebCore::ContentSecurityPolicy::didReceiveHeader):
     19        (WebCore::ContentSecurityPolicy::canLoadExternalScriptFromSrc):
     20        (WebCore::ContentSecurityPolicy::parse):
     21        (WebCore::ContentSecurityPolicy::emitDirective):
     22        * page/ContentSecurityPolicy.h:
     23
    1242011-02-15  Antti Koivisto  <antti@apple.com>
    225

  • trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

    r78497 r78569  
    3232class CSPDirective {
    3333public:
    34     CSPDirective(const String& name, const String& value)
    35         : m_name(name)
    36         , m_value(value)
     34    explicit CSPDirective(const String& value)
     35        : m_value(value)
    3736    {
    3837    }
    3938
    40     const String& name() const { return m_name; }
    41     const String& value() const { return m_value; }
     39    bool allows(const KURL&)
     40    {
     41        return false;
     42    }
    4243
    4344private:
    44     String m_name;
    4545    String m_value;
    4646};
    4747
    4848ContentSecurityPolicy::ContentSecurityPolicy()
    49     : m_isEnabled(false)
     49    : m_havePolicy(false)
    5050{
    5151}
     
    5757void ContentSecurityPolicy::didReceiveHeader(const String& header)
    5858{
    59     if (!m_directives.isEmpty())
     59    if (m_havePolicy)
    6060        return; // The first policy wins.
    6161
    62     m_isEnabled = true;
    6362    parse(header);
     63    m_havePolicy = true;
    6464}
    6565
    66 bool ContentSecurityPolicy::canLoadExternalScriptFromSrc(const String&) const
     66bool ContentSecurityPolicy::canLoadExternalScriptFromSrc(const String& url) const
    6767{
    68     return !m_isEnabled;
     68    return !m_scriptSrc || m_scriptSrc->allows(KURL(ParsedURLString, url));
    6969}
    7070
    7171void ContentSecurityPolicy::parse(const String& policy)
    7272{
    73     ASSERT(m_directives.isEmpty());
     73    ASSERT(!m_havePolicy);
    7474
    7575    if (policy.isEmpty())
    7676        return;
     77
     78    const UChar* pos = policy.characters();
     79    const UChar* end = pos + policy.length();
     80
     81    while (pos < end) {
     82        Vector<UChar, 32> name;
     83        Vector<UChar, 64> value;
     84
     85        parseDirective(pos, end, name, value);
     86        if (name.isEmpty())
     87            continue;
     88
     89        // We use a copy here instead of String::adopt because we expect
     90        // the name and the value to be relatively short, so the copy will
     91        // be cheaper than the extra malloc.
     92        emitDirective(String(name), String(value));
     93    }
     94}
     95
     96void ContentSecurityPolicy::parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value)
     97{
     98    ASSERT(pos < end);
     99    ASSERT(name.isEmpty());
     100    ASSERT(value.isEmpty());
    77101
    78102    enum {
     
    82106        DirectiveValue,
    83107    } state = BeforeDirectiveName;
    84 
    85     const UChar* pos = policy.characters();
    86     const UChar* end = pos + policy.length();
    87 
    88     Vector<UChar, 32> name;
    89     Vector<UChar, 64> value;
    90108
    91109    while (pos < end) {
     
    114132                continue;
    115133            }
    116             // We use a copy here instead of String::adopt because we expect
    117             // the name and the value to be relatively short, so the copy will
    118             // be cheaper than the extra malloc.
    119             // FIXME: Perform directive-specific parsing of the value.
    120             m_directives.append(CSPDirective(String(name), String(value)));
    121             name.clear();
    122             value.clear();
    123             state = BeforeDirectiveName;
    124             continue;
     134            return;
    125135        }
    126136    }
    127137}
    128138
     139void ContentSecurityPolicy::emitDirective(const String& name, const String& value)
     140{
     141    DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src"));
     142
     143    ASSERT(!name.isEmpty());
     144
     145    if (!m_scriptSrc && equalIgnoringCase(name, scriptSrc))
     146        m_scriptSrc = adoptPtr(new CSPDirective(value));
    129147}
     148
     149}

  • trunk/Source/WebCore/page/ContentSecurityPolicy.h

    r78497 r78569  
    4444
    4545private:
    46     typedef Vector<CSPDirective> DirectiveList;
     46    void parse(const String&);
     47    void parseDirective(const UChar*& pos, const UChar* end, Vector<UChar, 32>& name, Vector<UChar, 64>& value);
     48    void emitDirective(const String& name, const String& value);
    4749
    48     void parse(const String&);
    49 
    50     bool m_isEnabled;
    51     DirectiveList m_directives;
     50    bool m_havePolicy;
     51    OwnPtr<CSPDirective> m_scriptSrc;
    5252};
    5353
Note: See TracChangeset for help on using the changeset viewer.