1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CSPSourceList_h 6 #define CSPSourceList_h 7 8 #include "core/frame/csp/CSPSource.h" 9 #include "platform/Crypto.h" 10 #include "platform/network/ContentSecurityPolicyParsers.h" 11 #include "wtf/HashSet.h" 12 #include "wtf/text/WTFString.h" 13 14 namespace WebCore { 15 16 class ContentSecurityPolicy; 17 class KURL; 18 19 class CSPSourceList { 20 WTF_MAKE_NONCOPYABLE(CSPSourceList); 21 public: 22 CSPSourceList(ContentSecurityPolicy*, const String& directiveName); 23 24 void parse(const UChar* begin, const UChar* end); 25 26 bool matches(const KURL&) const; 27 bool allowInline() const; 28 bool allowEval() const; 29 bool allowNonce(const String&) const; 30 bool allowHash(const CSPHashValue&) const; 31 uint8_t hashAlgorithmsUsed() const; 32 33 bool isHashOrNoncePresent() const; 34 35 private: 36 bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, String& path, bool& hostHasWildcard, bool& portHasWildcard); 37 bool parseScheme(const UChar* begin, const UChar* end, String& scheme); 38 bool parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard); 39 bool parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard); 40 bool parsePath(const UChar* begin, const UChar* end, String& path); 41 bool parseNonce(const UChar* begin, const UChar* end, String& nonce); 42 bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, ContentSecurityPolicyHashAlgorithm&); 43 44 void addSourceSelf(); 45 void addSourceStar(); 46 void addSourceUnsafeInline(); 47 void addSourceUnsafeEval(); 48 void addSourceNonce(const String& nonce); 49 void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestValue& hash); 50 51 ContentSecurityPolicy* m_policy; 52 Vector<CSPSource> m_list; 53 String m_directiveName; 54 bool m_allowStar; 55 bool m_allowInline; 56 bool m_allowEval; 57 HashSet<String> m_nonces; 58 HashSet<CSPHashValue> m_hashes; 59 uint8_t m_hashAlgorithmsUsed; 60 }; 61 62 63 } // namespace WebCore 64 65 #endif 66