Home | History | Annotate | Download | only in csp 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CSPSourceList_h
      6 #define CSPSourceList_h
      7 
      8 #include "core/frame/csp/CSPSource.h"
      9 #include "platform/Crypto.h"
     10 #include "platform/network/ContentSecurityPolicyParsers.h"
     11 #include "wtf/HashSet.h"
     12 #include "wtf/text/WTFString.h"
     13 
     14 namespace WebCore {
     15 
     16 class ContentSecurityPolicy;
     17 class KURL;
     18 
     19 class CSPSourceList {
     20     WTF_MAKE_NONCOPYABLE(CSPSourceList);
     21 public:
     22     CSPSourceList(ContentSecurityPolicy*, const String& directiveName);
     23 
     24     void parse(const UChar* begin, const UChar* end);
     25 
     26     bool matches(const KURL&) const;
     27     bool allowInline() const;
     28     bool allowEval() const;
     29     bool allowNonce(const String&) const;
     30     bool allowHash(const CSPHashValue&) const;
     31     uint8_t hashAlgorithmsUsed() const;
     32 
     33     bool isHashOrNoncePresent() const;
     34 
     35 private:
     36     bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, String& path, bool& hostHasWildcard, bool& portHasWildcard);
     37     bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
     38     bool parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard);
     39     bool parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard);
     40     bool parsePath(const UChar* begin, const UChar* end, String& path);
     41     bool parseNonce(const UChar* begin, const UChar* end, String& nonce);
     42     bool parseHash(const UChar* begin, const UChar* end, DigestValue& hash, ContentSecurityPolicyHashAlgorithm&);
     43 
     44     void addSourceSelf();
     45     void addSourceStar();
     46     void addSourceUnsafeInline();
     47     void addSourceUnsafeEval();
     48     void addSourceNonce(const String& nonce);
     49     void addSourceHash(const ContentSecurityPolicyHashAlgorithm&, const DigestValue& hash);
     50 
     51     ContentSecurityPolicy* m_policy;
     52     Vector<CSPSource> m_list;
     53     String m_directiveName;
     54     bool m_allowStar;
     55     bool m_allowInline;
     56     bool m_allowEval;
     57     HashSet<String> m_nonces;
     58     HashSet<CSPHashValue> m_hashes;
     59     uint8_t m_hashAlgorithmsUsed;
     60 };
     61 
     62 
     63 } // namespace WebCore
     64 
     65 #endif
     66