Home | History | Annotate | Download | only in csp 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "config.h"
      6 #include "core/frame/csp/CSPSource.h"
      7 
      8 #include "core/frame/csp/ContentSecurityPolicy.h"
      9 #include "platform/weborigin/KURL.h"
     10 #include "platform/weborigin/KnownPorts.h"
     11 #include "platform/weborigin/SecurityOrigin.h"
     12 #include "wtf/text/WTFString.h"
     13 
     14 namespace blink {
     15 
     16 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, WildcardDisposition hostWildcard, WildcardDisposition portWildcard)
     17     : m_policy(policy)
     18     , m_scheme(scheme)
     19     , m_host(host)
     20     , m_port(port)
     21     , m_path(path)
     22     , m_hostWildcard(hostWildcard)
     23     , m_portWildcard(portWildcard)
     24 {
     25 }
     26 
     27 bool CSPSource::matches(const KURL& url) const
     28 {
     29     if (!schemeMatches(url))
     30         return false;
     31     if (isSchemeOnly())
     32         return true;
     33     return hostMatches(url) && portMatches(url) && pathMatches(url);
     34 }
     35 
     36 bool CSPSource::schemeMatches(const KURL& url) const
     37 {
     38     if (m_scheme.isEmpty())
     39         return m_policy->protocolMatchesSelf(url);
     40     return equalIgnoringCase(url.protocol(), m_scheme);
     41 }
     42 
     43 bool CSPSource::hostMatches(const KURL& url) const
     44 {
     45     const String& host = url.host();
     46     if (equalIgnoringCase(host, m_host))
     47         return true;
     48     return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, false);
     49 
     50 }
     51 
     52 bool CSPSource::pathMatches(const KURL& url) const
     53 {
     54     if (m_path.isEmpty())
     55         return true;
     56 
     57     String path = decodeURLEscapeSequences(url.path());
     58 
     59     if (m_path.endsWith("/"))
     60         return path.startsWith(m_path, false);
     61 
     62     return path == m_path;
     63 }
     64 
     65 bool CSPSource::portMatches(const KURL& url) const
     66 {
     67     if (m_portWildcard == HasWildcard)
     68         return true;
     69 
     70     int port = url.port();
     71 
     72     if (port == m_port)
     73         return true;
     74 
     75     if (!port)
     76         return isDefaultPortForProtocol(m_port, url.protocol());
     77 
     78     if (!m_port)
     79         return isDefaultPortForProtocol(port, url.protocol());
     80 
     81     return false;
     82 }
     83 
     84 bool CSPSource::isSchemeOnly() const
     85 {
     86     return m_host.isEmpty();
     87 }
     88 
     89 } // namespace
     90