1 | /* |
2 | * Copyright (C) 2011 Google Inc. All Rights Reserved. |
3 | * Copyright (C) 2017 Apple Inc. All rights reserved. |
4 | * |
5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions |
7 | * are met: |
8 | * 1. Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * 2. Redistributions in binary form must reproduce the above copyright |
11 | * notice, this list of conditions and the following disclaimer in the |
12 | * documentation and/or other materials provided with the distribution. |
13 | * |
14 | * THIS SOFTWARE IS PROVIDED BY GOOGLE, INC. ``AS IS'' AND ANY |
15 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
17 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
18 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
19 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
20 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
21 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
22 | * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
24 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 | * |
26 | */ |
27 | |
28 | #pragma once |
29 | |
30 | #include <memory> |
31 | #include <wtf/Forward.h> |
32 | #include <wtf/OptionSet.h> |
33 | #include <wtf/RefPtr.h> |
34 | |
35 | namespace WebCore { |
36 | |
37 | class SecurityOrigin; |
38 | class SecurityOriginPolicy; |
39 | class ContentSecurityPolicy; |
40 | |
41 | enum SandboxFlag { |
42 | // See http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox for a list of the sandbox flags. |
43 | SandboxNone = 0, |
44 | SandboxNavigation = 1, |
45 | SandboxPlugins = 1 << 1, |
46 | SandboxOrigin = 1 << 2, |
47 | SandboxForms = 1 << 3, |
48 | SandboxScripts = 1 << 4, |
49 | SandboxTopNavigation = 1 << 5, |
50 | SandboxPopups = 1 << 6, // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=12393 |
51 | SandboxAutomaticFeatures = 1 << 7, |
52 | SandboxPointerLock = 1 << 8, |
53 | SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9, |
54 | SandboxTopNavigationByUserActivation = 1 << 10, |
55 | SandboxDocumentDomain = 1 << 11, |
56 | SandboxModals = 1 << 12, |
57 | SandboxStorageAccessByUserActivation = 1 << 13, |
58 | SandboxAll = -1 // Mask with all bits set to 1. |
59 | }; |
60 | |
61 | typedef int SandboxFlags; |
62 | |
63 | class SecurityContext { |
64 | public: |
65 | SandboxFlags sandboxFlags() const { return m_sandboxFlags; } |
66 | ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); } |
67 | |
68 | bool isSecureTransitionTo(const URL&) const; |
69 | |
70 | void enforceSandboxFlags(SandboxFlags mask); |
71 | bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } |
72 | |
73 | SecurityOriginPolicy* securityOriginPolicy() const { return m_securityOriginPolicy.get(); } |
74 | |
75 | // Explicitly override the security origin for this security context. |
76 | // Note: It is dangerous to change the security origin of a script context |
77 | // that already contains content. |
78 | void setSecurityOriginPolicy(RefPtr<SecurityOriginPolicy>&&); |
79 | |
80 | WEBCORE_EXPORT SecurityOrigin* securityOrigin() const; |
81 | |
82 | static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage); |
83 | static bool isSupportedSandboxPolicy(StringView); |
84 | |
85 | enum MixedContentType { |
86 | Inactive = 1 << 0, |
87 | Active = 1 << 1, |
88 | }; |
89 | |
90 | const OptionSet<MixedContentType>& foundMixedContent() const { return m_mixedContentTypes; } |
91 | void setFoundMixedContent(MixedContentType type) { m_mixedContentTypes.add(type); } |
92 | bool geolocationAccessed() const { return m_geolocationAccessed; } |
93 | void setGeolocationAccessed() { m_geolocationAccessed = true; } |
94 | bool secureCookiesAccessed() const { return m_secureCookiesAccessed; } |
95 | void setSecureCookiesAccessed() { m_secureCookiesAccessed = true; } |
96 | |
97 | bool isStrictMixedContentMode() const { return m_isStrictMixedContentMode; } |
98 | void setStrictMixedContentMode(bool strictMixedContentMode) { m_isStrictMixedContentMode = strictMixedContentMode; } |
99 | |
100 | // This method implements the "Is the environment settings object settings a secure context?" algorithm from |
101 | // the Secure Context spec: https://w3c.github.io/webappsec-secure-contexts/#settings-object (Editor's Draft, 17 November 2016) |
102 | virtual bool isSecureContext() const = 0; |
103 | |
104 | protected: |
105 | SecurityContext(); |
106 | virtual ~SecurityContext(); |
107 | |
108 | void setContentSecurityPolicy(std::unique_ptr<ContentSecurityPolicy>); |
109 | |
110 | // It's only appropriate to call this during security context initialization; it's needed for |
111 | // flags that can't be disabled with allow-* attributes, such as SandboxNavigation. |
112 | void disableSandboxFlags(SandboxFlags mask) { m_sandboxFlags &= ~mask; } |
113 | |
114 | void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } |
115 | bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; } |
116 | |
117 | private: |
118 | RefPtr<SecurityOriginPolicy> m_securityOriginPolicy; |
119 | std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy; |
120 | SandboxFlags m_sandboxFlags { SandboxNone }; |
121 | OptionSet<MixedContentType> m_mixedContentTypes; |
122 | bool m_haveInitializedSecurityOrigin { false }; |
123 | bool m_geolocationAccessed { false }; |
124 | bool m_secureCookiesAccessed { false }; |
125 | bool m_isStrictMixedContentMode { false }; |
126 | }; |
127 | |
128 | } // namespace WebCore |
129 | |