bool
nsCSPHashSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPHashSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
CSP_EnumToKeyword(aKeyword), NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
if (aKeyword != CSP_HASH) {
return false;
}
// Convert aHashOrNonce to UTF-8
NS_ConvertUTF16toUTF8 utf8_hash(aHashOrNonce);
nsresult rv;
nsCOMPtr<nsICryptoHash> hasher;
hasher = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
NS_ENSURE_SUCCESS(rv, false);
rv = hasher->InitWithString(NS_ConvertUTF16toUTF8(mAlgorithm));
NS_ENSURE_SUCCESS(rv, false);
rv = hasher->Update((uint8_t *)utf8_hash.get(), utf8_hash.Length());
NS_ENSURE_SUCCESS(rv, false);
nsAutoCString hash;
rv = hasher->Finish(true, hash);
NS_ENSURE_SUCCESS(rv, false);
// The NSS Base64 encoder automatically adds linebreaks "\r\n" every 64
// characters. We need to remove these so we can properly validate longer
// (SHA-512) base64-encoded hashes
hash.StripChars("\r\n");
return NS_ConvertUTF16toUTF8(mHash).Equals(hash);
}
bool
nsCSPKeywordSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPKeywordSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
CSP_EnumToKeyword(aKeyword), NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
return mKeyword == aKeyword;
}
void
nsCSPNonceSrc::toString(nsAString& outStr) const
{
outStr.AppendASCII(CSP_EnumToKeyword(CSP_NONCE));
outStr.Append(mNonce);
outStr.AppendASCII("'");
}
// ::allows is only called for inlined loads, therefore:
// nsCSPSchemeSrc, nsCSPHostSrc fall back
// to this base class implementation which will never allow the load.
bool
nsCSPBaseSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPBaseSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
aKeyword == CSP_HASH ? "hash" : CSP_EnumToKeyword(aKeyword),
NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
return false;
}
void
nsCSPKeywordSrc::toString(nsAString& outStr) const
{
if (mInvalidated) {
MOZ_ASSERT(mKeyword == CSP_UNSAFE_INLINE,
"can only ignore 'unsafe-inline' within toString()");
return;
}
outStr.AppendASCII(CSP_EnumToKeyword(mKeyword));
}
bool
nsCSPNonceSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPNonceSrc::allows, aKeyWord: %s, a HashOrNonce: %s",
CSP_EnumToKeyword(aKeyword), NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
if (aKeyword != CSP_NONCE) {
return false;
}
return mNonce.Equals(aHashOrNonce);
}
bool
nsCSPDirective::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPDirective::allows, aKeyWord: %s, a HashOrNonce: %s",
CSP_EnumToKeyword(aKeyword), NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
for (uint32_t i = 0; i < mSrcs.Length(); i++) {
if (mSrcs[i]->allows(aKeyword, aHashOrNonce)) {
return true;
}
}
return false;
}
bool
nsCSPKeywordSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPKeywordSrc::allows, aKeyWord: %s, aHashOrNonce: %s, mInvalidated: %s",
CSP_EnumToKeyword(aKeyword),
NS_ConvertUTF16toUTF8(aHashOrNonce).get(),
mInvalidated ? "yes" : "false"));
// if unsafe-inline should be ignored, then bail early
if (mInvalidated) {
NS_ASSERTION(mKeyword == CSP_UNSAFE_INLINE,
"should only invalidate unsafe-inline within script-src");
return false;
}
return mKeyword == aKeyword;
}
bool
nsCSPPolicy::allows(nsContentPolicyType aContentType,
enum CSPKeyword aKeyword,
const nsAString& aHashOrNonce) const
{
CSPUTILSLOG(("nsCSPPolicy::allows, aKeyWord: %s, a HashOrNonce: %s",
CSP_EnumToKeyword(aKeyword), NS_ConvertUTF16toUTF8(aHashOrNonce).get()));
nsCSPDirective* defaultDir = nullptr;
// Try to find a matching directive
for (uint32_t i = 0; i < mDirectives.Length(); i++) {
if (mDirectives[i]->restrictsContentType(aContentType)) {
if (mDirectives[i]->allows(aKeyword, aHashOrNonce)) {
return true;
}
return false;
}
if (mDirectives[i]->isDefaultDirective()) {
defaultDir = mDirectives[i];
}
}
// {nonce,hash}-source should not consult default-src:
// * return false if default-src is specified
// * but allow the load if default-src is *not* specified (Bug 1198422)
if (aKeyword == CSP_NONCE || aKeyword == CSP_HASH) {
if (!defaultDir) {
return true;
}
return false;
}
// If the above loop runs through, we haven't found a matching directive.
// Avoid relooping, just store the result of default-src while looping.
if (defaultDir) {
return defaultDir->allows(aKeyword, aHashOrNonce);
}
// Allowing the load; see Bug 885433
// a) inline scripts (also unsafe eval) should only be blocked
// if there is a [script-src] or [default-src]
// b) inline styles should only be blocked
// if there is a [style-src] or [default-src]
return true;
}
void
nsCSPKeywordSrc::toString(nsAString& outStr) const
{
outStr.AppendASCII(CSP_EnumToKeyword(mKeyword));
}
bool
CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey)
{
return aValue.LowerCaseEqualsASCII(CSP_EnumToKeyword(aKey));
}
