/src/mozilla-central/dom/security/nsCSPContext.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsCSPContext_h___
#define nsCSPContext_h___

#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/SecurityPolicyViolationEvent.h"
#include "mozilla/StaticPrefs.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsIClassInfo.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIInterfaceRequestor.h"
#include "nsISerializable.h"
#include "nsIStreamListener.h"
#include "nsWeakReference.h"
#include "nsXPCOM.h"

#define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
 // 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
#define NS_CSPCONTEXT_CID \
{ 0x09d9ed1a, 0xe5d4, 0x4004, \
  { 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac } }

class nsINetworkInterceptController;
class nsIEventTarget;
struct ConsoleMsgQueueElem;

namespace mozilla {
namespace dom {
class Element;
}
}

class nsCSPContext : public nsIContentSecurityPolicy
{
  public:
    NS_DECL_ISUPPORTS
    NS_DECL_NSICONTENTSECURITYPOLICY
    NS_DECL_NSISERIALIZABLE

  protected:
    virtual ~nsCSPContext();

  public:
    nsCSPContext();

    /**
     * SetRequestContext() needs to be called before the innerWindowID
     * is initialized on the document. Use this function to call back to
     * flush queued up console messages and initalize the innerWindowID.
     */
    void flushConsoleMessages();

    void logToConsole(const char* aName,
                      const char16_t** aParams,
                      uint32_t aParamsLength,
                      const nsAString& aSourceName,
                      const nsAString& aSourceLine,
                      uint32_t aLineNumber,
                      uint32_t aColumnNumber,
                      uint32_t aSeverityFlag);



    /**
     * Construct SecurityPolicyViolationEventInit structure.
     *
     * @param aBlockedURI
     *        A nsIURI: the source of the violation.
     * @param aOriginalUri
     *        The original URI if the blocked content is a redirect, else null
     * @param aViolatedDirective
     *        the directive that was violated (string).
     * @param aSourceFile
     *        name of the file containing the inline script violation
     * @param aScriptSample
     *        a sample of the violating inline script
     * @param aLineNum
     *        source line number of the violation (if available)
     * @param aColumnNum
     *        source column number of the violation (if available)
     * @param aViolationEventInit
     *        The output
     */
    nsresult GatherSecurityPolicyViolationEventData(
      nsIURI* aBlockedURI,
      const nsACString& aBlockedString,
      nsIURI* aOriginalURI,
      nsAString& aViolatedDirective,
      uint32_t aViolatedPolicyIndex,
      nsAString& aSourceFile,
      nsAString& aScriptSample,
      uint32_t aLineNum,
      uint32_t aColumnNum,
      mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);

    nsresult SendReports(
      const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit,
      uint32_t aViolatedPolicyIndex);

    nsresult FireViolationEvent(
      mozilla::dom::Element* aTriggeringElement,
      const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);

    enum BlockedContentSource
    {
      eUnknown,
      eInline,
      eEval,
      eSelf,
    };

    nsresult AsyncReportViolation(mozilla::dom::Element* aTriggeringElement,
                                  nsIURI* aBlockedURI,
                                  BlockedContentSource aBlockedContentSource,
                                  nsIURI* aOriginalURI,
                                  const nsAString& aViolatedDirective,
                                  uint32_t aViolatedPolicyIndex,
                                  const nsAString& aObserverSubject,
                                  const nsAString& aSourceFile,
                                  const nsAString& aScriptSample,
                                  uint32_t aLineNum,
                                  uint32_t aColumnNum);

    // Hands off! Don't call this method unless you know what you
    // are doing. It's only supposed to be called from within
    // the principal destructor to avoid a tangling pointer.
    void clearLoadingPrincipal() {
      mLoadingPrincipal = nullptr;
    }

    nsWeakPtr GetLoadingContext(){
      return mLoadingContext;
    }

    static uint32_t ScriptSampleMaxLength()
    {
      return std::max(
        mozilla::StaticPrefs::security_csp_reporting_script_sample_max_length(),
        0);
    }

  private:
    bool permitsInternal(CSPDirective aDir,
                         mozilla::dom::Element* aTriggeringElement,
                         nsIURI* aContentLocation,
                         nsIURI* aOriginalURIIfRedirect,
                         const nsAString& aNonce,
                         bool aIsPreload,
                         bool aSpecific,
                         bool aSendViolationReports,
                         bool aSendContentLocationInViolationReports,
                         bool aParserCreated);

    // helper to report inline script/style violations
    void reportInlineViolation(nsContentPolicyType aContentType,
                               mozilla::dom::Element* aTriggeringElement,
                               const nsAString& aNonce,
                               const nsAString& aContent,
                               const nsAString& aViolatedDirective,
                               uint32_t aViolatedPolicyIndex,
                               uint32_t aLineNumber,
                               uint32_t aColumnNumber);

    nsString                                   mReferrer;
    uint64_t                                   mInnerWindowID; // used for web console logging
    nsTArray<nsCSPPolicy*>                     mPolicies;
    nsCOMPtr<nsIURI>                           mSelfURI;
    nsCOMPtr<nsILoadGroup>                     mCallingChannelLoadGroup;
    nsWeakPtr                                  mLoadingContext;
    // The CSP hangs off the principal, so let's store a raw pointer of the principal
    // to avoid memory leaks. Within the destructor of the principal we explicitly
    // set mLoadingPrincipal to null.
    nsIPrincipal*                              mLoadingPrincipal;
    nsCOMPtr<nsICSPEventListener>              mEventListener;

    // helper members used to queue up web console messages till
    // the windowID becomes available. see flushConsoleMessages()
    nsTArray<ConsoleMsgQueueElem>              mConsoleMsgQueue;
    bool                                       mQueueUpMessages;
    nsCOMPtr<nsIEventTarget>                   mEventTarget;
};

// Class that listens to violation report transmission and logs errors.
class CSPViolationReportListener : public nsIStreamListener
{
  public:
    NS_DECL_NSISTREAMLISTENER
    NS_DECL_NSIREQUESTOBSERVER
    NS_DECL_ISUPPORTS

  public:
    CSPViolationReportListener();

  protected:
    virtual ~CSPViolationReportListener();
};

// The POST of the violation report (if it happens) should not follow
// redirects, per the spec. hence, we implement an nsIChannelEventSink
// with an object so we can tell XHR to abort if a redirect happens.
class CSPReportRedirectSink final : public nsIChannelEventSink,
                                    public nsIInterfaceRequestor
{
  public:
    NS_DECL_NSICHANNELEVENTSINK
    NS_DECL_NSIINTERFACEREQUESTOR
    NS_DECL_ISUPPORTS

  public:
    CSPReportRedirectSink();

    void SetInterceptController(nsINetworkInterceptController* aInterceptController);

  protected:
    virtual ~CSPReportRedirectSink();

  private:
    nsCOMPtr<nsINetworkInterceptController> mInterceptController;
};

#endif /* nsCSPContext_h___ */

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef nsCSPContext_h___
8		#define nsCSPContext_h___
9
10		#include "mozilla/dom/nsCSPUtils.h"
11		#include "mozilla/dom/SecurityPolicyViolationEvent.h"
12		#include "mozilla/StaticPrefs.h"
13		#include "nsIChannel.h"
14		#include "nsIChannelEventSink.h"
15		#include "nsIClassInfo.h"
16		#include "nsIContentSecurityPolicy.h"
17		#include "nsIInterfaceRequestor.h"
18		#include "nsISerializable.h"
19		#include "nsIStreamListener.h"
20		#include "nsWeakReference.h"
21		#include "nsXPCOM.h"
22
23	5.77k	#define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
24		// 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
25		#define NS_CSPCONTEXT_CID \
26		{ 0x09d9ed1a, 0xe5d4, 0x4004, \
27		{ 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac } }
28
29		class nsINetworkInterceptController;
30		class nsIEventTarget;
31		struct ConsoleMsgQueueElem;
32
33		namespace mozilla {
34		namespace dom {
35		class Element;
36		}
37		}
38
39		class nsCSPContext : public nsIContentSecurityPolicy
40		{
41		public:
42		NS_DECL_ISUPPORTS
43		NS_DECL_NSICONTENTSECURITYPOLICY
44		NS_DECL_NSISERIALIZABLE
45
46		protected:
47		virtual ~nsCSPContext();
48
49		public:
50		nsCSPContext();
51
52		/**
53		* SetRequestContext() needs to be called before the innerWindowID
54		* is initialized on the document. Use this function to call back to
55		* flush queued up console messages and initalize the innerWindowID.
56		*/
57		void flushConsoleMessages();
58
59		void logToConsole(const char* aName,
60		const char16_t** aParams,
61		uint32_t aParamsLength,
62		const nsAString& aSourceName,
63		const nsAString& aSourceLine,
64		uint32_t aLineNumber,
65		uint32_t aColumnNumber,
66		uint32_t aSeverityFlag);
67
68
69
70		/**
71		* Construct SecurityPolicyViolationEventInit structure.
72		*
73		* @param aBlockedURI
74		* A nsIURI: the source of the violation.
75		* @param aOriginalUri
76		* The original URI if the blocked content is a redirect, else null
77		* @param aViolatedDirective
78		* the directive that was violated (string).
79		* @param aSourceFile
80		* name of the file containing the inline script violation
81		* @param aScriptSample
82		* a sample of the violating inline script
83		* @param aLineNum
84		* source line number of the violation (if available)
85		* @param aColumnNum
86		* source column number of the violation (if available)
87		* @param aViolationEventInit
88		* The output
89		*/
90		nsresult GatherSecurityPolicyViolationEventData(
91		nsIURI* aBlockedURI,
92		const nsACString& aBlockedString,
93		nsIURI* aOriginalURI,
94		nsAString& aViolatedDirective,
95		uint32_t aViolatedPolicyIndex,
96		nsAString& aSourceFile,
97		nsAString& aScriptSample,
98		uint32_t aLineNum,
99		uint32_t aColumnNum,
100		mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);
101
102		nsresult SendReports(
103		const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit,
104		uint32_t aViolatedPolicyIndex);
105
106		nsresult FireViolationEvent(
107		mozilla::dom::Element* aTriggeringElement,
108		const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);
109
110		enum BlockedContentSource
111		{
112		eUnknown,
113		eInline,
114		eEval,
115		eSelf,
116		};
117
118		nsresult AsyncReportViolation(mozilla::dom::Element* aTriggeringElement,
119		nsIURI* aBlockedURI,
120		BlockedContentSource aBlockedContentSource,
121		nsIURI* aOriginalURI,
122		const nsAString& aViolatedDirective,
123		uint32_t aViolatedPolicyIndex,
124		const nsAString& aObserverSubject,
125		const nsAString& aSourceFile,
126		const nsAString& aScriptSample,
127		uint32_t aLineNum,
128		uint32_t aColumnNum);
129
130		// Hands off! Don't call this method unless you know what you
131		// are doing. It's only supposed to be called from within
132		// the principal destructor to avoid a tangling pointer.
133		void clearLoadingPrincipal() {
134		mLoadingPrincipal = nullptr;
135		}
136
137	580	nsWeakPtr GetLoadingContext(){
138	580	return mLoadingContext;
139	580	}
140
141		static uint32_t ScriptSampleMaxLength()
142	0	{
143	0	return std::max(
144	0	mozilla::StaticPrefs::security_csp_reporting_script_sample_max_length(),
145	0	0);
146	0	}
147
148		private:
149		bool permitsInternal(CSPDirective aDir,
150		mozilla::dom::Element* aTriggeringElement,
151		nsIURI* aContentLocation,
152		nsIURI* aOriginalURIIfRedirect,
153		const nsAString& aNonce,
154		bool aIsPreload,
155		bool aSpecific,
156		bool aSendViolationReports,
157		bool aSendContentLocationInViolationReports,
158		bool aParserCreated);
159
160		// helper to report inline script/style violations
161		void reportInlineViolation(nsContentPolicyType aContentType,
162		mozilla::dom::Element* aTriggeringElement,
163		const nsAString& aNonce,
164		const nsAString& aContent,
165		const nsAString& aViolatedDirective,
166		uint32_t aViolatedPolicyIndex,
167		uint32_t aLineNumber,
168		uint32_t aColumnNumber);
169
170		nsString mReferrer;
171		uint64_t mInnerWindowID; // used for web console logging
172		nsTArray<nsCSPPolicy*> mPolicies;
173		nsCOMPtr<nsIURI> mSelfURI;
174		nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup;
175		nsWeakPtr mLoadingContext;
176		// The CSP hangs off the principal, so let's store a raw pointer of the principal
177		// to avoid memory leaks. Within the destructor of the principal we explicitly
178		// set mLoadingPrincipal to null.
179		nsIPrincipal* mLoadingPrincipal;
180		nsCOMPtr<nsICSPEventListener> mEventListener;
181
182		// helper members used to queue up web console messages till
183		// the windowID becomes available. see flushConsoleMessages()
184		nsTArray<ConsoleMsgQueueElem> mConsoleMsgQueue;
185		bool mQueueUpMessages;
186		nsCOMPtr<nsIEventTarget> mEventTarget;
187		};
188
189		// Class that listens to violation report transmission and logs errors.
190		class CSPViolationReportListener : public nsIStreamListener
191		{
192		public:
193		NS_DECL_NSISTREAMLISTENER
194		NS_DECL_NSIREQUESTOBSERVER
195		NS_DECL_ISUPPORTS
196
197		public:
198		CSPViolationReportListener();
199
200		protected:
201		virtual ~CSPViolationReportListener();
202		};
203
204		// The POST of the violation report (if it happens) should not follow
205		// redirects, per the spec. hence, we implement an nsIChannelEventSink
206		// with an object so we can tell XHR to abort if a redirect happens.
207		class CSPReportRedirectSink final : public nsIChannelEventSink,
208		public nsIInterfaceRequestor
209		{
210		public:
211		NS_DECL_NSICHANNELEVENTSINK
212		NS_DECL_NSIINTERFACEREQUESTOR
213		NS_DECL_ISUPPORTS
214
215		public:
216		CSPReportRedirectSink();
217
218		void SetInterceptController(nsINetworkInterceptController* aInterceptController);
219
220		protected:
221		virtual ~CSPReportRedirectSink();
222
223		private:
224		nsCOMPtr<nsINetworkInterceptController> mInterceptController;
225		};
226
227		#endif /* nsCSPContext_h___ */