Commit 11816a64 authored by Mirko Brodesser's avatar Mirko Brodesser
Browse files

Bug 1893996: part 4) Change some of... 

Bug 1893996: part 4) Change some of `nsCSPContext::GatherSecurityPolicyViolationEventData`'s arguments to a `Variant`. r=tschuster

Clearer and closer to the spec.

Differential Revision: https://phabricator.services.mozilla.com/D208893
parent 1efb63ab

dom/security/nsCSPContext.cpp

+18 −11
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 


#include <string>

#include <unordered_set>

#include <utility>



#include "nsCOMPtr.h"

#include "nsContentPolicyUtils.h"
@@ -42,6 +43,7 @@ 
#include "mozilla/Logging.h"

#include "mozilla/Preferences.h"

#include "mozilla/StaticPrefs_security.h"

#include "mozilla/Variant.h"

#include "mozilla/dom/CSPReportBinding.h"

#include "mozilla/dom/CSPDictionariesBinding.h"

#include "mozilla/ipc/PBackgroundSharedTypes.h"
@@ -965,7 +967,7 @@ void StripURIForReporting(nsIURI* aSelfURI, nsIURI* aURI, 
}



nsresult nsCSPContext::GatherSecurityPolicyViolationEventData(

    nsIURI* aBlockedURI, const nsACString& aBlockedString, nsIURI* aOriginalURI,

    Resource& aResource, nsIURI* aOriginalURI,

    const nsAString& aEffectiveDirective, uint32_t aViolatedPolicyIndex,

    const nsAString& aSourceFile, const nsAString& aScriptSample,

    uint32_t aLineNum, uint32_t aColumnNum,
@@ -990,13 +992,17 @@ nsresult nsCSPContext::GatherSecurityPolicyViolationEventData( 
  // blocked-uri

  // Corresponds to

  // <https://w3c.github.io/webappsec-csp/#obtain-violation-blocked-uri>.

  if (aBlockedURI) {

  if (aResource.is<nsIURI*>()) {

    nsAutoCString reportBlockedURI;

    StripURIForReporting(mSelfURI, aOriginalURI ? aOriginalURI : aBlockedURI,

    StripURIForReporting(mSelfURI,

                         aOriginalURI ? aOriginalURI : aResource.as<nsIURI*>(),

                         aEffectiveDirective, reportBlockedURI);

    CopyUTF8toUTF16(reportBlockedURI, aViolationEventInit.mBlockedURI);

  } else {

    CopyUTF8toUTF16(aBlockedString, aViolationEventInit.mBlockedURI);

    nsAutoCString blockedContentSource;

    BlockedContentSourceToString(aResource.as<BlockedContentSource>(),

                                 blockedContentSource);

    CopyUTF8toUTF16(blockedContentSource, aViolationEventInit.mBlockedURI);

  }



  // effective-directive
@@ -1441,18 +1447,19 @@ class CSPReportSenderRunnable final : public Runnable { 
    // 0) prepare violation data

    mozilla::dom::SecurityPolicyViolationEventInit init;



    nsAutoCString blockedContentSource;

    BlockedContentSourceToString(mBlockedContentSource, blockedContentSource);



    nsAutoString effectiveDirective;

    effectiveDirective.AssignASCII(

        CSP_CSPDirectiveToString(mEffectiveDirective));



    using Resource = nsCSPContext::Resource;



    Resource resource = mBlockedURI ? Resource(mBlockedURI.get())

                                    : Resource(mBlockedContentSource);



    nsresult rv = mCSPContext->GatherSecurityPolicyViolationEventData(

        mBlockedURI, blockedContentSource, mOriginalURI, effectiveDirective,

        mViolatedPolicyIndex, mSourceFile,

        mReportSample ? mScriptSample : EmptyString(), mLineNum, mColumnNum,

        init);

        resource, mOriginalURI, effectiveDirective, mViolatedPolicyIndex,

        mSourceFile, mReportSample ? mScriptSample : EmptyString(), mLineNum,

        mColumnNum, init);

    NS_ENSURE_SUCCESS(rv, rv);



    // 1) notify observers

dom/security/nsCSPContext.h

+20 −14
Original line number Diff line number Diff line
@@ -32,6 +32,8 @@ class nsIEventTarget; 
struct ConsoleMsgQueueElem;



namespace mozilla {

template <typename... Ts>

class Variant;

namespace dom {

class Element;

}
@@ -77,11 +79,23 @@ class nsCSPContext : public nsIContentSecurityPolicy { 
                    uint32_t aLineNumber, uint32_t aColumnNumber,

                    uint32_t aSeverityFlag);



  enum BlockedContentSource {

    eUnknown,

    eInline,

    eEval,

    eSelf,

    eWasmEval,

  };



  // Roughly implements a violation's resource

  // (https://w3c.github.io/webappsec-csp/#framework-violation).

  using Resource = mozilla::Variant<nsIURI*, BlockedContentSource>;



  /**

   * Construct SecurityPolicyViolationEventInit structure.

   *

   * @param aBlockedURI

   *        A nsIURI: the source of the violation.

   * @param aResource

   *        The source of the violation.

   * @param aOriginalUri

   *        The original URI if the blocked content is a redirect, else null

   * @param aViolatedDirective
@@ -98,10 +112,10 @@ class nsCSPContext : public nsIContentSecurityPolicy { 
   *        The output

   */

  nsresult GatherSecurityPolicyViolationEventData(

      nsIURI* aBlockedURI, const nsACString& aBlockedString,

      nsIURI* aOriginalURI, const nsAString& aViolatedDirective,

      uint32_t aViolatedPolicyIndex, const nsAString& aSourceFile,

      const nsAString& aScriptSample, uint32_t aLineNum, uint32_t aColumnNum,

      Resource& aResource, nsIURI* aOriginalURI,

      const nsAString& aViolatedDirective, uint32_t aViolatedPolicyIndex,

      const nsAString& aSourceFile, const nsAString& aScriptSample,

      uint32_t aLineNum, uint32_t aColumnNum,

      mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);



  nsresult SendReports(
@@ -114,14 +128,6 @@ class nsCSPContext : public nsIContentSecurityPolicy { 
      const mozilla::dom::SecurityPolicyViolationEventInit&

          aViolationEventInit);



  enum BlockedContentSource {

    eUnknown,

    eInline,

    eEval,

    eSelf,

    eWasmEval,

  };



  nsresult AsyncReportViolation(

      mozilla::dom::Element* aTriggeringElement,

      nsICSPEventListener* aCSPEventListener, nsIURI* aBlockedURI,