New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 739292 link

Starred by 2 users
Status: Fixed
Owner:
andypaicu@chromium.org
Last visit > 30 days ago
Closed: Aug 2017
Cc:
mkwst@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Task



Sign in to add a comment

Clean up template IsAllowedByAll mess in ContentSecurityPolicy.cpp

Project Member Reported by andypaicu@chromium.org, Jul 5 2017 
Design a new way to do all the policy checks that does not involve a billion variations of template functions that all do the same things but with different parameters.

Comment 1 by andypaicu@chromium.org, Jul 13 2017

Status: Started (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3

commit 1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3
Author: Andy Paicu <andypaicu@chromium.org>
Date: Fri Jul 14 18:55:35 2017

Fixes and technical debt for hash-based policies

Fixed an issue where multiple policies with different algorithms would
deny scripts/styles
Fixed an issue where report-only policies could cause hash-based policies
to incorrectly deny scripts/styles
Fixed an issue where mixing hash based and not hash based policies would
deny scripts/styles because the checks were done independently
Got rid of the IsAllowedByAll template system and replaced it with for loops
Ensured that checks that check hashes are now incorporated in their
respective allows function
Removed the need for external callers to know to call the hash specific
functions checks since now they are integrated
Added LayoutTests relevant to the issues above

Bug:  617065 ,  739292 , 740688
Change-Id: I1b56afe899eac6358d2ef33fc7030aef568f89ac
Reviewed-on: https://chromium-review.googlesource.com/570248
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486822}
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.sub.headers
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.sub.headers
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.sub.headers
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html
[add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/Element.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/MockScriptElementBase.h
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/ScriptElementBase.h
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/StyleElement.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/html/HTMLScriptElement.h
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/svg/SVGScriptElement.cpp
[modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/svg/SVGScriptElement.h

Comment 3 by andypaicu@chromium.org, Aug 4 2017

Status: Fixed (was: Started)

Sign in to add a comment