Design a new way to do all the policy checks that does not involve a billion variations of template functions that all do the same things but with different parameters.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3 commit 1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3 Author: Andy Paicu <andypaicu@chromium.org> Date: Fri Jul 14 18:55:35 2017 Fixes and technical debt for hash-based policies Fixed an issue where multiple policies with different algorithms would deny scripts/styles Fixed an issue where report-only policies could cause hash-based policies to incorrectly deny scripts/styles Fixed an issue where mixing hash based and not hash based policies would deny scripts/styles because the checks were done independently Got rid of the IsAllowedByAll template system and replaced it with for loops Ensured that checks that check hashes are now incorporated in their respective allows function Removed the need for external callers to know to call the hash specific functions checks since now they are integrated Added LayoutTests relevant to the issues above Bug: 617065 , 739292 , 740688 Change-Id: I1b56afe899eac6358d2ef33fc7030aef568f89ac Reviewed-on: https://chromium-review.googlesource.com/570248 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#486822} [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.sub.headers [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.sub.headers [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.sub.headers [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html [add] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.sub.headers [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/Element.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/MockScriptElementBase.h [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/ScriptElementBase.h [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/ScriptLoader.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/dom/StyleElement.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/html/HTMLScriptElement.h [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/loader/HttpEquiv.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/svg/SVGScriptElement.cpp [modify] https://crrev.com/1fa4cc29f667430e1de7bcdd001ca9e373c8d4d3/third_party/WebKit/Source/core/svg/SVGScriptElement.h
Comment 1 by andypaicu@chromium.org
, Jul 13 2017