File: nsContentSecurityUtils.h

package info (click to toggle)
firefox 147.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,683,484 kB
  • sloc: cpp: 7,607,246; javascript: 6,533,185; ansic: 3,775,227; python: 1,415,393; xml: 634,561; asm: 438,951; java: 186,241; sh: 62,752; makefile: 18,079; objc: 13,092; perl: 12,808; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10; exp: 6
file content (107 lines) | stat: -rw-r--r-- 4,477 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* A namespace class for static content security utilities. */

#ifndef nsContentSecurityUtils_h___
#define nsContentSecurityUtils_h___

#include <utility>

#include "mozilla/Maybe.h"
#include "nsStringFwd.h"

struct JSContext;
class nsIChannel;
class nsIHttpChannel;
class nsIPrincipal;
class nsIURI;
class NS_ConvertUTF8toUTF16;

namespace mozilla::dom {
class Document;
class Element;
}  // namespace mozilla::dom

using FilenameTypeAndDetails = std::pair<nsCString, mozilla::Maybe<nsCString>>;

class nsContentSecurityUtils {
 public:
  // CSPs upgrade-insecure-requests directive applies to same origin top level
  // navigations. Using the SOP would return false for the case when an https
  // page triggers and http page to load, even though that http page would be
  // upgraded to https later. Hence we have to use that custom function instead
  // of simply calling aTriggeringPrincipal->Equals(aResultPrincipal).
  static bool IsConsideredSameOriginForUIR(nsIPrincipal* aTriggeringPrincipal,
                                           nsIPrincipal* aResultPrincipal);

  // Check whether the scheme is trusted (for privileged code execution).
  // @returns true, iff the scheme is chrome:, resource: or moz-src:
  static bool IsTrustedScheme(nsIURI* aURI);

  static bool IsEvalAllowed(JSContext* cx, bool aIsSystemPrincipal,
                            const nsAString& aScript);
  static void NotifyEvalUsage(bool aIsSystemPrincipal,
                              const nsACString& aFileName, uint64_t aWindowID,
                              uint32_t aLineNumber, uint32_t aColumnNumber);

  // Helper function for various checks:
  // This function detects profiles with userChrome.js or extension signatures
  // disabled. We can't/won't enforce strong security for people with those
  // hacks. The function will cache its result.
  static void DetectJsHacks();
  // Helper function for detecting custom agent styles
  static void DetectCssHacks();

  // Helper function to query the HTTP Channel of a potential
  // multi-part channel. Mostly used for querying response headers
  static nsresult GetHttpChannelFromPotentialMultiPart(
      nsIChannel* aChannel, nsIHttpChannel** aHttpChannel);

  // Helper function which performs the following framing checks
  // * CSP frame-ancestors
  // * x-frame-options
  // If any of the two disallows framing, the channel will be cancelled.
  static void PerformCSPFrameAncestorAndXFOCheck(nsIChannel* aChannel);

  // Helper function which just checks if the channel violates any:
  // 1. CSP frame-ancestors properties
  // 2. x-frame-options
  static bool CheckCSPFrameAncestorAndXFO(nsIChannel* aChannel);

  // Implements https://w3c.github.io/webappsec-csp/#is-element-nonceable.
  //
  // Returns an empty nonce for elements without a nonce OR when a potential
  // dangling markup attack was detected.
  static nsString GetIsElementNonceableNonce(
      const mozilla::dom::Element& aElement);

  // Helper function to Check if a Download is allowed;
  static long ClassifyDownload(nsIChannel* aChannel);

  // Public only for testing
  static FilenameTypeAndDetails FilenameToFilenameType(
      const nsACString& fileName, bool collectAdditionalExtensionData);
  static char* SmartFormatCrashString(const char* str);
  static char* SmartFormatCrashString(char* str);
  static nsCString SmartFormatCrashString(const char* part1, const char* part2,
                                          const char* format_string);
  static nsCString SmartFormatCrashString(char* part1, char* part2,
                                          const char* format_string);

#if defined(DEBUG)
  static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
  static void AssertChromePageHasCSP(mozilla::dom::Document* aDocument);
#endif

  static bool ValidateScriptFilename(JSContext* cx, const char* aFilename);
  static nsresult GetVeryFirstUnexpectedScriptFilename(nsACString& aFilename);

  // Helper Function to Post a message to the corresponding JS-Console
  static void LogMessageToConsole(nsIHttpChannel* aChannel, const char* aMsg);
};

#endif /* nsContentSecurityUtils_h___ */