File: CSPViolationData.h

package info (click to toggle)
firefox 148.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,719,656 kB
  • sloc: cpp: 7,618,171; javascript: 6,701,506; ansic: 3,781,787; python: 1,418,364; xml: 638,647; asm: 438,962; java: 186,285; sh: 62,885; makefile: 19,010; objc: 13,092; perl: 12,763; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10; exp: 6
file content (72 lines) | stat: -rw-r--r-- 2,349 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef DOM_SECURITY_CSPVIOLATION_H_
#define DOM_SECURITY_CSPVIOLATION_H_

#include <cstdint>

#include "mozilla/RefPtr.h"
#include "mozilla/Variant.h"
#include "nsCOMPtr.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIURI.h"
#include "nsString.h"

class nsIURI;

namespace mozilla::dom {
class Element;

// Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
// The remaining parts can be deduced from the corresponding nsCSPContext.
struct CSPViolationData {
  enum class BlockedContentSource {
    Unknown,
    Inline,
    Eval,
    Self,
    WasmEval,
    TrustedTypesPolicy,
    TrustedTypesSink,
  };

  using Resource = mozilla::Variant<nsCOMPtr<nsIURI>, BlockedContentSource>;

  // According to https://github.com/w3c/webappsec-csp/issues/442 column- and
  // line-numbers are expected to be 1-origin.
  //
  // @param aSample Will be truncated if necessary.
  // @param aHashSHA256 The source code sha256 hash (encoded as base64) for
  // inline scripts and styles.
  //                    https://w3c.github.io/webappsec-csp/#grammardef-hash-source
  CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
                   const CSPDirective aEffectiveDirective,
                   const nsACString& aSourceFile, uint32_t aLineNumber,
                   uint32_t aColumnNumber, Element* aElement,
                   const nsAString& aSample,
                   const nsACString& aHashSHA256 = ""_ns);

  ~CSPViolationData();

  static const nsDependentSubstring MaybeTruncateSample(
      const nsAString& aSample);
  BlockedContentSource BlockedContentSourceOrUnknown() const;

  uint32_t mViolatedPolicyIndex;
  Resource mResource;
  CSPDirective mEffectiveDirective;
  // String representation of the URL. The empty string represents a null-URL.
  nsCString mSourceFile;
  uint32_t mLineNumber;
  uint32_t mColumnNumber;
  RefPtr<Element> mElement;
  nsString mSample;
  nsCString mHashSHA256;
};
}  // namespace mozilla::dom

#endif  // DOM_SECURITY_CSPVIOLATION_H_