File: CSPViolationData.h

package info (click to toggle)
firefox 149.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,767,760 kB
  • sloc: cpp: 7,416,064; javascript: 6,752,859; ansic: 3,774,850; python: 1,250,473; xml: 641,578; asm: 439,191; java: 186,617; sh: 56,634; makefile: 18,856; objc: 13,092; perl: 12,763; pascal: 5,960; yacc: 4,583; cs: 3,846; lex: 1,720; ruby: 1,002; php: 436; lisp: 258; awk: 105; sql: 66; sed: 53; csh: 10; exp: 6
file content (72 lines) | stat: -rw-r--r-- 2,349 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef DOM_SECURITY_CSPVIOLATION_H_
#define DOM_SECURITY_CSPVIOLATION_H_

#include <cstdint>

#include "mozilla/RefPtr.h"
#include "mozilla/Variant.h"
#include "nsCOMPtr.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIURI.h"
#include "nsString.h"

class nsIURI;

namespace mozilla::dom {
class Element;

// Represents parts of <https://w3c.github.io/webappsec-csp/#violation>.
// The remaining parts can be deduced from the corresponding nsCSPContext.
struct CSPViolationData {
  enum class BlockedContentSource {
    Unknown,
    Inline,
    Eval,
    Self,
    WasmEval,
    TrustedTypesPolicy,
    TrustedTypesSink,
  };

  using Resource = mozilla::Variant<nsCOMPtr<nsIURI>, BlockedContentSource>;

  // According to https://github.com/w3c/webappsec-csp/issues/442 column- and
  // line-numbers are expected to be 1-origin.
  //
  // @param aSample Will be truncated if necessary.
  // @param aHashSHA256 The source code sha256 hash (encoded as base64) for
  // inline scripts and styles.
  //                    https://w3c.github.io/webappsec-csp/#grammardef-hash-source
  CSPViolationData(uint32_t aViolatedPolicyIndex, Resource&& aResource,
                   const CSPDirective aEffectiveDirective,
                   const nsACString& aSourceFile, uint32_t aLineNumber,
                   uint32_t aColumnNumber, Element* aElement,
                   const nsAString& aSample,
                   const nsACString& aHashSHA256 = ""_ns);

  ~CSPViolationData();

  static const nsDependentSubstring MaybeTruncateSample(
      const nsAString& aSample);
  BlockedContentSource BlockedContentSourceOrUnknown() const;

  uint32_t mViolatedPolicyIndex;
  Resource mResource;
  CSPDirective mEffectiveDirective;
  // String representation of the URL. The empty string represents a null-URL.
  nsCString mSourceFile;
  uint32_t mLineNumber;
  uint32_t mColumnNumber;
  RefPtr<Element> mElement;
  nsString mSample;
  nsCString mHashSHA256;
};
}  // namespace mozilla::dom

#endif  // DOM_SECURITY_CSPVIOLATION_H_