Allow arbitrary object-src CSP directives for component extensions

This CL allows component extensions to specify arbitrary object-src CSP directives. This should be safe because non-NPAPI plugins should load in a sandboxed process and only allow communication via postMessage. Flash is an exception since it allows scripting into the embedder page, but even then it should disallow cross-origin scripting. At some point we may want to consider allowing this publicly. The CL refactors the CSP validator slightly to provide an options int to configure how CSP will be parsed. Tests are added for the changes above. BUG=416328 Review URL: https://codereview.chromium.org/754713002 Cr-Commit-Position: refs/heads/master@{#305725}
author: raymes <raymes@chromium.org> 2014-11-25 15:25:03 -0800
committer: Commit bot <commit-bot@chromium.org> 2014-11-25 23:25:29 +0000
commit: f43814b9553177aa71db780ddac7a3a4554a360c (patch)
tree: 550803d75f70cfa60e503140294bd3b23d3e7970 /extensions/common/csp_validator.cc
parent: 7b20a3d63d493d733664be92c177f17bff2731ce (diff)
download: chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.zip
chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.tar.gz
chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.tar.bz2
1 files changed, 14 insertions, 12 deletions
diff --git a/extensions/common/csp_validator.cc b/extensions/common/csp_validator.cc
index 23af91c..3224ad6 100644
--- a/extensions/common/csp_validator.cc
+++ b/extensions/common/csp_validator.cc
@@ -107,7 +107,7 @@ bool isNonWildcardTLD(const std::string& url,
 }
 
 bool HasOnlySecureTokens(base::StringTokenizer& tokenizer,
-                         Manifest::Type type) {
+                         int options) {
   while (tokenizer.GetNext()) {
     std::string source = tokenizer.token();
     base::StringToLowerASCII(&source);
@@ -131,9 +131,7 @@ bool HasOnlySecureTokens(base::StringTokenizer& tokenizer,
       continue;
     }
 
-    // crbug.com/146487
-    if (type == Manifest::TYPE_EXTENSION ||
-        type == Manifest::TYPE_LEGACY_PACKAGED_APP) {
+    if (options & OPTIONS_ALLOW_UNSAFE_EVAL) {
       if (source == "'unsafe-eval'")
         continue;
     }
@@ -148,13 +146,13 @@ bool HasOnlySecureTokens(base::StringTokenizer& tokenizer,
 bool UpdateStatus(const std::string& directive_name,
                   base::StringTokenizer& tokenizer,
                   DirectiveStatus* status,
-                  Manifest::Type type) {
+                  int options) {
   if (status->seen_in_policy)
     return false;
   if (directive_name != status->directive_name)
     return false;
   status->seen_in_policy = true;
-  status->is_secure = HasOnlySecureTokens(tokenizer, type);
+  status->is_secure = HasOnlySecureTokens(tokenizer, options);
   return true;
 }
 
@@ -170,7 +168,7 @@ bool ContentSecurityPolicyIsLegal(const std::string& policy) {
 }
 
 bool ContentSecurityPolicyIsSecure(const std::string& policy,
-                                   Manifest::Type type) {
+                                   int options) {
   // See http://www.w3.org/TR/CSP/#parse-a-csp-policy for parsing algorithm.
   std::vector<std::string> directives;
   base::SplitString(policy, ';', &directives);
@@ -188,19 +186,23 @@ bool ContentSecurityPolicyIsSecure(const std::string& policy,
     std::string directive_name = tokenizer.token();
     base::StringToLowerASCII(&directive_name);
 
-    if (UpdateStatus(directive_name, tokenizer, &default_src_status, type))
+    if (UpdateStatus(directive_name, tokenizer, &default_src_status, options))
       continue;
-    if (UpdateStatus(directive_name, tokenizer, &script_src_status, type))
+    if (UpdateStatus(directive_name, tokenizer, &script_src_status, options))
       continue;
-    if (UpdateStatus(directive_name, tokenizer, &object_src_status, type))
+    if (UpdateStatus(directive_name, tokenizer, &object_src_status, options))
       continue;
   }
 
   if (script_src_status.seen_in_policy && !script_src_status.is_secure)
     return false;
 
-  if (object_src_status.seen_in_policy && !object_src_status.is_secure)
-    return false;
+  if (object_src_status.seen_in_policy && !object_src_status.is_secure) {
+    // Note that this does not fully check the object-src source list for
+    // validity but Blink will do this anyway.
+    if (!(options & OPTIONS_ALLOW_INSECURE_OBJECT_SRC))
+      return false;
+  }
 
   if (default_src_status.seen_in_policy && !default_src_status.is_secure) {
     return script_src_status.seen_in_policy &&
author	raymes <raymes@chromium.org>	2014-11-25 15:25:03 -0800
committer	Commit bot <commit-bot@chromium.org>	2014-11-25 23:25:29 +0000
commit	f43814b9553177aa71db780ddac7a3a4554a360c (patch)
tree	550803d75f70cfa60e503140294bd3b23d3e7970 /extensions/common/csp_validator.cc
parent	7b20a3d63d493d733664be92c177f17bff2731ce (diff)
download	chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.zip chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.tar.gz chromium_src-f43814b9553177aa71db780ddac7a3a4554a360c.tar.bz2