[issues] Report CSP issues of eval violation type

Doc: https://docs.google.com/document/d/1hmC2R-f2_024I3urdEpKm34V5tSWeIk8MuRts7rggso/edit#
Bug: chromium:1082628
Change-Id: I41aa7243473a7e7d4ef6da7fec4cef0336a27ca6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2316098
Commit-Queue: Kateryna Prokopenko <kprokopenko@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#795847}

third_party/blink/renderer/core/frame/csp/content_security_policy.cc

@@ -1468,7 +1468,10 @@ void ContentSecurityPolicy::ReportContentSecurityPolicyIssue(
                             ContentSecurityPolicyViolationType::kURLViolation ||
       violation_type ==
           blink::ContentSecurityPolicy::ContentSecurityPolicyViolationType::
-              kInlineViolation) {
+              kInlineViolation ||
+      violation_type ==
+          blink::ContentSecurityPolicy::ContentSecurityPolicyViolationType::
+              kEvalViolation) {
     if (frame_ancestor)
       frame_ancestor->AddInspectorIssue(std::move(info));
     else if (delegate_)

third_party/blink/web_tests/http/tests/inspector-protocol/issues/content-security-policy-issue-creation-eval-expected.txt

+Verifies that CSP issue is created from a page with eval() usage.
+
+Inspector issue: {
+    issue : {
+        code : ContentSecurityPolicyIssue
+        details : {
+            contentSecurityPolicyIssueDetails : {
+                contentSecurityPolicyViolationType : kEvalViolation
+                sourceCodeLocation : {
+                    columnNumber : 13
+                    lineNumber : 7
+                    url : https://devtools.test:8443/inspector-protocol/resources/content-security-policy-issue-eval.html
+                }
+                violatedDirective : script-src
+            }
+        }
+    }
+}
+

third_party/blink/web_tests/http/tests/inspector-protocol/issues/content-security-policy-issue-creation-eval.js

+(async function(testRunner) {
+    const {page, session, dp} = await testRunner.startBlank(
+      `Verifies that CSP issue is created from a page with eval() usage.\n`);
+
+    await dp.Network.enable();
+    await dp.Audits.enable();
+    page.navigate('https://devtools.test:8443/inspector-protocol/resources/content-security-policy-issue-eval.html');
+    const issue = await dp.Audits.onceIssueAdded();
+
+    testRunner.log(issue.params, "Inspector issue: ");
+    testRunner.completeTest();
+  })
\ No newline at end of file

third_party/blink/web_tests/http/tests/inspector-protocol/resources/content-security-policy-issue-eval.html

+<!DOCTYPE html>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';">
+
+<html>
+  <body>
+    <h2>Webpage with not allowed eval()</h2>
+
+    <script>alert(eval('7+10'))</script>
+  </body>
+</html>