Add 'require-trusted-types-for' directive to network CSP code

The Content Security Policies code under services/network and the relative mojo types still misses support for a few CSP directives. We need to support all CSP directives in order to use it as a replacement to the Blink types, and also if we want to add Content Security Policies to the Policy Container (see attached bugs). This CL implements support for the directive 'require-trusted-types-for'. Bug: 1021462,1149272 Change-Id: I32880e8b3e35f1db4acf92a40e5d167a5f76870a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2539906Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#828637}

Add 'require-trusted-types-for' directive to network CSP code
The Content Security Policies code under services/network and the relative mojo types still misses support for a few CSP directives. We need to support all CSP directives in order to use it as a replacement to the Blink types, and also if we want to add Content Security Policies to the Policy Container (see attached bugs). This CL implements support for the directive 'require-trusted-types-for'. Bug: 1021462,1149272 Change-Id: I32880e8b3e35f1db4acf92a40e5d167a5f76870a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2539906Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/master@{#828637}
5d1d3d63 · Antonio Sartori · Commit Bot · b37c2342 · 5d1d3d63 · 5d1d3d63
Commit 5d1d3d63 authored Nov 18, 2020 by Antonio Sartori Committed by Commit Bot Nov 18, 2020
7 changed files
--- a/content/renderer/content_security_policy_util.cc
+++ b/content/renderer/content_security_policy_util.cc
@@ -49,6 +49,8 @@ network::mojom::ContentSecurityPolicyPtr BuildContentSecurityPolicy(
  for (const blink::WebString& endpoint : policy_in.report_endpoints)
    policy->report_endpoints.push_back(endpoint.Utf8());

+  policy->require_trusted_types_for = policy_in.require_trusted_types_for;
+
  return policy;
 }


--- a/services/network/public/cpp/content_security_policy/content_security_policy.cc
+++ b/services/network/public/cpp/content_security_policy/content_security_policy.cc
@@ -728,6 +728,21 @@ std::vector<std::string> ParsePluginTypes(
  return out;
 }

+// Parse the 'required-trusted-types-for' directive.
+// https://w3c.github.io/webappsec-trusted-types/dist/spec/#require-trusted-types-for-csp-directive
+//
+// TODO(https://crbug.com/1149293): Add a warning when parsing invalid values.
+network::mojom::CSPRequireTrustedTypesFor ParseRequireTrustedTypesFor(
+    base::StringPiece value) {
+  for (const auto expression : base::SplitStringPiece(
+           value, base::kWhitespaceASCII, base::TRIM_WHITESPACE,
+           base::SPLIT_WANT_NONEMPTY)) {
+    if (expression == "'script'")
+      return network::mojom::CSPRequireTrustedTypesFor::Script;
+  }
+  return network::mojom::CSPRequireTrustedTypesFor::None;
+}
+
 // Parses a reporting directive.
 // https://w3c.github.io/webappsec-csp/#directives-reporting
 // TODO(lfg): The report-to should be treated as a single token according to the
@@ -879,12 +894,16 @@ void AddContentSecurityPolicyFromHeader(base::StringPiece header,
            ParsePluginTypes(directive.second, out->parsing_errors);
        break;

+      case CSPDirectiveName::RequireTrustedTypesFor:
+        out->require_trusted_types_for =
+            ParseRequireTrustedTypesFor(directive.second);
+        break;
+
        // We check the following three directives so that we do not trigger a
        // warning because of an unrecognized directive. However, we skip
        // parsing them for now since we do not need these directives here (they
        // are parsed and enforced in the blink CSP parser).
      case CSPDirectiveName::BlockAllMixedContent:
-      case CSPDirectiveName::RequireTrustedTypesFor:
      case CSPDirectiveName::TrustedTypes:
        break;


--- a/services/network/public/cpp/content_security_policy/content_security_policy_unittest.cc
+++ b/services/network/public/cpp/content_security_policy/content_security_policy_unittest.cc
@@ -635,6 +635,42 @@ TEST(ContentSecurityPolicy, ParsePluginTypes) {
  }
 }

+TEST(ContentSecurityPolicy, ParseRequireTrustedTypesFor) {
+  struct {
+    const char* input;
+    network::mojom::CSPRequireTrustedTypesFor expected;
+  } cases[]{
+      {
+          "require-trusted-types-for",
+          network::mojom::CSPRequireTrustedTypesFor::None,
+      },
+      {
+          "require-trusted-types-for 'script'",
+          network::mojom::CSPRequireTrustedTypesFor::Script,
+      },
+      {
+          "require-trusted-types-for 'wasm' 'script'",
+          network::mojom::CSPRequireTrustedTypesFor::Script,
+      },
+      {
+          "require-trusted-types-for 'script' 'wasm' 'script'",
+          network::mojom::CSPRequireTrustedTypesFor::Script,
+      },
+      {
+          "require-trusted-types-for 'wasm'",
+          network::mojom::CSPRequireTrustedTypesFor::None,
+      },
+  };
+
+  for (const auto& testCase : cases) {
+    std::vector<mojom::ContentSecurityPolicyPtr> policies =
+        ParseCSP(testCase.input);
+    EXPECT_EQ(policies[0]->directives.size(), 0u);
+    EXPECT_EQ(policies[0]->parsing_errors.size(), 0u);
+    EXPECT_EQ(policies[0]->require_trusted_types_for, testCase.expected);
+  }
+}
+
 TEST(ContentSecurityPolicy, ParseReportEndpoint) {
  // report-uri directive.
  {

--- a/services/network/public/mojom/content_security_policy.mojom
+++ b/services/network/public/mojom/content_security_policy.mojom
@@ -127,6 +127,11 @@ enum CSPDirectiveName {
  WorkerSrc,
 };

+enum CSPRequireTrustedTypesFor {
+  None = 0,
+  Script = 1,
+};
+
 struct ContentSecurityPolicy {
  map<CSPDirectiveName, CSPSourceList> directives;

@@ -160,6 +165,11 @@ struct ContentSecurityPolicy {
  // allowed.
  array<string>? plugin_types;

+  // The parsed value of the directive 'require-trusted-types-for'.
+  // https://w3c.github.io/webappsec-trusted-types/dist/spec/#require-trusted-types-for-csp-directive
+  CSPRequireTrustedTypesFor require_trusted_types_for =
+      CSPRequireTrustedTypesFor.None;
+
  // An array containing a set of errors occurred while parsing the CSP header.
  array<string> parsing_errors;
 };

--- a/third_party/blink/public/platform/web_content_security_policy_struct.h
+++ b/third_party/blink/public/platform/web_content_security_policy_struct.h
@@ -81,6 +81,7 @@ struct WebContentSecurityPolicy {
  WebVector<WebString> report_endpoints;
  WebString header;
  bool use_reporting_api;
+  network::mojom::CSPRequireTrustedTypesFor require_trusted_types_for;
 };

 }  // namespace blink

--- a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
+++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
@@ -272,7 +272,8 @@ WebContentSecurityPolicy ConvertToPublic(
          policy->upgrade_insecure_requests,
          std::move(policy->report_endpoints),
          policy->header->header_value,
-          policy->use_reporting_api};
+          policy->use_reporting_api,
+          policy->require_trusted_types_for};
 }

 }  // namespace

--- a/third_party/blink/renderer/platform/network/http_parsers.cc
+++ b/third_party/blink/renderer/platform/network/http_parsers.cc
@@ -133,6 +133,7 @@ blink::ContentSecurityPolicyPtr ConvertToBlink(
          ? base::Optional<WTF::Vector<WTF::String>>(
                ConvertToBlink(std::move(policy_in->plugin_types.value())))
          : base::nullopt,
+      policy_in->require_trusted_types_for,
      ConvertToBlink(std::move(policy_in->parsing_errors)));
 }