Skip to content

GitLab

T
tangled
Commit abe073d9 authored by amalika's avatar amalika Committed by Commit bot
Browse files
Options

Remove unnecessary boolean from CSPDirectiveList 

We had a boolean that replicated the meaning of m_headerType so all instance of the former were changed in favor of using isReportOnly class method.

R=mkwst@chromium.org

Review-Url: https://codereview.chromium.org/2340983004
Cr-Commit-Position: refs/heads/master@{#419146}
parent 3dfc90f7
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 17 deletions
third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
View file @ abe073d9
...@@ -47,7 +47,6 @@ CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit ...@@ -47,7 +47,6 @@ CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit
: m_policy(policy) : m_policy(policy)
, m_headerType(type) , m_headerType(type)
, m_headerSource(source) , m_headerSource(source)
, m_reportOnly(false)
, m_hasSandboxPolicy(false) , m_hasSandboxPolicy(false)
, m_reflectedXSSDisposition(ReflectedXSSUnset) , m_reflectedXSSDisposition(ReflectedXSSUnset)
, m_didSetReferrerPolicy(false) , m_didSetReferrerPolicy(false)
...@@ -57,7 +56,6 @@ CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit ...@@ -57,7 +56,6 @@ CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit
, m_treatAsPublicAddress(false) , m_treatAsPublicAddress(false)
, m_requireSRIFor(RequireSRIForToken::None) , m_requireSRIFor(RequireSRIForToken::None)
{ {
m_reportOnly = type == ContentSecurityPolicyHeaderTypeReport;
} }
CSPDirectiveList* CSPDirectiveList::create(ContentSecurityPolicy* policy, const UChar* begin, const UChar* end, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) CSPDirectiveList* CSPDirectiveList::create(ContentSecurityPolicy* policy, const UChar* begin, const UChar* end, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
...@@ -78,33 +76,33 @@ CSPDirectiveList* CSPDirectiveList::create(ContentSecurityPolicy* policy, const ...@@ -78,33 +76,33 @@ CSPDirectiveList* CSPDirectiveList::create(ContentSecurityPolicy* policy, const
void CSPDirectiveList::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, ResourceRequest::RedirectStatus redirectStatus) const void CSPDirectiveList::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, ResourceRequest::RedirectStatus redirectStatus) const
{ {
String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; String message = isReportOnly() ? "[Report Only] " + consoleMessage : consoleMessage;
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message)); m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message));
m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus);
} }
void CSPDirectiveList::reportViolationWithFrame(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFrame* frame) const void CSPDirectiveList::reportViolationWithFrame(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFrame* frame) const
{ {
String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; String message = isReportOnly() ? "[Report Only] " + consoleMessage : consoleMessage;
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message), frame); m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message), frame);
m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, frame); m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, frame);
} }
void CSPDirectiveList::reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const void CSPDirectiveList::reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const
{ {
String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; String message = isReportOnly() ? "[Report Only] " + consoleMessage : consoleMessage;
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message, SourceLocation::capture(contextURL, contextLine.oneBasedInt(), 0))); m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message, SourceLocation::capture(contextURL, contextLine.oneBasedInt(), 0)));
m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::InlineViolation, nullptr, RedirectStatus::NoRedirect, contextLine.oneBasedInt()); m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::InlineViolation, nullptr, RedirectStatus::NoRedirect, contextLine.oneBasedInt());
} }
void CSPDirectiveList::reportViolationWithState(const String& directiveText, const String& effectiveDirective, const String& message, const KURL& blockedURL, ScriptState* scriptState, const ContentSecurityPolicy::ExceptionStatus exceptionStatus) const void CSPDirectiveList::reportViolationWithState(const String& directiveText, const String& effectiveDirective, const String& message, const KURL& blockedURL, ScriptState* scriptState, const ContentSecurityPolicy::ExceptionStatus exceptionStatus) const
{ {
String reportMessage = m_reportOnly ? "[Report Only] " + message : message; String reportMessage = isReportOnly() ? "[Report Only] " + message : message;
// Print a console message if it won't be redundant with a // Print a console message if it won't be redundant with a
// JavaScript exception that the caller will throw. (Exceptions will // JavaScript exception that the caller will throw. (Exceptions will
// never get thrown in report-only mode because the caller won't see // never get thrown in report-only mode because the caller won't see
// a violation.) // a violation.)
if (m_reportOnly || exceptionStatus == ContentSecurityPolicy::WillNotThrowException) { if (isReportOnly() || exceptionStatus == ContentSecurityPolicy::WillNotThrowException) {
ConsoleMessage* consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, reportMessage); ConsoleMessage* consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, reportMessage);
m_policy->logToConsole(consoleMessage); m_policy->logToConsole(consoleMessage);
} }
...@@ -260,7 +258,7 @@ bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directiv ...@@ -260,7 +258,7 @@ bool CSPDirectiveList::checkEvalAndReportViolation(SourceListDirective* directiv
suffix = " Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback."; suffix = " Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.";
reportViolationWithState(directive->text(), ContentSecurityPolicy::ScriptSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), scriptState, exceptionStatus); reportViolationWithState(directive->text(), ContentSecurityPolicy::ScriptSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), scriptState, exceptionStatus);
if (!m_reportOnly) { if (!isReportOnly()) {
m_policy->reportBlockedScriptExecutionToInspector(directive->text()); m_policy->reportBlockedScriptExecutionToInspector(directive->text());
return false; return false;
} }
...@@ -300,7 +298,7 @@ bool CSPDirectiveList::checkInlineAndReportViolation(SourceListDirective* direct ...@@ -300,7 +298,7 @@ bool CSPDirectiveList::checkInlineAndReportViolation(SourceListDirective* direct
reportViolationWithLocation(directive->text(), isScript ? ContentSecurityPolicy::ScriptSrc : ContentSecurityPolicy::StyleSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), contextURL, contextLine); reportViolationWithLocation(directive->text(), isScript ? ContentSecurityPolicy::ScriptSrc : ContentSecurityPolicy::StyleSrc, consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), contextURL, contextLine);
if (!m_reportOnly) { if (!isReportOnly()) {
if (isScript) if (isScript)
m_policy->reportBlockedScriptExecutionToInspector(directive->text()); m_policy->reportBlockedScriptExecutionToInspector(directive->text());
return false; return false;
...@@ -723,7 +721,7 @@ void CSPDirectiveList::applySandboxPolicy(const String& name, const String& sand ...@@ -723,7 +721,7 @@ void CSPDirectiveList::applySandboxPolicy(const String& name, const String& sand
m_policy->reportInvalidDirectiveInMeta(name); m_policy->reportInvalidDirectiveInMeta(name);
return; return;
} }
if (m_reportOnly) { if (isReportOnly()) {
m_policy->reportInvalidInReportOnly(name); m_policy->reportInvalidInReportOnly(name);
return; return;
} }
...@@ -741,7 +739,7 @@ void CSPDirectiveList::applySandboxPolicy(const String& name, const String& sand ...@@ -741,7 +739,7 @@ void CSPDirectiveList::applySandboxPolicy(const String& name, const String& sand
void CSPDirectiveList::treatAsPublicAddress(const String& name, const String& value) void CSPDirectiveList::treatAsPublicAddress(const String& name, const String& value)
{ {
if (m_reportOnly) { if (isReportOnly()) {
m_policy->reportInvalidInReportOnly(name); m_policy->reportInvalidInReportOnly(name);
return; return;
} }
...@@ -766,13 +764,13 @@ void CSPDirectiveList::enforceStrictMixedContentChecking(const String& name, con ...@@ -766,13 +764,13 @@ void CSPDirectiveList::enforceStrictMixedContentChecking(const String& name, con
m_strictMixedContentCheckingEnforced = true; m_strictMixedContentCheckingEnforced = true;
if (!m_reportOnly) if (!isReportOnly())
m_policy->enforceStrictMixedContentChecking(); m_policy->enforceStrictMixedContentChecking();
} }
void CSPDirectiveList::enableInsecureRequestsUpgrade(const String& name, const String& value) void CSPDirectiveList::enableInsecureRequestsUpgrade(const String& name, const String& value)
{ {
if (m_reportOnly) { if (isReportOnly()) {
m_policy->reportInvalidInReportOnly(name); m_policy->reportInvalidInReportOnly(name);
return; return;
} }
......
third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
View file @ abe073d9
...@@ -74,10 +74,10 @@ public: ...@@ -74,10 +74,10 @@ public:
ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflectedXSSDisposition; } ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflectedXSSDisposition; }
ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; }
bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
bool isReportOnly() const { return m_reportOnly; } bool isReportOnly() const { return m_headerType == ContentSecurityPolicyHeaderTypeReport; }
const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
uint8_t requireSRIForTokens() const { return m_requireSRIFor; } uint8_t requireSRIForTokens() const { return m_requireSRIFor; }
bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_reportOnly; } bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !isReportOnly(); }
// Used to copy plugin-types into a plugin document in a nested // Used to copy plugin-types into a plugin document in a nested
// browsing context. // browsing context.
...@@ -142,7 +142,7 @@ private: ...@@ -142,7 +142,7 @@ private:
bool checkAncestorsAndReportViolation(SourceListDirective*, LocalFrame*, const KURL&) const; bool checkAncestorsAndReportViolation(SourceListDirective*, LocalFrame*, const KURL&) const;
bool checkRequestWithoutIntegrityAndReportViolation(WebURLRequest::RequestContext, const KURL&, ResourceRequest::RedirectStatus) const; bool checkRequestWithoutIntegrityAndReportViolation(WebURLRequest::RequestContext, const KURL&, ResourceRequest::RedirectStatus) const;
bool denyIfEnforcingPolicy() const { return m_reportOnly; } bool denyIfEnforcingPolicy() const { return isReportOnly(); }
Member<ContentSecurityPolicy> m_policy; Member<ContentSecurityPolicy> m_policy;
...@@ -150,7 +150,6 @@ private: ...@@ -150,7 +150,6 @@ private:
ContentSecurityPolicyHeaderType m_headerType; ContentSecurityPolicyHeaderType m_headerType;
ContentSecurityPolicyHeaderSource m_headerSource; ContentSecurityPolicyHeaderSource m_headerSource;
bool m_reportOnly;
bool m_hasSandboxPolicy; bool m_hasSandboxPolicy;
ReflectedXSSDisposition m_reflectedXSSDisposition; ReflectedXSSDisposition m_reflectedXSSDisposition;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment