Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r=ckerschb

This is necessary for tests which need to verify that reports are being sent for the correct inline sources, where the current sample size is not enough to completely distinguish them. MozReview-Commit-ID: 2k2vAhJhIsi --HG-- extra : rebase_source : 268a53d1450be6666081bf5093aa170352b398e1
2024-10-14 22:05:44 +00:00 · 2017-11-06 14:01:32 -08:00 · 2017-11-06 14:01:32 -08:00 · 326ce05075
commit 326ce05075
parent bd57fba62b
2 changed files with 21 additions and 3 deletions
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@ -39,6 +39,7 @@
 #include "nsScriptSecurityManager.h"
 #include "nsStringStream.h"
 #include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
 #include "mozilla/dom/CSPReportBinding.h"
 #include "mozilla/dom/CSPDictionariesBinding.h"
 #include "mozilla/net/ReferrerPolicy.h"
@ -271,12 +272,22 @@ NS_IMPL_ISUPPORTS_CI(nsCSPContext,
                     nsIContentSecurityPolicy,
                     nsISerializable)

+int32_t nsCSPContext::sScriptSampleMaxLength;
+
 nsCSPContext::nsCSPContext()
  : mInnerWindowID(0)
  , mLoadingContext(nullptr)
  , mLoadingPrincipal(nullptr)
  , mQueueUpMessages(true)
 {
+  static bool sInitialized = false;
+  if (!sInitialized) {
+    Preferences::AddIntVarCache(&sScriptSampleMaxLength,
+                                "security.csp.reporting.script-sample.max-length",
+                                40);
+    sInitialized = true;
+  }
+
  CSPCONTEXTLOG(("nsCSPContext::nsCSPContext"));
 }

@ -479,9 +490,9 @@ nsCSPContext::reportInlineViolation(nsContentPolicyType aContentType,
  }

  nsAutoString codeSample(aContent);
-  // cap the length of the script sample at 40 chars
-  if (codeSample.Length() > 40) {
-    codeSample.Truncate(40);
+  // cap the length of the script sample
+  if (codeSample.Length() > ScriptSampleMaxLength()) {
+    codeSample.Truncate(ScriptSampleMaxLength());
    codeSample.AppendLiteral("...");
  }
  AsyncReportViolation(selfISupports,                      // aBlockedContentSource
--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@ -106,6 +106,13 @@ class nsCSPContext : public nsIContentSecurityPolicy
                               uint32_t aViolatedPolicyIndex,
                               uint32_t aLineNumber);

+    static int32_t sScriptSampleMaxLength;
+
+    static uint32_t ScriptSampleMaxLength()
+    {
+      return std::max(sScriptSampleMaxLength, 0);
+    }
+
    nsString                                   mReferrer;
    uint64_t                                   mInnerWindowID; // used for web console logging
    nsTArray<nsCSPPolicy*>                     mPolicies;