gecko-dev/dom/security/CSPEvalChecker.cpp

191 lines
5.9 KiB
C++

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/dom/CSPEvalChecker.h"
#include "mozilla/dom/Document.h"
#include "mozilla/dom/WorkerPrivate.h"
#include "mozilla/dom/WorkerRunnable.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/ErrorResult.h"
#include "nsIParentChannel.h"
#include "nsGlobalWindowInner.h"
#include "nsContentSecurityUtils.h"
#include "nsContentUtils.h"
#include "nsCOMPtr.h"
#include "nsJSUtils.h"
using namespace mozilla;
using namespace mozilla::dom;
namespace {
// We use the subjectPrincipal to assert that eval() is never
// executed in system privileged context.
nsresult CheckInternal(nsIContentSecurityPolicy* aCSP,
nsICSPEventListener* aCSPEventListener,
nsIPrincipal* aSubjectPrincipal,
const nsAString& aExpression,
const nsAString& aFileNameString, uint32_t aLineNum,
uint32_t aColumnNum, bool* aAllowed) {
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aAllowed);
// The value is set at any "return", but better to have a default value here.
*aAllowed = false;
// This is the non-CSP check for gating eval() use in the SystemPrincipal
#if !defined(ANDROID)
JSContext* cx = nsContentUtils::GetCurrentJSContext();
if (!nsContentSecurityUtils::IsEvalAllowed(
cx, aSubjectPrincipal->IsSystemPrincipal(), aExpression)) {
*aAllowed = false;
return NS_OK;
}
#endif
if (!aCSP) {
*aAllowed = true;
return NS_OK;
}
bool reportViolation = false;
nsresult rv = aCSP->GetAllowsEval(&reportViolation, aAllowed);
if (NS_WARN_IF(NS_FAILED(rv))) {
*aAllowed = false;
return rv;
}
if (reportViolation) {
aCSP->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
nullptr, // triggering element
aCSPEventListener, aFileNameString, aExpression,
aLineNum, aColumnNum, u""_ns, u""_ns);
}
return NS_OK;
}
class WorkerCSPCheckRunnable final : public WorkerMainThreadRunnable {
public:
WorkerCSPCheckRunnable(WorkerPrivate* aWorkerPrivate,
const nsAString& aExpression,
const nsAString& aFileNameString, uint32_t aLineNum,
uint32_t aColumnNum)
: WorkerMainThreadRunnable(aWorkerPrivate, "CSP Eval Check"_ns),
mExpression(aExpression),
mFileNameString(aFileNameString),
mLineNum(aLineNum),
mColumnNum(aColumnNum),
mEvalAllowed(false) {}
bool MainThreadRun() override {
mResult = CheckInternal(
mWorkerPrivate->GetCSP(), mWorkerPrivate->CSPEventListener(),
mWorkerPrivate->GetLoadingPrincipal(), mExpression, mFileNameString,
mLineNum, mColumnNum, &mEvalAllowed);
return true;
}
nsresult GetResult(bool* aAllowed) {
MOZ_ASSERT(aAllowed);
*aAllowed = mEvalAllowed;
return mResult;
}
private:
const nsString mExpression;
const nsString mFileNameString;
const uint32_t mLineNum;
const uint32_t mColumnNum;
bool mEvalAllowed;
nsresult mResult;
};
} // namespace
/* static */
nsresult CSPEvalChecker::CheckForWindow(JSContext* aCx,
nsGlobalWindowInner* aWindow,
const nsAString& aExpression,
bool* aAllowEval) {
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aWindow);
MOZ_ASSERT(aAllowEval);
// The value is set at any "return", but better to have a default value here.
*aAllowEval = false;
// if CSP is enabled, and setTimeout/setInterval was called with a string,
// disable the registration and log an error
nsCOMPtr<Document> doc = aWindow->GetExtantDoc();
if (!doc) {
// if there's no document, we don't have to do anything.
*aAllowEval = true;
return NS_OK;
}
nsresult rv = NS_OK;
// Get the calling location.
uint32_t lineNum = 0;
uint32_t columnNum = 0;
nsAutoString fileNameString;
if (!nsJSUtils::GetCallingLocation(aCx, fileNameString, &lineNum,
&columnNum)) {
fileNameString.AssignLiteral("unknown");
}
nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp();
rv = CheckInternal(csp, nullptr /* no CSPEventListener for window */,
doc->NodePrincipal(), aExpression, fileNameString, lineNum,
columnNum, aAllowEval);
if (NS_WARN_IF(NS_FAILED(rv))) {
*aAllowEval = false;
return rv;
}
return NS_OK;
}
/* static */
nsresult CSPEvalChecker::CheckForWorker(JSContext* aCx,
WorkerPrivate* aWorkerPrivate,
const nsAString& aExpression,
bool* aAllowEval) {
MOZ_ASSERT(aWorkerPrivate);
aWorkerPrivate->AssertIsOnWorkerThread();
MOZ_ASSERT(aAllowEval);
// The value is set at any "return", but better to have a default value here.
*aAllowEval = false;
// Get the calling location.
uint32_t lineNum = 0;
uint32_t columnNum = 0;
nsAutoString fileNameString;
if (!nsJSUtils::GetCallingLocation(aCx, fileNameString, &lineNum,
&columnNum)) {
fileNameString.AssignLiteral("unknown");
}
RefPtr<WorkerCSPCheckRunnable> r = new WorkerCSPCheckRunnable(
aWorkerPrivate, aExpression, fileNameString, lineNum, columnNum);
ErrorResult error;
r->Dispatch(Canceling, error);
if (NS_WARN_IF(error.Failed())) {
*aAllowEval = false;
return error.StealNSResult();
}
nsresult rv = r->GetResult(aAllowEval);
if (NS_WARN_IF(NS_FAILED(rv))) {
*aAllowEval = false;
return rv;
}
return NS_OK;
}