Skip to content
Permalink
Browse files
[Reporting API] Refactor network send logic to Report-related code
https://bugs.webkit.org/show_bug.cgi?id=244855
<rdar://problem/99618219>

Reviewed by Chris Dumez.

Bits of logic about how to distribute reports to endpoints is spread around the ContentSecurityObject, PingLoader, (COEP/COOP reporting before it was reverted), and now the Reporting module. This patch consolidates the behavior in the Reporting code where it can be used for all report types.

1. Rather than use a new 'ReportBodyType' type, it uses the existing 'ViolationReportType', since ReportBodies are 1:1 associated with ViolationReport types.
2. Remove the single-purpose 'sendCSPViolationReport' method and replace with a more generic 'sendReportToEndpoints'.
3. Modify the ReportingClient to present a signature for sending reports.
4. Modify the ContentSecurityPolicy code to use the new 'sendReportToEndpoints' client method.
5. Modify Document and NetworkLoader to implement a 'sendReportToEndpoints' method.
6. Add a stub implementation to WorkerGlobalScope to send reports. This will be done in a separate change.

* Source/WebCore/Headers.cmake: Add new ViolationReportType.h header.
* Source/WebCore/Modules/reporting/ReportBody.cpp:
(WebCore::ReportBody::ReportBody): Switch from ReportBodyType to ViolationReportType.
(WebCore::ReportBody::reportBodyType const): Ditto.
* Source/WebCore/Modules/reporting/ReportBody.h:
* Source/WebCore/Modules/reporting/ReportingClient.h: Add new 'sendReportToEndpoints' method.
* Source/WebCore/Modules/reporting/TestReportBody.cpp:
(WebCore::TestReportBody::TestReportBody): Switch from ReportBodyType to ViolationReportType.
* Source/WebCore/Modules/reporting/TestReportBody.h:
(isType): Switch from ReportBodyType to ViolationReportType.
* Source/WebCore/Modules/reporting/ViolationReportType.h: Copied from Source/WebCore/Modules/reporting/ReportBody.h.
* Source/WebCore/WebCore.xcodeproj/project.pbxproj: Add new ViolationReportType.h header.
* Source/WebCore/bindings/js/JSReportBodyCustom.cpp: Ditto.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::sendReportToEndpoints): Added.
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::sendCSPViolationReport): Deleted.
* Source/WebCore/loader/PingLoader.cpp:
(WebCore::PingLoader::sendViolationReport): Recognize the 'Test' ViolationReportType.
(WebCore::PingLoader::startPingLoad): Ditto.
* Source/WebCore/loader/PingLoader.h:
* Source/WebCore/page/csp/CSPViolationReportBody.cpp:
(WebCore::CSPViolationReportBody::CSPViolationReportBody): Switch from ReportBodyType to ViolationReportType.
* Source/WebCore/page/csp/CSPViolationReportBody.h:
(isType): Ditto.
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation const): Update to use the new ReportingClient mechanism
to send violation reports (rather than special casing for NetworkLoader and Document explicitly).
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::sendReportToEndpoints): Added stub (for future work).
* Source/WebCore/workers/WorkerGlobalScope.h:
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::sendCSPViolationReport): Replaced with 'sendReportToEndpoints'.
(WebKit::NetworkResourceLoader::sendReportToEndpoints): Added new implementation to support the ReportingClient API.
* Source/WebKit/NetworkProcess/NetworkResourceLoader.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<RefPtr<WebCore::ReportBody>>::encode): Switch from ReportBodyType to ViolationReportType.
(IPC::ArgumentCoder<RefPtr<WebCore::ReportBody>>::decode): Ditto.
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::sendCSPViolationReport): Deleted.
(WebKit::WebPage::sendReportToEndpoints): Added.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:

Canonical link: https://commits.webkit.org/254208@main
  • Loading branch information
brentfulgham authored and Brent Fulgham committed Sep 7, 2022
1 parent dc19877 commit 2e2acc4000997cddc8be168ae8f79fc4517b3c79
Show file tree
Hide file tree
Showing 27 changed files with 141 additions and 71 deletions.
@@ -330,6 +330,7 @@ set(WebCore_PRIVATE_FRAMEWORK_HEADERS
Modules/reporting/ReportingObserverCallback.h
Modules/reporting/ReportingScope.h
Modules/reporting/TestReportBody.h
Modules/reporting/ViolationReportType.h

Modules/speech/SpeechRecognitionCaptureSource.h
Modules/speech/SpeechRecognitionCaptureSourceImpl.h
@@ -32,13 +32,13 @@ namespace WebCore {

WTF_MAKE_ISO_ALLOCATED_IMPL(ReportBody);

ReportBody::ReportBody(ReportBodyType type)
ReportBody::ReportBody(ViolationReportType type)
: m_reportBodyType(type)
{ }

ReportBody::~ReportBody() = default;

ReportBodyType ReportBody::reportBodyType() const
ViolationReportType ReportBody::reportBodyType() const
{
return m_reportBodyType;
}
@@ -30,37 +30,21 @@

namespace WebCore {

enum class ReportBodyType : uint8_t {
CSPViolation,
Test
// More to come
};
enum class ViolationReportType : uint8_t;

class WEBCORE_EXPORT ReportBody : public RefCounted<ReportBody> {
WTF_MAKE_ISO_ALLOCATED(ReportBody);
public:
virtual ~ReportBody();

virtual const AtomString& type() const = 0;
ReportBodyType reportBodyType() const;
ViolationReportType reportBodyType() const;

protected:
ReportBody(ReportBodyType);
ReportBody(ViolationReportType);

private:
ReportBodyType m_reportBodyType;
ViolationReportType m_reportBodyType;
};

} // namespace WebCore

namespace WTF {

template<> struct EnumTraits<WebCore::ReportBodyType> {
using values = EnumValues<
WebCore::ReportBodyType,
WebCore::ReportBodyType::CSPViolation,
WebCore::ReportBodyType::Test
>;
};

} // namespace WTF
@@ -31,14 +31,17 @@

namespace WebCore {

class FormData;
class Report;
enum class ViolationReportType : uint8_t;

struct WEBCORE_EXPORT ReportingClient {

virtual ~ReportingClient() = default;

virtual void notifyReportObservers(Ref<Report>&&) = 0;
virtual String endpointURIForToken(const String&) const = 0;
virtual void sendReportToEndpoints(const URL& baseURL, Vector<String>&& endPoints, Ref<FormData>&& report, ViolationReportType) = 0;
};

} // namespace WebCore
@@ -40,7 +40,7 @@ const AtomString& TestReportBody::testReportType()
}

TestReportBody::TestReportBody(String&& message)
: ReportBody(ReportBodyType::Test)
: ReportBody(ViolationReportType::Test)
, m_bodyMessage(WTFMove(message))
{
}
@@ -26,6 +26,7 @@
#pragma once

#include "ReportBody.h"
#include "ViolationReportType.h"
#include <wtf/IsoMalloc.h>
#include <wtf/text/WTFString.h>

@@ -78,5 +79,5 @@ std::optional<RefPtr<TestReportBody>> TestReportBody::decode(Decoder& decoder)
} // namespace WebCore

SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::TestReportBody)
static bool isType(const WebCore::ReportBody& reportBody) { return reportBody.reportBodyType() == WebCore::ReportBodyType::Test; }
static bool isType(const WebCore::ReportBody& reportBody) { return reportBody.reportBodyType() == WebCore::ViolationReportType::Test; }
SPECIALIZE_TYPE_TRAITS_END()
@@ -0,0 +1,50 @@
/*
* Copyright (C) 2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/

#pragma once

namespace WebCore {

enum class ViolationReportType : uint8_t {
ContentSecurityPolicy,
StandardReportingAPIViolation, // https://www.w3.org/TR/reporting/#try-delivery
Test, // https://www.w3.org/TR/reporting-1/#generate-test-report-command
// More to come
};

} // namespace WebCore

namespace WTF {

template<> struct EnumTraits<WebCore::ViolationReportType> {
using values = EnumValues<
WebCore::ViolationReportType,
WebCore::ViolationReportType::ContentSecurityPolicy,
WebCore::ViolationReportType::StandardReportingAPIViolation,
WebCore::ViolationReportType::Test
>;
};

} // namespace WTF
@@ -2459,6 +2459,7 @@
7A09CEF11F02069B00E93BDB /* FileMonitor.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A09CEEC1F01CC9300E93BDB /* FileMonitor.h */; settings = {ATTRIBUTES = (Private, ); }; };
7A0E770F10C00A8800A0276E /* InspectorFrontendHost.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A0E770C10C00A8800A0276E /* InspectorFrontendHost.h */; settings = {ATTRIBUTES = (Private, ); }; };
7A0E771F10C00DB100A0276E /* JSInspectorFrontendHost.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A0E771D10C00DB100A0276E /* JSInspectorFrontendHost.h */; };
7A10958A28C7CEB20056F3BE /* ViolationReportType.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A10958928C7CEB20056F3BE /* ViolationReportType.h */; settings = {ATTRIBUTES = (Private, ); }; };
7A22732120C9FAFE00DB1DEF /* WebKitNSImageExtras.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A22731F20C9F9DA00DB1DEF /* WebKitNSImageExtras.h */; settings = {ATTRIBUTES = (Private, ); }; };
7A29F57218C69514004D0F81 /* OutOfBandTextTrackPrivateAVF.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A29F57118C69514004D0F81 /* OutOfBandTextTrackPrivateAVF.h */; };
7A45033018DB717200377B34 /* BufferedLineReader.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A45032E18DB717200377B34 /* BufferedLineReader.h */; };
@@ -11769,6 +11770,7 @@
7A0E770D10C00A8800A0276E /* InspectorFrontendHost.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = InspectorFrontendHost.idl; sourceTree = "<group>"; };
7A0E771C10C00DB100A0276E /* JSInspectorFrontendHost.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSInspectorFrontendHost.cpp; sourceTree = "<group>"; };
7A0E771D10C00DB100A0276E /* JSInspectorFrontendHost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSInspectorFrontendHost.h; sourceTree = "<group>"; };
7A10958928C7CEB20056F3BE /* ViolationReportType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ViolationReportType.h; sourceTree = "<group>"; };
7A22731E20C9F9D900DB1DEF /* WebKitNSImageExtras.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebKitNSImageExtras.mm; sourceTree = "<group>"; };
7A22731F20C9F9DA00DB1DEF /* WebKitNSImageExtras.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebKitNSImageExtras.h; sourceTree = "<group>"; };
7A29F57118C69514004D0F81 /* OutOfBandTextTrackPrivateAVF.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OutOfBandTextTrackPrivateAVF.h; sourceTree = "<group>"; };
@@ -25475,6 +25477,7 @@
7AC09F4428C00E5D004568FC /* TestReportBody.cpp */,
7AC09F4528C00E5D004568FC /* TestReportBody.h */,
7AC09F4628C0120C004568FC /* TestReportBody.idl */,
7A10958928C7CEB20056F3BE /* ViolationReportType.h */,
);
path = reporting;
sourceTree = "<group>";
@@ -38773,6 +38776,7 @@
070E81D11BF27656001FDA48 /* VideoTrackPrivateMediaStream.h in Headers */,
CEF418CF1179678C009D112C /* ViewportArguments.h in Headers */,
26F9A83918A046AC00AEB88A /* ViewportConfiguration.h in Headers */,
7A10958A28C7CEB20056F3BE /* ViolationReportType.h in Headers */,
83407FC11E8D9C1700E048D3 /* VisibilityChangeClient.h in Headers */,
46CA9C441F97BBE9004CFC3A /* VisibilityState.h in Headers */,
93309E20099E64920056E581 /* VisiblePosition.h in Headers */,
@@ -32,6 +32,7 @@
#include "JSTestReportBody.h"
#include "ReportBody.h"
#include "TestReportBody.h"
#include "ViolationReportType.h"

namespace WebCore {
using namespace JSC;
@@ -170,6 +170,7 @@
#include "PaintWorkletGlobalScope.h"
#include "Performance.h"
#include "PerformanceNavigationTiming.h"
#include "PingLoader.h"
#include "PlatformLocale.h"
#include "PlatformMediaSessionManager.h"
#include "PlatformScreen.h"
@@ -255,6 +256,7 @@
#include "UndoManager.h"
#include "UserGestureIndicator.h"
#include "ValidationMessageClient.h"
#include "ViolationReportType.h"
#include "VisibilityChangeClient.h"
#include "VisitedLinkState.h"
#include "VisualViewport.h"
@@ -9269,6 +9271,12 @@ String Document::endpointURIForToken(const String& token) const
return reportingScope().endpointURIForToken(token);
}

void Document::sendReportToEndpoints(const URL& baseURL, Vector<String>&& endPoints, Ref<FormData>&& report, ViolationReportType reportType)
{
for (const auto& url : endPoints)
PingLoader::sendViolationReport(*frame(), URL { baseURL, url }, report.copyRef(), reportType);
}

} // namespace WebCore

#undef DOCUMENT_RELEASE_LOG
@@ -270,6 +270,7 @@ enum class ShouldOpenExternalURLsPolicy : uint8_t;
enum class RenderingUpdateStep : uint32_t;
enum class StyleColorOptions : uint8_t;
enum class MutationObserverOptionType : uint8_t;
enum class ViolationReportType : uint8_t;

using MediaProducerMediaStateFlags = OptionSet<MediaProducerMediaState>;
using MediaProducerMutedStateFlags = OptionSet<MediaProducerMutedState>;
@@ -1831,6 +1832,7 @@ class Document

void notifyReportObservers(Ref<Report>&&) final;
String endpointURIForToken(const String&) const final;
void sendReportToEndpoints(const URL& baseURL, Vector<String>&& endPoints, Ref<FormData>&& report, ViolationReportType) final;

const Ref<const Settings> m_settings;

@@ -93,6 +93,7 @@
#include "TextResourceDecoder.h"
#include "UserContentProvider.h"
#include "UserContentURLPattern.h"
#include "ViolationReportType.h"
#include <wtf/Assertions.h>
#include <wtf/CompletionHandler.h>
#include <wtf/NeverDestroyed.h>
@@ -2473,11 +2474,6 @@ void DocumentLoader::addConsoleMessage(MessageSource messageSource, MessageLevel
static_cast<ScriptExecutionContext*>(m_frame->document())->addConsoleMessage(messageSource, messageLevel, message, requestIdentifier);
}

void DocumentLoader::sendCSPViolationReport(URL&& reportURL, Ref<FormData>&& report)
{
PingLoader::sendViolationReport(*m_frame, WTFMove(reportURL), WTFMove(report), ViolationReportType::ContentSecurityPolicy);
}

void DocumentLoader::enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEventInit&& eventInit)
{
m_frame->document()->enqueueSecurityPolicyViolationEvent(WTFMove(eventInit));
@@ -563,7 +563,6 @@ class DocumentLoader

// ContentSecurityPolicyClient
WEBCORE_EXPORT void addConsoleMessage(MessageSource, MessageLevel, const String&, unsigned long requestIdentifier) final;
WEBCORE_EXPORT void sendCSPViolationReport(URL&&, Ref<FormData>&&) final;
WEBCORE_EXPORT void enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEventInit&&) final;

bool disallowWebArchive() const;
@@ -57,6 +57,7 @@
#include "SecurityOrigin.h"
#include "SecurityPolicy.h"
#include "UserContentController.h"
#include "ViolationReportType.h"
#include <wtf/text/CString.h>

namespace WebCore {
@@ -172,6 +173,7 @@ void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<For
request.setHTTPContentType("application/csp-report"_s);
break;
case ViolationReportType::StandardReportingAPIViolation:
case ViolationReportType::Test:
request.setHTTPContentType("application/reports+json"_s);
break;
}
@@ -184,7 +186,7 @@ void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<For

HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();

if (reportType != ViolationReportType::StandardReportingAPIViolation)
if (reportType != ViolationReportType::StandardReportingAPIViolation && reportType != ViolationReportType::Test)
frame.loader().updateRequestAndAddExtraFields(request, IsMainResource::No);

String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), reportURL, frame.loader().outgoingReferrer());
@@ -213,7 +215,7 @@ void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeade
options.cache = FetchOptions::Cache::NoCache;

// https://www.w3.org/TR/reporting/#try-delivery
if (violationReportType == ViolationReportType::StandardReportingAPIViolation) {
if (violationReportType == ViolationReportType::StandardReportingAPIViolation || violationReportType == ViolationReportType::Test) {
options.credentials = FetchOptions::Credentials::SameOrigin;
options.mode = FetchOptions::Mode::Cors;
options.serviceWorkersMode = ServiceWorkersMode::None;
@@ -45,12 +45,8 @@ class Frame;
class HTTPHeaderMap;
class ResourceRequest;

enum class ViolationReportType : uint8_t {
ContentSecurityPolicy,
StandardReportingAPIViolation // https://www.w3.org/TR/reporting/#try-delivery
};

enum class ContentSecurityPolicyImposition : uint8_t;
enum class ViolationReportType : uint8_t;

class PingLoader {
public:
@@ -44,7 +44,7 @@ const AtomString& CSPViolationReportBody::cspReportType()
}

CSPViolationReportBody::CSPViolationReportBody(Init&& init)
: ReportBody(ReportBodyType::CSPViolation)
: ReportBody(ViolationReportType::ContentSecurityPolicy)
, m_documentURL(WTFMove(init.documentURI))
, m_referrer(init.referrer.isNull() ? emptyString() : WTFMove(init.referrer))
, m_blockedURL(WTFMove(init.blockedURI))
@@ -27,6 +27,7 @@

#include "ReportBody.h"
#include "SecurityPolicyViolationEvent.h"
#include "ViolationReportType.h"
#include <wtf/IsoMalloc.h>

namespace WebCore {
@@ -114,5 +115,5 @@ std::optional<RefPtr<CSPViolationReportBody>> CSPViolationReportBody::decode(Dec
} // namespace WebCore

SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::CSPViolationReportBody)
static bool isType(const WebCore::ReportBody& reportBody) { return reportBody.reportBodyType() == WebCore::ReportBodyType::CSPViolation; }
static bool isType(const WebCore::ReportBody& reportBody) { return reportBody.reportBodyType() == WebCore::ViolationReportType::ContentSecurityPolicy; }
SPECIALIZE_TYPE_TRAITS_END()
@@ -56,6 +56,7 @@
#include "SecurityPolicyViolationEvent.h"
#include "Settings.h"
#include "SubresourceIntegrity.h"
#include "ViolationReportType.h"
#include "WorkerGlobalScope.h"
#include <JavaScriptCore/ScriptCallStack.h>
#include <JavaScriptCore/ScriptCallStackFactory.h>
@@ -881,18 +882,15 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
if (reportURIs.isEmpty())
return;

RELEASE_ASSERT(m_reportingClient || (!m_client && !m_scriptExecutionContext));
if (!m_reportingClient)
return;

auto reportURL = m_documentURL ? m_documentURL.value().strippedForUseAsReferrer() : blockedURI;

auto report = CSPViolationReportBody::createReportFormDataForViolation(info, usesReportTo, violatedDirectiveList.isReportOnly(), effectiveViolatedDirective, m_referrer, violatedDirectiveList.header(), blockedURI, httpStatusCode);

if (m_client) {
for (const auto& url : reportURIs)
m_client->sendCSPViolationReport(URL { m_protectedURL, url }, report.copyRef());
} else {
auto& document = downcast<Document>(*m_scriptExecutionContext);
for (const auto& url : reportURIs)
PingLoader::sendViolationReport(*document.frame(), URL { m_protectedURL, url }, report.copyRef(), ViolationReportType::ContentSecurityPolicy);
}
m_reportingClient->sendReportToEndpoints(m_protectedURL, WTFMove(reportURIs), WTFMove(report), ViolationReportType::ContentSecurityPolicy);
}

void ContentSecurityPolicy::reportUnsupportedDirective(const String& name) const
@@ -51,7 +51,6 @@ struct WEBCORE_EXPORT ContentSecurityPolicyClient {
virtual ~ContentSecurityPolicyClient() = default;

virtual void addConsoleMessage(MessageSource, MessageLevel, const String&, unsigned long requestIdentifier = 0) = 0;
virtual void sendCSPViolationReport(URL&&, Ref<FormData>&&) = 0;
virtual void enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEventInit&&) = 0;
};

0 comments on commit 2e2acc4

Please sign in to comment.