-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WebEngine] Add Header verification for js-execution
Change-Id: I5680cf9ac1bb39a7ad6db15e04db9f6d2903762a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4200665 Reviewed-by: Peter Conn <peconn@chromium.org> Reviewed-by: Rayan Kanso <rayankans@chromium.org> Commit-Queue: Susanne Westphal <swestphal@chromium.org> Cr-Commit-Position: refs/heads/main@{#1100585}
- Loading branch information
1 parent
0ef3d94
commit d9efaf8
Showing
18 changed files
with
259 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
components/digital_asset_links/response_header_verifier.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "components/digital_asset_links/response_header_verifier.h" | ||
|
||
#include <stdio.h> | ||
|
||
#include "base/containers/contains.h" | ||
#include "base/strings/string_split.h" | ||
|
||
namespace { | ||
const char kNormalizedHeaderDelimiter[] = ","; | ||
} // namespace | ||
|
||
namespace digital_asset_links { | ||
|
||
const char kEmbedderAncestorHeader[] = "X-Embedder-Ancestors"; | ||
|
||
// TODO(crbug.com/1376958): Also support fingerprints. | ||
bool ResponseHeaderVerifier::Verify( | ||
const std::string& package_name, | ||
const std::string& embedder_ancestors_header_value) { | ||
// No embedder-ancestor-header defaults to verified. | ||
if (embedder_ancestors_header_value.empty()) { | ||
// TODO(crbug.com/1376958): Set to false if undecided content should be | ||
// treated like explicitly unconsenting content. | ||
return true; | ||
} | ||
|
||
if (embedder_ancestors_header_value == "*") { | ||
return true; | ||
} | ||
if (embedder_ancestors_header_value == "none") { | ||
return false; | ||
} | ||
|
||
std::vector<std::string> allowed_package_names = | ||
SplitString(embedder_ancestors_header_value, kNormalizedHeaderDelimiter, | ||
base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); | ||
|
||
if (base::Contains(allowed_package_names, package_name)) { | ||
return true; | ||
} | ||
|
||
return false; | ||
} | ||
|
||
} // namespace digital_asset_links |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef COMPONENTS_DIGITAL_ASSET_LINKS_RESPONSE_HEADER_VERIFIER_H_ | ||
#define COMPONENTS_DIGITAL_ASSET_LINKS_RESPONSE_HEADER_VERIFIER_H_ | ||
|
||
#include <string> | ||
|
||
namespace digital_asset_links { | ||
|
||
class ResponseHeaderVerifier { | ||
public: | ||
// Verify if the provided |package_name| is verified via the embedder | ||
// ancestor header. | ||
static bool Verify(const std::string& package_name, | ||
const std::string& embedder_ancestors_header_value); | ||
}; | ||
|
||
extern const char kEmbedderAncestorHeader[]; | ||
} // namespace digital_asset_links | ||
|
||
#endif // COMPONENTS_DIGITAL_ASSET_LINKS_RESPONSE_HEADER_VERIFIER_H_ |
42 changes: 42 additions & 0 deletions
42
components/digital_asset_links/response_header_verifier_unittest.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "components/digital_asset_links/response_header_verifier.h" | ||
|
||
#include "testing/gtest/include/gtest/gtest.h" | ||
|
||
namespace digital_asset_links { | ||
|
||
TEST(ResponseHeaderVerifier, VerifyEmptyHeader) { | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify("any.package.name", "")); | ||
} | ||
|
||
TEST(ResponseHeaderVerifier, VerifyStar) { | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify("any.package.name", "*")); | ||
} | ||
|
||
TEST(ResponseHeaderVerifier, VerifyNone) { | ||
EXPECT_FALSE(ResponseHeaderVerifier::Verify("any.package.name", "none")); | ||
} | ||
|
||
TEST(ResponseHeaderVerifier, VerifyListOfPackageNames) { | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify( | ||
"one.package", "one.package, two.package, three.package")); | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify( | ||
"two.package", "one.package, two.package, three.package")); | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify( | ||
"three.package", "one.package, two.package, three.package")); | ||
|
||
EXPECT_FALSE(ResponseHeaderVerifier::Verify( | ||
"unknown.package", "one.package, two.package, three.package")); | ||
EXPECT_FALSE( | ||
ResponseHeaderVerifier::Verify("any.package", "any.package.name")); | ||
|
||
// 'none' and '*' get ignored if package names are listed. | ||
EXPECT_TRUE(ResponseHeaderVerifier::Verify("a.package", "none, a.package")); | ||
EXPECT_FALSE( | ||
ResponseHeaderVerifier::Verify("another.package", "*, a.package")); | ||
} | ||
|
||
} // namespace digital_asset_links |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.