haikuwebkit/Source/WebCore/loader/SubresourceIntegrity.h

/*
 * Copyright (C) 2017 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 */

#pragma once

#include <wtf/Forward.h>

namespace WebCore {

class CachedResource;

bool matchIntegrityMetadata(const CachedResource&, const String& integrityMetadata);
String integrityMismatchDescription(const CachedResource&, const String& integrityMetadata);

}
Implement Subresource Integrity (SRI) https://bugs.webkit.org/show_bug.cgi?id=148363 LayoutTests/imported/w3c: Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. * web-platform-tests/html/dom/reflection-metadata-expected.txt: * web-platform-tests/html/dom/reflection-misc-expected.txt: Update results now that we support the reflected 'integrity' property. Source/WebCore: <rdar://problem/18945879> Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. Tests: http/tests/subresource-integrity/sri-disabled-with-setting.html http/tests/subresource-integrity/sri-enabled-with-setting.html http/tests/subresource-integrity/sri-script-cors.html http/tests/subresource-integrity/sri-style-cors.html * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: Add new files. * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::create): (WebCore::LoadableClassicScript::notifyFinished): * dom/LoadableClassicScript.h: * dom/LoadableScript.h: * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestClassicScript): Store integrity metadata in the script fetcher so it can be passed to the checked when script load finishes. * html/HTMLAttributeNames.in: Add 'integrity'. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): When requesting a stylesheet, cache the integrity metadata so it can be used when the load completes (accessing the attribute at load completion time is incorrect, as a script might have changed the attributes value since the request was made). (WebCore::HTMLLinkElement::setCSSStyleSheet): Add an integrity check using the cached integrity metadata when a load finishes. * html/HTMLLinkElement.h: Add cached integrity metadata member. * html/HTMLLinkElement.idl: * html/HTMLScriptElement.idl: Add integrity property. * html/parser/HTMLParserIdioms.h: (WebCore::isNotHTMLSpace): Templatize isNotHTMLSpace so it can work for both UChar and LChar. * loader/ResourceCryptographicDigest.cpp: (WebCore::parseCryptographicDigestImpl): (WebCore::parseEncodedCryptographicDigestImpl): (WebCore::parseEncodedCryptographicDigest): (WebCore::decodeEncodedResourceCryptographicDigest): * loader/ResourceCryptographicDigest.h: Add concept of an encoded digest to more closely model the spec so that hashes that match the grammar but are invalid (say, mixing base64 and base64URL) make it through the algorithm longer, and don't cause us to load something that should be blocked. * loader/SubresourceIntegrity.cpp: Added. * loader/SubresourceIntegrity.h: Added. Add implementation of Subresource Integrity metadata validation allowing for a CachedResource and integrity metadata to be passed for validation. * page/Settings.in: Add setting for Subresource Integrity, defaulted to enabled. LayoutTests: <rdar://problem/18945879> Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. Add tests for Subresource Integrity based off the ones from Web Platform Tests. They have been changed to: - Split <link> and <script> testing. - Add additional tests: - Integrity hashes using base64URL encoding. - Integrity hashes using mixed base64 and base64URL encoding. - Integrity metadata that does not conform to the grammar at all. - Multiple valid, but only one matching, integrity hashes. - Non-matching integrity hash with options. - Run one at a time, so console output is consistent. We can/should upstream these changes, but this avoids the possibility that an update of the imported web-platform-tests could cause these tests to fail. Also adds tests that show the Subresource Integrity setting works correctly. * http/tests/subresource-integrity: Added. * http/tests/subresource-integrity/.htaccess: Added. * http/tests/subresource-integrity/resources: Added. * http/tests/subresource-integrity/resources/alternate.css: Added. * http/tests/subresource-integrity/resources/crossorigin-anon-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-anon-style.css: Added. * http/tests/subresource-integrity/resources/crossorigin-creds-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-creds-style.css: Added. * http/tests/subresource-integrity/resources/crossorigin-ineligible-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-ineligible-style.css: Added. * http/tests/subresource-integrity/resources/matching-digest.js: Added. * http/tests/subresource-integrity/resources/non-matching-digest.js: Added. * http/tests/subresource-integrity/resources/sri-utilities.js: Added. * http/tests/subresource-integrity/resources/style.css: Added. * http/tests/subresource-integrity/sri-disabled-with-setting-expected.txt: Added. * http/tests/subresource-integrity/sri-disabled-with-setting.html: Added. * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt: Added. * http/tests/subresource-integrity/sri-enabled-with-setting.html: Added. * http/tests/subresource-integrity/sri-script-expected.txt: Added. * http/tests/subresource-integrity/sri-script.html: Added. * http/tests/subresource-integrity/sri-style-expected.txt: Added. * http/tests/subresource-integrity/sri-style.html: Added. Canonical link: https://commits.webkit.org/188700@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216347 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-05-07 10:24:48 +00:00			`/*`
			`* Copyright (C) 2017 Apple Inc. All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`*`
			* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
			`* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,`
			`* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR`
			`* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS`
			`* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR`
			`* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF`
			`* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS`
			`* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN`
			`* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF`
			`* THE POSSIBILITY OF SUCH DAMAGE.`
			`*/`

			`#pragma once`

			`#include <wtf/Forward.h>`

			`namespace WebCore {`

			`class CachedResource;`

			`bool matchIntegrityMetadata(const CachedResource&, const String& integrityMetadata);`
Add more information to SRI failure console messages https://bugs.webkit.org/show_bug.cgi?id=203383 Patch by Alex Christensen <achristensen@webkit.org> on 2019-10-24 Reviewed by Geoff Garen. Source/WebCore: * bindings/js/ScriptModuleLoader.cpp: (WebCore::ScriptModuleLoader::notifyFinished): * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::notifyFinished): * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::didFinishLoading): (WebCore::DocumentThreadableLoader::reportIntegrityMetadataError): * loader/DocumentThreadableLoader.h: * loader/SubresourceIntegrity.cpp: (WebCore::integrityMismatchDescription): * loader/SubresourceIntegrity.h: LayoutTests: * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt: * http/tests/subresource-integrity/sri-module-expected.txt: * http/tests/subresource-integrity/sri-script-expected.txt: * http/tests/subresource-integrity/sri-style-expected.txt: Canonical link: https://commits.webkit.org/216809@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@251582 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-10-25 05:05:54 +00:00			`String integrityMismatchDescription(const CachedResource&, const String& integrityMetadata);`
Implement Subresource Integrity (SRI) https://bugs.webkit.org/show_bug.cgi?id=148363 LayoutTests/imported/w3c: Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. * web-platform-tests/html/dom/reflection-metadata-expected.txt: * web-platform-tests/html/dom/reflection-misc-expected.txt: Update results now that we support the reflected 'integrity' property. Source/WebCore: <rdar://problem/18945879> Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. Tests: http/tests/subresource-integrity/sri-disabled-with-setting.html http/tests/subresource-integrity/sri-enabled-with-setting.html http/tests/subresource-integrity/sri-script-cors.html http/tests/subresource-integrity/sri-style-cors.html * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: Add new files. * dom/LoadableClassicScript.cpp: (WebCore::LoadableClassicScript::create): (WebCore::LoadableClassicScript::notifyFinished): * dom/LoadableClassicScript.h: * dom/LoadableScript.h: * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestClassicScript): Store integrity metadata in the script fetcher so it can be passed to the checked when script load finishes. * html/HTMLAttributeNames.in: Add 'integrity'. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): When requesting a stylesheet, cache the integrity metadata so it can be used when the load completes (accessing the attribute at load completion time is incorrect, as a script might have changed the attributes value since the request was made). (WebCore::HTMLLinkElement::setCSSStyleSheet): Add an integrity check using the cached integrity metadata when a load finishes. * html/HTMLLinkElement.h: Add cached integrity metadata member. * html/HTMLLinkElement.idl: * html/HTMLScriptElement.idl: Add integrity property. * html/parser/HTMLParserIdioms.h: (WebCore::isNotHTMLSpace): Templatize isNotHTMLSpace so it can work for both UChar and LChar. * loader/ResourceCryptographicDigest.cpp: (WebCore::parseCryptographicDigestImpl): (WebCore::parseEncodedCryptographicDigestImpl): (WebCore::parseEncodedCryptographicDigest): (WebCore::decodeEncodedResourceCryptographicDigest): * loader/ResourceCryptographicDigest.h: Add concept of an encoded digest to more closely model the spec so that hashes that match the grammar but are invalid (say, mixing base64 and base64URL) make it through the algorithm longer, and don't cause us to load something that should be blocked. * loader/SubresourceIntegrity.cpp: Added. * loader/SubresourceIntegrity.h: Added. Add implementation of Subresource Integrity metadata validation allowing for a CachedResource and integrity metadata to be passed for validation. * page/Settings.in: Add setting for Subresource Integrity, defaulted to enabled. LayoutTests: <rdar://problem/18945879> Patch by Sam Weinig <sam@webkit.org> on 2017-05-07 Reviewed by Daniel Bates. Add tests for Subresource Integrity based off the ones from Web Platform Tests. They have been changed to: - Split <link> and <script> testing. - Add additional tests: - Integrity hashes using base64URL encoding. - Integrity hashes using mixed base64 and base64URL encoding. - Integrity metadata that does not conform to the grammar at all. - Multiple valid, but only one matching, integrity hashes. - Non-matching integrity hash with options. - Run one at a time, so console output is consistent. We can/should upstream these changes, but this avoids the possibility that an update of the imported web-platform-tests could cause these tests to fail. Also adds tests that show the Subresource Integrity setting works correctly. * http/tests/subresource-integrity: Added. * http/tests/subresource-integrity/.htaccess: Added. * http/tests/subresource-integrity/resources: Added. * http/tests/subresource-integrity/resources/alternate.css: Added. * http/tests/subresource-integrity/resources/crossorigin-anon-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-anon-style.css: Added. * http/tests/subresource-integrity/resources/crossorigin-creds-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-creds-style.css: Added. * http/tests/subresource-integrity/resources/crossorigin-ineligible-script.js: Added. * http/tests/subresource-integrity/resources/crossorigin-ineligible-style.css: Added. * http/tests/subresource-integrity/resources/matching-digest.js: Added. * http/tests/subresource-integrity/resources/non-matching-digest.js: Added. * http/tests/subresource-integrity/resources/sri-utilities.js: Added. * http/tests/subresource-integrity/resources/style.css: Added. * http/tests/subresource-integrity/sri-disabled-with-setting-expected.txt: Added. * http/tests/subresource-integrity/sri-disabled-with-setting.html: Added. * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt: Added. * http/tests/subresource-integrity/sri-enabled-with-setting.html: Added. * http/tests/subresource-integrity/sri-script-expected.txt: Added. * http/tests/subresource-integrity/sri-script.html: Added. * http/tests/subresource-integrity/sri-style-expected.txt: Added. * http/tests/subresource-integrity/sri-style.html: Added. Canonical link: https://commits.webkit.org/188700@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216347 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-05-07 10:24:48 +00:00
			`}`