diff options
Diffstat (limited to 'components')
| -rw-r--r-- | components/net/fetch/methods.rs | 78 | ||||
| -rw-r--r-- | components/net/http_loader.rs | 2 | ||||
| -rw-r--r-- | components/net/lib.rs | 2 | ||||
| -rw-r--r-- | components/net/subresource_integrity.rs | 177 | ||||
| -rw-r--r-- | components/net_traits/request.rs | 3 | ||||
| -rw-r--r-- | components/script/dom/htmllinkelement.rs | 16 | ||||
| -rw-r--r-- | components/script/dom/htmlscriptelement.rs | 18 | ||||
| -rw-r--r-- | components/script/dom/webidls/HTMLLinkElement.webidl | 1 | ||||
| -rw-r--r-- | components/script/dom/webidls/HTMLScriptElement.webidl | 1 | ||||
| -rw-r--r-- | components/script/stylesheet_loader.rs | 5 |
10 files changed, 252 insertions, 51 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 0a284ee4016..44a603025b0 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -24,6 +24,7 @@ use std::io::Read; use std::mem; use std::rc::Rc; use std::sync::mpsc::{Sender, Receiver}; +use subresource_integrity::is_response_integrity_valid; pub type Target<'a> = &'a mut (FetchTaskTarget + Send); @@ -268,6 +269,7 @@ pub fn main_fetch(request: Rc<Request>, response }; + let mut response_loaded = false; { // Step 14 let network_error_res; @@ -297,50 +299,33 @@ pub fn main_fetch(request: Rc<Request>, let mut body = internal_response.body.lock().unwrap(); *body = ResponseBody::Empty; } - - // Step 18 - // TODO be able to compare response integrity against request integrity metadata - // if !response.is_network_error() { - - // // Substep 1 - // response.wait_until_done(); - - // // Substep 2 - // if response.termination_reason.is_none() { - // response = Response::network_error(); - // internal_response = Response::network_error(); - // } - // } } + // Step 18 + let response = if !response.is_network_error() && *request.integrity_metadata.borrow() != "" { + // Substep 1 + wait_for_response(&response, target, done_chan); + response_loaded = true; + + // Substep 2 + let ref integrity_metadata = *request.integrity_metadata.borrow(); + if response.termination_reason.is_none() && + !is_response_integrity_valid(integrity_metadata, &response) { + Response::network_error(NetworkError::Internal("Subresource integrity validation failed".into())) + } else { + response + } + } else { + response + }; // Step 19 if request.synchronous { // process_response is not supposed to be used // by sync fetch, but we overload it here for simplicity target.process_response(&response); - - if let Some(ref ch) = *done_chan { - loop { - match ch.1.recv() - .expect("fetch worker should always send Done before terminating") { - Data::Payload(vec) => { - target.process_response_chunk(vec); - } - Data::Done => break, - } - } - } else { - let body = response.body.lock().unwrap(); - if let ResponseBody::Done(ref vec) = *body { - // in case there was no channel to wait for, the body was - // obtained synchronously via basic_fetch for data/file/about/etc - // We should still send the body across as a chunk - target.process_response_chunk(vec.clone()); - } else { - assert!(*body == ResponseBody::Empty) - } + if !response_loaded { + wait_for_response(&response, target, done_chan); } - // overloaded similarly to process_response target.process_response_eof(&response); return response; @@ -360,13 +345,25 @@ pub fn main_fetch(request: Rc<Request>, target.process_response(&response); // Step 22 + if !response_loaded { + wait_for_response(&response, target, done_chan); + } + + // Step 24 + target.process_response_eof(&response); + + // TODO remove this line when only asynchronous fetches are used + return response; +} + +fn wait_for_response(response: &Response, target: Target, done_chan: &mut DoneChannel) { if let Some(ref ch) = *done_chan { loop { match ch.1.recv() .expect("fetch worker should always send Done before terminating") { Data::Payload(vec) => { target.process_response_chunk(vec); - } + }, Data::Done => break, } } @@ -381,12 +378,6 @@ pub fn main_fetch(request: Rc<Request>, assert!(*body == ResponseBody::Empty) } } - - // Step 24 - target.process_response_eof(&response); - - // TODO remove this line when only asynchronous fetches are used - return response; } /// [Basic fetch](https://fetch.spec.whatwg.org#basic-fetch) @@ -518,3 +509,4 @@ fn is_null_body_status(status: &Option<StatusCode>) -> bool { _ => false } } + diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index de066b8248e..63fa745707b 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -1378,7 +1378,7 @@ fn cors_check(request: Rc<Request>, response: &Response) -> Result<(), ()> { } // Step 6 - let credentials = request.headers.borrow().get::<AccessControlAllowCredentials>().cloned(); + let credentials = response.headers.get::<AccessControlAllowCredentials>().cloned(); // Step 7 if credentials.is_some() { diff --git a/components/net/lib.rs b/components/net/lib.rs index 098c0ba540c..57ff2af1a0e 100644 --- a/components/net/lib.rs +++ b/components/net/lib.rs @@ -60,8 +60,8 @@ pub mod image_cache_thread; pub mod mime_classifier; pub mod resource_thread; mod storage_thread; +pub mod subresource_integrity; mod websocket_loader; - /// An implementation of the [Fetch specification](https://fetch.spec.whatwg.org/) pub mod fetch { pub mod cors_cache; diff --git a/components/net/subresource_integrity.rs b/components/net/subresource_integrity.rs new file mode 100644 index 00000000000..7268edbf80e --- /dev/null +++ b/components/net/subresource_integrity.rs @@ -0,0 +1,177 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +use net_traits::response::{Response, ResponseBody, ResponseType}; +use openssl::crypto::hash::{hash, Type as MessageDigest}; +use rustc_serialize::base64::{STANDARD, ToBase64}; +use std::iter::Filter; +use std::str::Split; +use std::sync::MutexGuard; +const SUPPORTED_ALGORITHM: &'static [&'static str] = &[ + "sha256", + "sha384", + "sha512", +]; +pub type StaticCharVec = &'static [char]; +/// A "space character" according to: +/// +/// https://html.spec.whatwg.org/multipage/#space-character +pub static HTML_SPACE_CHARACTERS: StaticCharVec = &[ + '\u{0020}', + '\u{0009}', + '\u{000a}', + '\u{000c}', + '\u{000d}', +]; +#[derive(Clone)] +pub struct SriEntry { + pub alg: String, + pub val: String, + // TODO : Current version of spec does not define any option. + // Can be refactored into appropriate datastructure when future + // spec has more details. + pub opt: Option<String>, +} + +impl SriEntry { + pub fn new(alg: &str, val: &str, opt: Option<String>) -> SriEntry { + SriEntry { + alg: alg.to_owned(), + val: val.to_owned(), + opt: opt, + } + } +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata +pub fn parsed_metadata(integrity_metadata: &str) -> Vec<SriEntry> { + // Step 1 + let mut result = vec![]; + + // Step 3 + let tokens = split_html_space_chars(integrity_metadata); + for token in tokens { + let parsed_data: Vec<&str> = token.split("-").collect(); + + if parsed_data.len() > 1 { + let alg = parsed_data[0]; + + if !SUPPORTED_ALGORITHM.contains(&alg) { + continue; + } + + let data: Vec<&str> = parsed_data[1].split("?").collect(); + let digest = data[0]; + + let opt = if data.len() > 1 { + Some(data[1].to_owned()) + } else { + None + }; + + result.push(SriEntry::new(alg, digest, opt)); + } + } + + return result; +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#getprioritizedhashfunction +pub fn get_prioritized_hash_function(hash_func_left: &str, hash_func_right: &str) -> Option<String> { + let left_priority = SUPPORTED_ALGORITHM.iter().position(|s| s.to_owned() == hash_func_left).unwrap(); + let right_priority = SUPPORTED_ALGORITHM.iter().position(|s| s.to_owned() == hash_func_right).unwrap(); + + if left_priority == right_priority { + return None; + } + if left_priority > right_priority { + Some(hash_func_left.to_owned()) + } else { + Some(hash_func_right.to_owned()) + } + +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#get-the-strongest-metadata +pub fn get_strongest_metadata(integrity_metadata_list: Vec<SriEntry>) -> Vec<SriEntry> { + let mut result: Vec<SriEntry> = vec![integrity_metadata_list[0].clone()]; + let mut current_algorithm = result[0].alg.clone(); + + for integrity_metadata in &integrity_metadata_list[1..] { + let prioritized_hash = get_prioritized_hash_function(&integrity_metadata.alg, + &*current_algorithm); + if prioritized_hash.is_none() { + result.push(integrity_metadata.clone()); + } else if let Some(algorithm) = prioritized_hash { + if algorithm != current_algorithm { + result = vec![integrity_metadata.clone()]; + current_algorithm = algorithm; + } + } + } + + result +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#apply-algorithm-to-response +fn apply_algorithm_to_response(body: MutexGuard<ResponseBody>, + message_digest: MessageDigest) + -> String { + if let ResponseBody::Done(ref vec) = *body { + let response_digest = hash(message_digest, vec); + response_digest.to_base64(STANDARD) + } else { + unreachable!("Tried to calculate digest of incomplete response body") + } +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#is-response-eligible +fn is_eligible_for_integrity_validation(response: &Response) -> bool { + match response.response_type { + ResponseType::Basic | ResponseType::Default | ResponseType::Cors => true, + _ => false, + } +} + +/// https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist +pub fn is_response_integrity_valid(integrity_metadata: &str, response: &Response) -> bool { + let parsed_metadata_list: Vec<SriEntry> = parsed_metadata(integrity_metadata); + + // Step 2 & 4 + if parsed_metadata_list.is_empty() { + return true; + } + + // Step 3 + if !is_eligible_for_integrity_validation(response) { + return false; + } + + // Step 5 + let metadata: Vec<SriEntry> = get_strongest_metadata(parsed_metadata_list); + for item in metadata { + let body = response.body.lock().unwrap(); + let algorithm = item.alg; + let digest = item.val; + + let message_digest = match &*algorithm { + "sha256" => MessageDigest::SHA256, + "sha384" => MessageDigest::SHA384, + "sha512" => MessageDigest::SHA512, + _ => continue, + }; + + if apply_algorithm_to_response(body, message_digest) == digest { + return true; + } + } + + false +} + +pub fn split_html_space_chars<'a>(s: &'a str) -> + Filter<Split<'a, StaticCharVec>, fn(&&str) -> bool> { + fn not_empty(&split: &&str) -> bool { !split.is_empty() } + s.split(HTML_SPACE_CHARACTERS).filter(not_empty as fn(&&str) -> bool) +} diff --git a/components/net_traits/request.rs b/components/net_traits/request.rs index d082f20b422..13a0ece3c0b 100644 --- a/components/net_traits/request.rs +++ b/components/net_traits/request.rs @@ -158,6 +158,7 @@ pub struct RequestInit { pub referrer_policy: Option<ReferrerPolicy>, pub pipeline_id: Option<PipelineId>, pub redirect_mode: RedirectMode, + pub integrity_metadata: String, } impl Default for RequestInit { @@ -181,6 +182,7 @@ impl Default for RequestInit { referrer_policy: None, pipeline_id: None, redirect_mode: RedirectMode::Follow, + integrity_metadata: "".to_owned(), } } } @@ -291,6 +293,7 @@ impl Request { req.referrer_policy.set(init.referrer_policy); req.pipeline_id.set(init.pipeline_id); req.redirect_mode.set(init.redirect_mode); + *req.integrity_metadata.borrow_mut() = init.integrity_metadata; req } diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs index ee4ee4718cf..24b4e779099 100644 --- a/components/script/dom/htmllinkelement.rs +++ b/components/script/dom/htmllinkelement.rs @@ -243,16 +243,24 @@ impl HTMLLinkElement { Some(ref value) => &***value, None => "", }; + let mut css_parser = CssParser::new(&mq_str); let media = parse_media_query_list(&mut css_parser); + let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity")); + let integrity_val = im_attribute.r().map(|a| a.value()); + let integrity_metadata = match integrity_val { + Some(ref value) => &***value, + None => "", + }; + // TODO: #8085 - Don't load external stylesheets if the node's mq // doesn't match. let loader = StylesheetLoader::for_element(self.upcast()); loader.load(StylesheetContextSource::LinkElement { url: url, media: Some(media), - }); + }, integrity_metadata.to_owned()); } fn handle_favicon_url(&self, rel: &str, href: &str, sizes: &Option<String>) { @@ -328,6 +336,12 @@ impl HTMLLinkElementMethods for HTMLLinkElement { // https://html.spec.whatwg.org/multipage/#dom-link-media make_setter!(SetMedia, "media"); + // https://html.spec.whatwg.org/multipage/#dom-link-integrity + make_getter!(Integrity, "integrity"); + + // https://html.spec.whatwg.org/multipage/#dom-link-integrity + make_setter!(SetIntegrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-link-hreflang make_getter!(Hreflang, "hreflang"); diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 9558d9c4b41..9c2bcfd583c 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -40,7 +40,6 @@ use std::ascii::AsciiExt; use std::cell::Cell; use std::sync::{Arc, Mutex}; use style::str::{HTML_SPACE_CHARACTERS, StaticStringVec}; - #[dom_struct] pub struct HTMLScriptElement { htmlelement: HTMLElement, @@ -221,6 +220,7 @@ impl PreInvoke for ScriptContext {} fn fetch_a_classic_script(script: &HTMLScriptElement, url: ServoUrl, cors_setting: Option<CorsSettings>, + integrity_metadata: String, character_encoding: EncodingRef) { let doc = document_from_node(script); @@ -245,6 +245,7 @@ fn fetch_a_classic_script(script: &HTMLScriptElement, pipeline_id: Some(script.global().pipeline_id()), referrer_url: Some(doc.url()), referrer_policy: doc.get_referrer_policy(), + integrity_metadata: integrity_metadata, .. RequestInit::default() }; @@ -365,7 +366,13 @@ impl HTMLScriptElement { // TODO: Step 15: Nonce. - // TODO: Step 16: Parser state. + // Step 16: Integrity Metadata + let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity")); + let integrity_val = im_attribute.r().map(|a| a.value()); + let integrity_metadata = match integrity_val { + Some(ref value) => &***value, + None => "", + }; // TODO: Step 17: environment settings object. @@ -393,7 +400,7 @@ impl HTMLScriptElement { }; // Step 18.6. - fetch_a_classic_script(self, url, cors_setting, encoding); + fetch_a_classic_script(self, url, cors_setting, integrity_metadata.to_owned(), encoding); true }, @@ -675,6 +682,11 @@ impl HTMLScriptElementMethods for HTMLScriptElement { // https://html.spec.whatwg.org/multipage/#dom-script-defer make_bool_setter!(SetDefer, "defer"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_getter!(Integrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_setter!(SetIntegrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-event make_getter!(Event, "event"); // https://html.spec.whatwg.org/multipage/#dom-script-event diff --git a/components/script/dom/webidls/HTMLLinkElement.webidl b/components/script/dom/webidls/HTMLLinkElement.webidl index e7bec059efe..46b611d3548 100644 --- a/components/script/dom/webidls/HTMLLinkElement.webidl +++ b/components/script/dom/webidls/HTMLLinkElement.webidl @@ -11,6 +11,7 @@ interface HTMLLinkElement : HTMLElement { attribute DOMString media; attribute DOMString hreflang; attribute DOMString type; + attribute DOMString integrity; // [SameObject, PutForwards=value] readonly attribute DOMTokenList sizes; // also has obsolete members diff --git a/components/script/dom/webidls/HTMLScriptElement.webidl b/components/script/dom/webidls/HTMLScriptElement.webidl index 4a0827800ed..0dcc9ddf69a 100644 --- a/components/script/dom/webidls/HTMLScriptElement.webidl +++ b/components/script/dom/webidls/HTMLScriptElement.webidl @@ -12,6 +12,7 @@ interface HTMLScriptElement : HTMLElement { attribute DOMString? crossOrigin; [Pure] attribute DOMString text; + attribute DOMString integrity; // also has obsolete members }; diff --git a/components/script/stylesheet_loader.rs b/components/script/stylesheet_loader.rs index 28c5e86b6b5..db70c9e8ebb 100644 --- a/components/script/stylesheet_loader.rs +++ b/components/script/stylesheet_loader.rs @@ -193,7 +193,7 @@ impl<'a> StylesheetLoader<'a> { } impl<'a> StylesheetLoader<'a> { - pub fn load(&self, source: StylesheetContextSource) { + pub fn load(&self, source: StylesheetContextSource, integrity_metadata: String) { let url = source.url(); let document = document_from_node(self.elem); let context = Arc::new(Mutex::new(StylesheetContext { @@ -234,6 +234,7 @@ impl<'a> StylesheetLoader<'a> { pipeline_id: Some(self.elem.global().pipeline_id()), referrer_url: Some(document.url()), referrer_policy: referrer_policy, + integrity_metadata: integrity_metadata, .. RequestInit::default() }; @@ -243,6 +244,6 @@ impl<'a> StylesheetLoader<'a> { impl<'a> StyleStylesheetLoader for StylesheetLoader<'a> { fn request_stylesheet(&self, import: &Arc<RwLock<ImportRule>>) { - self.load(StylesheetContextSource::Import(import.clone())) + self.load(StylesheetContextSource::Import(import.clone()), "".to_owned()) } } |