third_party/blink/renderer/core/html/parser/xss_auditor_delegate.cc

/*
 * Copyright (C) 2013 Google, Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "third_party/blink/renderer/core/html/parser/xss_auditor_delegate.h"

#include "third_party/blink/renderer/core/dom/document.h"
#include "third_party/blink/renderer/core/frame/local_frame.h"
#include "third_party/blink/renderer/core/frame/local_frame_client.h"
#include "third_party/blink/renderer/core/frame/use_counter.h"
#include "third_party/blink/renderer/core/inspector/console_message.h"
#include "third_party/blink/renderer/core/loader/document_loader.h"
#include "third_party/blink/renderer/core/loader/frame_loader.h"
#include "third_party/blink/renderer/core/loader/navigation_scheduler.h"
#include "third_party/blink/renderer/core/loader/ping_loader.h"
#include "third_party/blink/renderer/platform/json/json_values.h"
#include "third_party/blink/renderer/platform/loader/fetch/resource_error.h"
#include "third_party/blink/renderer/platform/network/encoded_form_data.h"
#include "third_party/blink/renderer/platform/weborigin/security_origin.h"
#include "third_party/blink/renderer/platform/wtf/text/string_builder.h"

namespace blink {

String XSSInfo::BuildConsoleError() const {
  StringBuilder message;
  message.Append("The XSS Auditor ");
  message.Append(did_block_entire_page_ ? "blocked access to"
                                        : "refused to execute a script in");
  message.Append(" '");
  message.Append(original_url_);
  message.Append("' because ");
  message.Append(did_block_entire_page_ ? "the source code of a script"
                                        : "its source code");
  message.Append(" was found within the request.");

  if (did_send_xss_protection_header_)
    message.Append(
        " The server sent an 'X-XSS-Protection' header requesting this "
        "behavior.");
  else
    message.Append(
        " The auditor was enabled as the server did not send an "
        "'X-XSS-Protection' header.");

  return message.ToString();
}

XSSAuditorDelegate::XSSAuditorDelegate(Document* document)
    : document_(document), did_send_notifications_(false) {
  DCHECK(IsMainThread());
  DCHECK(document_);
}

void XSSAuditorDelegate::Trace(blink::Visitor* visitor) {
  visitor->Trace(document_);
}

scoped_refptr<EncodedFormData> XSSAuditorDelegate::GenerateViolationReport(
    const XSSInfo& xss_info) {
  DCHECK(IsMainThread());

  FrameLoader& frame_loader = document_->GetFrame()->Loader();
  String http_body;
  if (frame_loader.GetDocumentLoader()) {
    if (EncodedFormData* form_data =
            frame_loader.GetDocumentLoader()->OriginalRequest().HttpBody())
      http_body = form_data->FlattenToString();
  }

  std::unique_ptr<JSONObject> report_details = JSONObject::Create();
  report_details->SetString("request-url", xss_info.original_url_);
  report_details->SetString("request-body", http_body);

  std::unique_ptr<JSONObject> report_object = JSONObject::Create();
  report_object->SetObject("xss-report", std::move(report_details));

  return EncodedFormData::Create(report_object->ToJSONString().Utf8().data());
}

void XSSAuditorDelegate::DidBlockScript(const XSSInfo& xss_info) {
  DCHECK(IsMainThread());

  UseCounter::Count(document_, xss_info.did_block_entire_page_
                                   ? WebFeature::kXSSAuditorBlockedEntirePage
                                   : WebFeature::kXSSAuditorBlockedScript);

  document_->AddConsoleMessage(ConsoleMessage::Create(
      kJSMessageSource, kErrorMessageLevel, xss_info.BuildConsoleError()));

  LocalFrame* local_frame = document_->GetFrame();
  FrameLoader& frame_loader = local_frame->Loader();
  if (xss_info.did_block_entire_page_)
    frame_loader.StopAllLoaders();

  if (!did_send_notifications_ && local_frame->Client()) {
    did_send_notifications_ = true;

    if (!report_url_.IsEmpty())
      PingLoader::SendViolationReport(local_frame, report_url_,
                                      GenerateViolationReport(xss_info),
                                      PingLoader::kXSSAuditorViolationReport);
  }

  if (xss_info.did_block_entire_page_) {
    local_frame->GetNavigationScheduler().SchedulePageBlock(
        document_, ResourceError::BlockedByXSSAuditorErrorCode());
  }
}

}  // namespace blink