buzzert/Attractor
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Implement actual policy

Browse Source
This commit is contained in:
James Magahern
2021-10-21 13:24:58 -07:00
parent 70486c49de
commit fc7380ed21
6 changed files with 109 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
SBrowserProcessBundle/SBRProcessPlugin.m
View File

@@ -9,11 +9,13 @@
#import "SBRWebProcessDelegate.h"
#import "SBRWebProcessProxy.h"
#import "SBRScriptPolicy.h"
#import <WebKit/_WKRemoteObjectInterface.h>
#import <WebKit/_WKRemoteObjectRegistry.h>
#import <WebKit/WKWebProcessPlugInBrowserContextController.h>
#import <WebKit/WKWebProcessPlugInBrowserContextControllerPrivate.h>
#import <WebKit/WKWebProcessPlugInFrame.h>
#import <WebKit/WKWebProcessPlugInLoadDelegate.h>
@interface SBRProcessPlugin () <WKWebProcessPlugInLoadDelegate, SBRWebProcessProxy>
@@ -61,6 +63,7 @@
{
_allowedResourceOrigins = [[plugInController parameters] valueForKey:SBRGetAllowedOriginsKey()];
_allScriptsAllowed = [[[plugInController parameters] valueForKey:SBRGetAllScriptsAllowedKey()] boolValue];
_policyTypeByOrigin = [[plugInController parameters] valueForKey:SBRGetPolicyTypeByOriginKey()];
NSLog(@"SBRProcessPlugin: %lu origins allowed, all scripts allowed: %@ ", (unsigned long)_allowedResourceOrigins.count, _allScriptsAllowed ? @"YES" : @"NO");
}
@@ -87,15 +90,20 @@
}
NSURL *requestURL = [request URL];
NSString *originString = [requestURL host];
NSString *resourceOrigin = [requestURL host];
NSString *requestExtension = [requestURL pathExtension];
NSString *hostOrigin = [[[controller mainFrame] URL] host];
if (requestExtension.length > 0 && [requestExtension isEqualToString:@"js"]) {
if ([self allScriptsAllowed] || [_allowedResourceOrigins containsObject:originString]) {
NSLog(@"SBRProcessPlugin: Allowing whitelisted requestURL: %@", requestURL);
[[self processDelegate] webProcessDidAllowScriptWithOrigin:originString];
NSNumber *policyType = [_policyTypeByOrigin objectForKey:hostOrigin];
NSLog(@"SBRProcessPlugin: Policy type for %@: %@", hostOrigin, policyType);
SBRScriptPolicy *policy = [[SBRScriptPolicy alloc] initWithSecurityOrigin:hostOrigin policyType:[policyType integerValue]];
if ([self allScriptsAllowed] || [policy allowsExternalJavaScriptResourceOrigin:resourceOrigin]) {
NSLog(@"SBRProcessPlugin: Policy allows script requestURL: %@", requestURL);
[[self processDelegate] webProcessDidAllowScriptWithOrigin:resourceOrigin];
} else {
NSLog(@"SBRProcessPlugin: Blocking requestURL: %@", requestURL);
[[self processDelegate] webProcessDidBlockScriptWithOrigin:originString];
NSLog(@"SBRProcessPlugin: Policy disallows script requestURL: %@", requestURL);
[[self processDelegate] webProcessDidBlockScriptWithOrigin:resourceOrigin];
request = nil;
}