Implement actual policy

2021-10-21 13:24:58 -07:00
parent 70486c49de
commit fc7380ed21
6 changed files with 109 additions and 7 deletions
--- a/SBrowserProcessBundle/SBRProcessPlugin.m
+++ b/SBrowserProcessBundle/SBRProcessPlugin.m
@@ -9,11 +9,13 @@

 #import "SBRWebProcessDelegate.h"
 #import "SBRWebProcessProxy.h"
+#import "SBRScriptPolicy.h"

 #import <WebKit/_WKRemoteObjectInterface.h>
 #import <WebKit/_WKRemoteObjectRegistry.h>
 #import <WebKit/WKWebProcessPlugInBrowserContextController.h>
 #import <WebKit/WKWebProcessPlugInBrowserContextControllerPrivate.h>
+#import <WebKit/WKWebProcessPlugInFrame.h>
 #import <WebKit/WKWebProcessPlugInLoadDelegate.h>

@interface SBRProcessPlugin () <WKWebProcessPlugInLoadDelegate, SBRWebProcessProxy>
@@ -61,6 +63,7 @@
 {
    _allowedResourceOrigins = [[plugInController parameters] valueForKey:SBRGetAllowedOriginsKey()];
    _allScriptsAllowed = [[[plugInController parameters] valueForKey:SBRGetAllScriptsAllowedKey()] boolValue];
+    _policyTypeByOrigin = [[plugInController parameters] valueForKey:SBRGetPolicyTypeByOriginKey()];
    NSLog(@"SBRProcessPlugin: %lu origins allowed, all scripts allowed: %@ ", (unsigned long)_allowedResourceOrigins.count, _allScriptsAllowed ? @"YES" : @"NO");
 }

@@ -87,15 +90,20 @@
    }
    
    NSURL *requestURL = [request URL];
-    NSString *originString = [requestURL host];
+    NSString *resourceOrigin = [requestURL host];
    NSString *requestExtension = [requestURL pathExtension];
+    NSString *hostOrigin = [[[controller mainFrame] URL] host];
    if (requestExtension.length > 0 && [requestExtension isEqualToString:@"js"]) {
-        if ([self allScriptsAllowed] || [_allowedResourceOrigins containsObject:originString]) {
-            NSLog(@"SBRProcessPlugin: Allowing whitelisted requestURL: %@", requestURL);
-            [[self processDelegate] webProcessDidAllowScriptWithOrigin:originString];
+        NSNumber *policyType = [_policyTypeByOrigin objectForKey:hostOrigin];
+        NSLog(@"SBRProcessPlugin: Policy type for %@: %@", hostOrigin, policyType);
+        
+        SBRScriptPolicy *policy = [[SBRScriptPolicy alloc] initWithSecurityOrigin:hostOrigin policyType:[policyType integerValue]];
+        if ([self allScriptsAllowed] || [policy allowsExternalJavaScriptResourceOrigin:resourceOrigin]) {
+            NSLog(@"SBRProcessPlugin: Policy allows script requestURL: %@", requestURL);
+            [[self processDelegate] webProcessDidAllowScriptWithOrigin:resourceOrigin];
        } else {
-            NSLog(@"SBRProcessPlugin: Blocking requestURL: %@", requestURL);
-            [[self processDelegate] webProcessDidBlockScriptWithOrigin:originString];
+            NSLog(@"SBRProcessPlugin: Policy disallows script requestURL: %@", requestURL);
+            [[self processDelegate] webProcessDidBlockScriptWithOrigin:resourceOrigin];
            
            request = nil;
        }