Class Policy

java.lang.Object

com.shapesecurity.salvation2.Policy

public class Policy
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static enum	Policy.InlineType
private static class	Policy.NamedDirective
static interface	Policy.PolicyErrorConsumer
static interface	Policy.PolicyListErrorConsumer
static enum	Policy.Severity

Field Summary

Fields

Modifier and Type	Field	Description
private SourceExpressionDirective	baseUri
private boolean	blockAllMixedContent
private List<Policy.NamedDirective>	directives
private final Map<FetchDirectiveKind, SourceExpressionDirective>	fetchDirectives
private SourceExpressionDirective	formAction
private FrameAncestorsDirective	frameAncestors
private SourceExpressionDirective	navigateTo
private PluginTypesDirective	pluginTypes
private RFC7230Token	reportTo
private ReportUriDirective	reportUri
private SandboxDirective	sandbox
private boolean	upgradeInsecureRequests

Constructor Summary

Constructors

Modifier	Constructor	Description
private	Policy()

Method Summary

Modifier and Type	Method	Description
Directive	add(String name, List<String> values, Directive.DirectiveErrorConsumer directiveErrorConsumer)
boolean	allowsApplicationManifest(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsConnection(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsEval()
boolean	allowsExternalScript(Optional<String> nonce, Optional<String> integrity, Optional<URLWithScheme> scriptUrl, Optional<Boolean> parserInserted, Optional<URLWithScheme> origin)
boolean	allowsExternalStyle(Optional<String> nonce, Optional<URLWithScheme> styleUrl, Optional<URLWithScheme> origin)
boolean	allowsFont(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsFormAction(Optional<URLWithScheme> to, Optional<Boolean> redirected, Optional<URLWithScheme> redirectedTo, Optional<URLWithScheme> origin)
boolean	allowsFrame(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsFrameAncestor(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsImage(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsInlineScript(Optional<String> nonce, Optional<String> source, Optional<Boolean> parserInserted)
boolean	allowsInlineStyle(Optional<String> nonce, Optional<String> source)
boolean	allowsJavascriptUrlNavigation(Optional<String> source, Optional<URLWithScheme> origin)
boolean	allowsMedia(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsNavigation(Optional<URLWithScheme> to, Optional<Boolean> redirected, Optional<URLWithScheme> redirectedTo, Optional<URLWithScheme> origin)
boolean	allowsObject(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsPlugin(Optional<MediaType> mediaType)
boolean	allowsPrefetch(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
boolean	allowsScriptAsAttribute(Optional<String> source)
boolean	allowsStyleAsAttribute(Optional<String> source)
boolean	allowsWorker(Optional<URLWithScheme> source, Optional<URLWithScheme> origin)
Optional<SourceExpressionDirective>	baseUri()
boolean	blockAllMixedContent()
private static String	collect(String input, String regex)
private boolean	doesElementMatchSourceListForTypeAndSource(Policy.InlineType type, Optional<String> nonce, Optional<String> source, Optional<Boolean> parserInserted)
static boolean	doesUrlMatchSourceListInOrigin(URLWithScheme url, HostSourceDirective list, Optional<URLWithScheme> origin)
(package private) static void	enforceAscii(String s)
Optional<SourceExpressionDirective>	formAction()
Optional<FrameAncestorsDirective>	frameAncestors()
Optional<SourceExpressionDirective>	getFetchDirective(FetchDirectiveKind kind)
Optional<SourceExpressionDirective>	getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)
private static boolean	hostPartMatches(String A, String B)
Optional<SourceExpressionDirective>	navigateTo()
private static String	normalizeBase64Url(String input)
static Policy	parseSerializedCSP(String serialized, Policy.PolicyErrorConsumer policyErrorConsumer)
static PolicyList	parseSerializedCSPList(String serialized, Policy.PolicyListErrorConsumer policyListErrorConsumer)
private static boolean	pathPartMatches(String pathA, String pathB)
Optional<PluginTypesDirective>	pluginTypes()
private static boolean	portPartMatches(int A, int portB, String schemeB)
boolean	remove(String name)
Optional<RFC7230Token>	reportTo()
Optional<ReportUriDirective>	reportUri()
Optional<SandboxDirective>	sandbox()
private static boolean	schemePartMatches(String A, String B)
void	setBlockAllMixedContent(boolean value)
void	setReportTo(RFC7230Token token)
void	setUpgradeInsecureRequests(boolean value)
private static String	stripLeadingWhitespace(String string)
private static String	stripTrailingWhitespace(String string)
String	toString()
boolean	upgradeInsecureRequests()

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

directives

private List<Policy.NamedDirective> directives

baseUri

private SourceExpressionDirective baseUri

blockAllMixedContent

private boolean blockAllMixedContent

formAction

private SourceExpressionDirective formAction

frameAncestors

private FrameAncestorsDirective frameAncestors

navigateTo

private SourceExpressionDirective navigateTo

pluginTypes

private PluginTypesDirective pluginTypes

reportTo

private RFC7230Token reportTo

reportUri

private ReportUriDirective reportUri

sandbox

private SandboxDirective sandbox

upgradeInsecureRequests

private boolean upgradeInsecureRequests

fetchDirectives

@Nonnull
private final Map<FetchDirectiveKind, SourceExpressionDirective> fetchDirectives

Constructor Details

Policy

private Policy()

Method Details

parseSerializedCSPList

@Nonnull
public static PolicyList parseSerializedCSPList(String serialized,
 Policy.PolicyListErrorConsumer policyListErrorConsumer)

parseSerializedCSP

@Nonnull
public static Policy parseSerializedCSP(String serialized,
 Policy.PolicyErrorConsumer policyErrorConsumer)

add

public Directive add(String name,
 List<String> values,
 Directive.DirectiveErrorConsumer directiveErrorConsumer)

remove

public boolean remove(String name)

toString

public String toString()

Overrides:

toString in class Object

baseUri

public Optional<SourceExpressionDirective> baseUri()

blockAllMixedContent

public boolean blockAllMixedContent()

setBlockAllMixedContent

public void setBlockAllMixedContent(boolean value)

formAction

public Optional<SourceExpressionDirective> formAction()

frameAncestors

public Optional<FrameAncestorsDirective> frameAncestors()

navigateTo

public Optional<SourceExpressionDirective> navigateTo()

pluginTypes

public Optional<PluginTypesDirective> pluginTypes()

reportTo

public Optional<RFC7230Token> reportTo()

setReportTo

public void setReportTo(RFC7230Token token)

reportUri

public Optional<ReportUriDirective> reportUri()

sandbox

public Optional<SandboxDirective> sandbox()

upgradeInsecureRequests

public boolean upgradeInsecureRequests()

setUpgradeInsecureRequests

public void setUpgradeInsecureRequests(boolean value)

getFetchDirective

public Optional<SourceExpressionDirective> getFetchDirective(FetchDirectiveKind kind)

allowsExternalScript

public boolean allowsExternalScript(Optional<String> nonce,
 Optional<String> integrity,
 Optional<URLWithScheme> scriptUrl,
 Optional<Boolean> parserInserted,
 Optional<URLWithScheme> origin)

allowsInlineScript

public boolean allowsInlineScript(Optional<String> nonce,
 Optional<String> source,
 Optional<Boolean> parserInserted)

allowsScriptAsAttribute

public boolean allowsScriptAsAttribute(Optional<String> source)

allowsEval

public boolean allowsEval()

allowsNavigation

public boolean allowsNavigation(Optional<URLWithScheme> to,
 Optional<Boolean> redirected,
 Optional<URLWithScheme> redirectedTo,
 Optional<URLWithScheme> origin)

allowsFormAction

public boolean allowsFormAction(Optional<URLWithScheme> to,
 Optional<Boolean> redirected,
 Optional<URLWithScheme> redirectedTo,
 Optional<URLWithScheme> origin)

allowsJavascriptUrlNavigation

public boolean allowsJavascriptUrlNavigation(Optional<String> source,
 Optional<URLWithScheme> origin)

allowsExternalStyle

public boolean allowsExternalStyle(Optional<String> nonce,
 Optional<URLWithScheme> styleUrl,
 Optional<URLWithScheme> origin)

allowsInlineStyle

public boolean allowsInlineStyle(Optional<String> nonce,
 Optional<String> source)

allowsStyleAsAttribute

public boolean allowsStyleAsAttribute(Optional<String> source)

allowsFrame

public boolean allowsFrame(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsFrameAncestor

public boolean allowsFrameAncestor(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsConnection

public boolean allowsConnection(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsFont

public boolean allowsFont(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsImage

public boolean allowsImage(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsApplicationManifest

public boolean allowsApplicationManifest(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsMedia

public boolean allowsMedia(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsObject

public boolean allowsObject(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsPrefetch

public boolean allowsPrefetch(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsWorker

public boolean allowsWorker(Optional<URLWithScheme> source,
 Optional<URLWithScheme> origin)

allowsPlugin

public boolean allowsPlugin(Optional<MediaType> mediaType)

getGoverningDirectiveForEffectiveDirective

public Optional<SourceExpressionDirective> getGoverningDirectiveForEffectiveDirective(FetchDirectiveKind kind)

doesElementMatchSourceListForTypeAndSource

private boolean doesElementMatchSourceListForTypeAndSource(Policy.InlineType type,
 Optional<String> nonce,
 Optional<String> source,
 Optional<Boolean> parserInserted)

normalizeBase64Url

private static String normalizeBase64Url(String input)

doesUrlMatchSourceListInOrigin

public static boolean doesUrlMatchSourceListInOrigin(URLWithScheme url,
 HostSourceDirective list,
 Optional<URLWithScheme> origin)

schemePartMatches

private static boolean schemePartMatches(String A,
 String B)

hostPartMatches

private static boolean hostPartMatches(String A,
 String B)

portPartMatches

private static boolean portPartMatches(int A,
 int portB,
 String schemeB)

pathPartMatches

private static boolean pathPartMatches(String pathA,
 String pathB)

enforceAscii

static void enforceAscii(String s)

stripLeadingWhitespace

private static String stripLeadingWhitespace(String string)

stripTrailingWhitespace

private static String stripTrailingWhitespace(String string)

collect

@Nonnull
private static String collect(String input,
 String regex)