Implement mixed content whitelist

jacek-manko-red · pgorszkowski-igalia · commit 3fd2ed5e9a80 · 2024-05-02T08:12:41.000+02:00
API is exposed via WebKitWebExtension, similiar to the CORS whitelist.
Wildcards can be used, with '*' replacing any string
diff --git a/Source/WebCore/loader/MixedContentChecker.cpp b/Source/WebCore/loader/MixedContentChecker.cpp
@@ -47,7 +47,60 @@
 
 namespace WebCore {
 
-static bool isMixedContent(const Document& document, const URL& url)
+static WTF::Vector<WTF::KeyValuePair<WTF::String, WTF::String>> m_whitelist = {};
+
+static bool wildcardMatch(const String& pattern, const String& url)
+{
+    int patternLen = pattern.length();
+    int patternPos = 0;
+    int urlLen = url.length();
+    int urlPos = 0;
+    int wildcardPos = -1;
+    int wildcardMatchEnd = 0;
+
+    while (urlPos < urlLen) {
+        if (patternPos < patternLen && pattern[patternPos] == url[urlPos]) {
+            // characters match
+            patternPos++;
+            urlPos++;
+        } else if (patternPos < patternLen && pattern[patternPos] == '*') {
+            // mark wildcard position, start matching the rest of the pattern
+            wildcardPos = patternPos;
+            wildcardMatchEnd = urlPos;
+            patternPos++;
+        } else if (wildcardPos != -1) {
+            // no match, but we have a wildcard - assume wildcard handles a match to this position,
+            // revert patternPos to after last *
+            patternPos = wildcardPos + 1;
+            wildcardMatchEnd++;
+            urlPos = wildcardMatchEnd;
+        } else {
+            // no match, no wildcard - pattern does not match
+            return false;
+        }
+    }
+
+    // url matches so far, and we're at the end of it
+    // skip any remaining wildcards
+    while (patternPos < patternLen && pattern[patternPos] == '*') {
+        patternPos++;
+    }
+    // if we're at the end of pattern, that's a match
+    // otherwise, the remaining part of the pattern can't be matched
+    return patternPos == patternLen;
+}
+
+static bool isWhitelisted(const String& origin, const String& domain)
+{
+    for (auto kvPair : m_whitelist) {
+        if (wildcardMatch(kvPair.key, origin) && wildcardMatch(kvPair.value, domain)) {
+            return true;
+        }
+    }
+    return false;
+}
+
+static bool isMixedContent(const Document& document, const WTF::URL& url)
 {
     // FIXME: Use document.isSecureContext(), instead of comparing against "https" scheme, when all ports stop using loopback in LayoutTests
     // sandboxed iframes have an opaque origin so we should perform the mixed content check considering the origin
@@ -124,6 +177,11 @@ static bool frameAndAncestorsCanDisplayInsecureContent(LocalFrame& frame, MixedC
         return true;
 
     RefPtr document = frame.document();
+    if (isWhitelisted(document->securityOrigin().toString(), url.protocolHostAndPort())) {
+        logConsoleWarning(frame, true, "display"_s, url);
+        return true;
+    }
+
     if (!document->checkedContentSecurityPolicy()->allowRunningOrDisplayingInsecureContent(url))
         return false;
 
@@ -146,6 +204,11 @@ bool MixedContentChecker::frameAndAncestorsCanRunInsecureContent(LocalFrame& fra
     if (!foundMixedContentInFrameTree(frame, url))
         return true;
 
+    if (isWhitelisted(securityOrigin.toString(), url.protocolHostAndPort())) {
+        logConsoleWarning(frame, true, "run"_s, url);
+        return true;
+    }
+
     RefPtr document = frame.document();
     if (!document->checkedContentSecurityPolicy()->allowRunningOrDisplayingInsecureContent(url))
         return false;
@@ -242,5 +305,25 @@ void MixedContentChecker::checkFormForMixedContent(LocalFrame& frame, const URL&
 
     frame.checkedLoader()->client().didDisplayInsecureContent();
 }
+void MixedContentChecker::addMixedContentWhitelistEntry(const String& origin, const String& domain)
+{
+    m_whitelist.append(makeKeyValuePair(origin, domain));
+}
+
+void MixedContentChecker::removeMixedContentWhitelistEntry(const String& origin, const String& domain)
+{
+    for (size_t i = 0; i < m_whitelist.size(); i++) {
+        if (m_whitelist[i].key == origin && m_whitelist[i].value == domain) {
+            m_whitelist.remove(i);
+            break;
+        }
+    }
+}
 
+void MixedContentChecker::resetMixedContentWhitelist()
+{
+    m_whitelist.clear();
+
+}
 } // namespace WebCore
+
diff --git a/Source/WebCore/loader/MixedContentChecker.h b/Source/WebCore/loader/MixedContentChecker.h
@@ -31,6 +31,8 @@
 
 #include "FetchOptions.h"
 #include <wtf/Forward.h>
+#include <wtf/KeyValuePair.h>
+#include <wtf/Vector.h>
 
 namespace WebCore {
 
@@ -55,5 +57,9 @@ bool shouldBlockRequestForDisplayableContent(LocalFrame&, const URL&, ContentTyp
 bool shouldBlockRequestForRunnableContent(LocalFrame&, SecurityOrigin&, const URL&, ShouldLogWarning = ShouldLogWarning::Yes);
 void checkFormForMixedContent(LocalFrame&, const URL&);
 
+void addMixedContentWhitelistEntry(const String& origin, const String& domain);
+void removeMixedContentWhitelistEntry(const String& origin, const String& domain);
+void resetMixedContentWhitelist();
+
 } // namespace MixedContentChecker
 } // namespace WebCore
diff --git a/Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.cpp b/Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.cpp
@@ -274,6 +274,27 @@ void webkit_web_extension_reset_origin_access_whitelists(WebKitWebExtension* ext
     extension->priv->bundle->resetOriginAccessAllowLists();
 }
 
+void webkit_web_extension_add_mixed_content_whitelist_entry(WebKitWebExtension *extension, const gchar* origin, const gchar* domain)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+
+    extension->priv->bundle->addMixedContentWhitelistEntry(String::fromUTF8(origin), String::fromUTF8(domain));
+}
+
+void webkit_web_extension_remove_mixed_content_whitelist_entry(WebKitWebExtension *extension, const gchar* origin, const gchar* domain)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+
+    extension->priv->bundle->removeMixedContentWhitelistEntry(String::fromUTF8(origin), String::fromUTF8(domain));
+}
+
+void webkit_web_extension_reset_mixed_content_whitelist_entry(WebKitWebExtension *extension)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_EXTENSION(extension));
+
+    extension->priv->bundle->resetMixedContentWhitelist();
+}
+
 /**
  * webkit_web_extension_send_message_to_context:
  * @extension: a #WebKitWebExtension
diff --git a/Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.h.in b/Source/WebKit/WebProcess/InjectedBundle/API/glib/WebKitWebExtension.h.in
@@ -92,6 +92,19 @@ webkit_web_extension_remove_origin_access_whitelist_entry (WebKitWebExtension
 WEBKIT_API void
 webkit_web_extension_reset_origin_access_whitelists       (WebKitWebExtension   *extension);
 
+WEBKIT_API void
+webkit_web_extension_add_mixed_content_whitelist_entry    (WebKitWebExtension   *extension,
+                                                           const gchar          *origin,
+                                                           const gchar          *domain);
+
+WEBKIT_API void
+webkit_web_extension_remove_mixed_content_whitelist_entry (WebKitWebExtension   *extension,
+                                                           const gchar          *origin,
+                                                           const gchar          *domain);
+
+WEBKIT_API void
+webkit_web_extension_reset_mixed_content_whitelist_entry  (WebKitWebExtension   *extension);
+
 WEBKIT_API void
 webkit_web_extension_send_message_to_context        (WebKitWebExtension *extension,
                                                      WebKitUserMessage  *message,
diff --git a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp
@@ -80,6 +80,8 @@
 #include <wtf/ProcessPrivilege.h>
 #include <wtf/SystemTracing.h>
 
+#include <WebCore/MixedContentChecker.h>
+
 #if ENABLE(NOTIFICATIONS)
 #include "WebNotificationManager.h"
 #endif
@@ -165,6 +167,20 @@ void InjectedBundle::resetOriginAccessAllowLists()
     WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::ResetOriginAccessAllowLists { }, 0);
 }
 
+void InjectedBundle::addMixedContentWhitelistEntry(const String& origin, const String& domain)
+{
+    MixedContentChecker::addMixedContentWhitelistEntry(origin, domain);
+}
+
+void InjectedBundle::removeMixedContentWhitelistEntry(const String& origin, const String& domain)
+{
+    MixedContentChecker::removeMixedContentWhitelistEntry(origin, domain);
+}
+void InjectedBundle::resetMixedContentWhitelist()
+{
+    MixedContentChecker::resetMixedContentWhitelist();
+}
+
 void InjectedBundle::setAsynchronousSpellCheckingEnabled(bool enabled)
 {
     Page::forEachPage([enabled](Page& page) {
diff --git a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h
@@ -97,6 +97,9 @@ class InjectedBundle : public API::ObjectImpl<API::Object::Type::Bundle> {
     void addOriginAccessAllowListEntry(const String&, const String&, const String&, bool);
     void removeOriginAccessAllowListEntry(const String&, const String&, const String&, bool);
     void resetOriginAccessAllowLists();
+    void addMixedContentWhitelistEntry(const String&, const String&);
+    void removeMixedContentWhitelistEntry(const String&, const String&);
+    void resetMixedContentWhitelist();
     void setAsynchronousSpellCheckingEnabled(bool);
     int numberOfPages(WebFrame*, double, double);
     int pageNumberForElementById(WebFrame*, const String&, double, double);
