Skip to content

Commit 3d0fc58

Browse files
rfc-strfc-st
committed
Feature: Improved 'Permissions-Policy' broad checks.
1 parent ac789e8 commit 3d0fc58

File tree

3 files changed

+21
-4
lines changed

3 files changed

+21
-4
lines changed

humble.py

+19-2
Original file line numberDiff line numberDiff line change
@@ -878,6 +878,23 @@ def csp_print_details(csp_values, csp_title, csp_desc, csp_refs):
878878
print_detail(f'{csp_refs}')
879879

880880

881+
def permissions_analyze_content(perm_header, i_cnt):
882+
perm_broad_dir = [
883+
dir.split('=')[0].strip() for dir in perm_header.split(',')
884+
if any(broadp in dir.split('=')[1].strip() for broadp in t_per_broad)]
885+
if perm_broad_dir:
886+
permissions_print_broad(perm_broad_dir, i_cnt)
887+
888+
889+
def permissions_print_broad(perm_broad_dir, i_cnt):
890+
print_detail_r('[ifpol_h]', is_red=True)
891+
if not args.brief:
892+
print_detail_l('[icsp_s]' if len(perm_broad_dir) > 1 else '[icsp_si]')
893+
print(f" {', '.join(f"'{dir}'" for dir in perm_broad_dir)}.")
894+
print_detail('[ifpol]', num_lines=2)
895+
i_cnt[0] += 1
896+
897+
881898
def delete_lines(reliable=True):
882899
if not reliable:
883900
sys.stdout.write(DELETED_LINES)
@@ -2257,6 +2274,7 @@ def custom_help_formatter(prog):
22572274

22582275
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
22592276
# https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
2277+
t_per_broad = ('*', ' * ')
22602278
t_per_dep = ('document-domain', 'window-placement')
22612279
t_per_ft = ('accelerometer', 'all-screens-capture', 'ambient-light-sensor',
22622280
'attribution-reporting', 'autoplay', 'battery', 'bluetooth',
@@ -2604,8 +2622,7 @@ def custom_help_formatter(prog):
26042622
perm_header = headers_l['permissions-policy']
26052623
if not any(elem in perm_header for elem in t_per_ft):
26062624
print_details('[ifpoln_h]', '[ifpoln]', 'm', i_cnt)
2607-
if '*' in perm_header:
2608-
print_details('[ifpol_h]', '[ifpol]', 'd', i_cnt)
2625+
permissions_analyze_content(perm_header, i_cnt)
26092626
if 'none' in perm_header:
26102627
print_details('[ifpoli_h]', '[ifpoli]', 'd', i_cnt)
26112628
if any(elem in perm_header for elem in t_per_dep):

l10n/details.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -1070,7 +1070,7 @@ HTTP Response Headers
10701070
Ref: https://csplite.com/fp/
10711071

10721072
[ifpol]
1073-
The value '(*)' allows the feature in this document and iframes, regardless of their origin.
1073+
'*' allows the directive in any source, regardless of their origin.
10741074
Ref: https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/
10751075

10761076
[ifpoli]

l10n/details_es.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -1075,7 +1075,7 @@ Cabeceras de respuesta HTTP
10751075
Ref: https://csplite.com/fp/
10761076

10771077
[ifpol]
1078-
El valor '(*)' permite el uso de la funcionalidad independientemente de su origen.
1078+
'*' permite la directiva en cualquier fuente, independientemente de su origen.
10791079
Ref: https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/
10801080

10811081
[ifpoli]

0 commit comments

Comments
 (0)