net/proxy/proxy_bypass_rules.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/proxy/proxy_bypass_rules.h"
   6
   7 #include "base/stl_util.h"
   8 #include "base/strings/string_number_conversions.h"
   9 #include "base/strings/string_util.h"
  10 #include "base/strings/stringprintf.h"
  11 #include "base/strings/string_piece.h"
  12 #include "base/strings/string_tokenizer.h"
  13 #include "net/base/net_util.h"
  14
  15 namespace net {
  16
  17 namespace {
  18
  19 class HostnamePatternRule : public ProxyBypassRules::Rule {
  20  public:
  21   HostnamePatternRule(const std::string& optional_scheme,
  22                       const std::string& hostname_pattern,
  23                       int optional_port)
  24       : optional_scheme_(base::StringToLowerASCII(optional_scheme)),
  25         hostname_pattern_(base::StringToLowerASCII(hostname_pattern)),
  26         optional_port_(optional_port) {
  27   }
  28
  29   virtual bool Matches(const GURL& url) const OVERRIDE {
  30     if (optional_port_ != -1 && url.EffectiveIntPort() != optional_port_)
  31       return false;  // Didn't match port expectation.
  32
  33     if (!optional_scheme_.empty() && url.scheme() != optional_scheme_)
  34       return false;  // Didn't match scheme expectation.
  35
  36     // Note it is necessary to lower-case the host, since GURL uses capital
  37     // letters for percent-escaped characters.
  38     return MatchPattern(base::StringToLowerASCII(url.host()),
  39                         hostname_pattern_);
  40   }
  41
  42   virtual std::string ToString() const OVERRIDE {
  43     std::string str;
  44     if (!optional_scheme_.empty())
  45       base::StringAppendF(&str, "%s://", optional_scheme_.c_str());
  46     str += hostname_pattern_;
  47     if (optional_port_ != -1)
  48       base::StringAppendF(&str, ":%d", optional_port_);
  49     return str;
  50   }
  51
  52   virtual Rule* Clone() const OVERRIDE {
  53     return new HostnamePatternRule(optional_scheme_,
  54                                    hostname_pattern_,
  55                                    optional_port_);
  56   }
  57
  58  private:
  59   const std::string optional_scheme_;
  60   const std::string hostname_pattern_;
  61   const int optional_port_;
  62 };
  63
  64 class BypassLocalRule : public ProxyBypassRules::Rule {
  65  public:
  66   virtual bool Matches(const GURL& url) const OVERRIDE {
  67     const std::string& host = url.host();
  68     if (host == "127.0.0.1" || host == "[::1]")
  69       return true;
  70     return host.find('.') == std::string::npos;
  71   }
  72
  73   virtual std::string ToString() const OVERRIDE {
  74     return "<local>";
  75   }
  76
  77   virtual Rule* Clone() const OVERRIDE {
  78     return new BypassLocalRule();
  79   }
  80 };
  81
  82 // Rule for matching a URL that is an IP address, if that IP address falls
  83 // within a certain numeric range. For example, you could use this rule to
  84 // match all the IPs in the CIDR block 10.10.3.4/24.
  85 class BypassIPBlockRule : public ProxyBypassRules::Rule {
  86  public:
  87   // |ip_prefix| + |prefix_length| define the IP block to match.
  88   BypassIPBlockRule(const std::string& description,
  89                     const std::string& optional_scheme,
  90                     const IPAddressNumber& ip_prefix,
  91                     size_t prefix_length_in_bits)
  92       : description_(description),
  93         optional_scheme_(optional_scheme),
  94         ip_prefix_(ip_prefix),
  95         prefix_length_in_bits_(prefix_length_in_bits) {
  96   }
  97
  98   virtual bool Matches(const GURL& url) const OVERRIDE {
  99     if (!url.HostIsIPAddress())
 100       return false;
 101
 102     if (!optional_scheme_.empty() && url.scheme() != optional_scheme_)
 103       return false;  // Didn't match scheme expectation.
 104
 105     // Parse the input IP literal to a number.
 106     IPAddressNumber ip_number;
 107     if (!ParseIPLiteralToNumber(url.HostNoBrackets(), &ip_number))
 108       return false;
 109
 110     // Test if it has the expected prefix.
 111     return IPNumberMatchesPrefix(ip_number, ip_prefix_,
 112                                  prefix_length_in_bits_);
 113   }
 114
 115   virtual std::string ToString() const OVERRIDE {
 116     return description_;
 117   }
 118
 119   virtual Rule* Clone() const OVERRIDE {
 120     return new BypassIPBlockRule(description_,
 121                                  optional_scheme_,
 122                                  ip_prefix_,
 123                                  prefix_length_in_bits_);
 124   }
 125
 126  private:
 127   const std::string description_;
 128   const std::string optional_scheme_;
 129   const IPAddressNumber ip_prefix_;
 130   const size_t prefix_length_in_bits_;
 131 };
 132
 133 // Returns true if the given string represents an IP address.
 134 bool IsIPAddress(const std::string& domain) {
 135   // From GURL::HostIsIPAddress()
 136   url::RawCanonOutputT<char, 128> ignored_output;
 137   url::CanonHostInfo host_info;
 138   url::Component domain_comp(0, domain.size());
 139   url::CanonicalizeIPAddress(domain.c_str(), domain_comp, &ignored_output,
 140                              &host_info);
 141   return host_info.IsIPAddress();
 142 }
 143
 144 }  // namespace
 145
 146 ProxyBypassRules::Rule::Rule() {
 147 }
 148
 149 ProxyBypassRules::Rule::~Rule() {
 150 }
 151
 152 bool ProxyBypassRules::Rule::Equals(const Rule& rule) const {
 153   return ToString() == rule.ToString();
 154 }
 155
 156 ProxyBypassRules::ProxyBypassRules() {
 157 }
 158
 159 ProxyBypassRules::ProxyBypassRules(const ProxyBypassRules& rhs) {
 160   AssignFrom(rhs);
 161 }
 162
 163 ProxyBypassRules::~ProxyBypassRules() {
 164   Clear();
 165 }
 166
 167 ProxyBypassRules& ProxyBypassRules::operator=(const ProxyBypassRules& rhs) {
 168   AssignFrom(rhs);
 169   return *this;
 170 }
 171
 172 bool ProxyBypassRules::Matches(const GURL& url) const {
 173   for (RuleList::const_iterator it = rules_.begin(); it != rules_.end(); ++it) {
 174     if ((*it)->Matches(url))
 175       return true;
 176   }
 177   return false;
 178 }
 179
 180 bool ProxyBypassRules::Equals(const ProxyBypassRules& other) const {
 181   if (rules_.size() != other.rules_.size())
 182     return false;
 183
 184   for (size_t i = 0; i < rules_.size(); ++i) {
 185     if (!rules_[i]->Equals(*other.rules_[i]))
 186       return false;
 187   }
 188   return true;
 189 }
 190
 191 void ProxyBypassRules::ParseFromString(const std::string& raw) {
 192   ParseFromStringInternal(raw, false);
 193 }
 194
 195 void ProxyBypassRules::ParseFromStringUsingSuffixMatching(
 196     const std::string& raw) {
 197   ParseFromStringInternal(raw, true);
 198 }
 199
 200 bool ProxyBypassRules::AddRuleForHostname(const std::string& optional_scheme,
 201                                           const std::string& hostname_pattern,
 202                                           int optional_port) {
 203   if (hostname_pattern.empty())
 204     return false;
 205
 206   rules_.push_back(new HostnamePatternRule(optional_scheme,
 207                                            hostname_pattern,
 208                                            optional_port));
 209   return true;
 210 }
 211
 212 void ProxyBypassRules::AddRuleToBypassLocal() {
 213   rules_.push_back(new BypassLocalRule);
 214 }
 215
 216 bool ProxyBypassRules::AddRuleFromString(const std::string& raw) {
 217   return AddRuleFromStringInternalWithLogging(raw, false);
 218 }
 219
 220 bool ProxyBypassRules::AddRuleFromStringUsingSuffixMatching(
 221     const std::string& raw) {
 222   return AddRuleFromStringInternalWithLogging(raw, true);
 223 }
 224
 225 std::string ProxyBypassRules::ToString() const {
 226   std::string result;
 227   for (RuleList::const_iterator rule(rules_.begin());
 228        rule != rules_.end();
 229        ++rule) {
 230     result += (*rule)->ToString();
 231     result += ";";
 232   }
 233   return result;
 234 }
 235
 236 void ProxyBypassRules::Clear() {
 237   STLDeleteElements(&rules_);
 238 }
 239
 240 void ProxyBypassRules::AssignFrom(const ProxyBypassRules& other) {
 241   Clear();
 242
 243   // Make a copy of the rules list.
 244   for (RuleList::const_iterator it = other.rules_.begin();
 245        it != other.rules_.end(); ++it) {
 246     rules_.push_back((*it)->Clone());
 247   }
 248 }
 249
 250 void ProxyBypassRules::ParseFromStringInternal(
 251     const std::string& raw,
 252     bool use_hostname_suffix_matching) {
 253   Clear();
 254
 255   base::StringTokenizer entries(raw, ",;");
 256   while (entries.GetNext()) {
 257     AddRuleFromStringInternalWithLogging(entries.token(),
 258                                          use_hostname_suffix_matching);
 259   }
 260 }
 261
 262 bool ProxyBypassRules::AddRuleFromStringInternal(
 263     const std::string& raw_untrimmed,
 264     bool use_hostname_suffix_matching) {
 265   std::string raw;
 266   base::TrimWhitespaceASCII(raw_untrimmed, base::TRIM_ALL, &raw);
 267
 268   // This is the special syntax used by WinInet's bypass list -- we allow it
 269   // on all platforms and interpret it the same way.
 270   if (LowerCaseEqualsASCII(raw, "<local>")) {
 271     AddRuleToBypassLocal();
 272     return true;
 273   }
 274
 275   // Extract any scheme-restriction.
 276   std::string::size_type scheme_pos = raw.find("://");
 277   std::string scheme;
 278   if (scheme_pos != std::string::npos) {
 279     scheme = raw.substr(0, scheme_pos);
 280     raw = raw.substr(scheme_pos + 3);
 281     if (scheme.empty())
 282       return false;
 283   }
 284
 285   if (raw.empty())
 286     return false;
 287
 288   // If there is a forward slash in the input, it is probably a CIDR style
 289   // mask.
 290   if (raw.find('/') != std::string::npos) {
 291     IPAddressNumber ip_prefix;
 292     size_t prefix_length_in_bits;
 293
 294     if (!ParseCIDRBlock(raw, &ip_prefix, &prefix_length_in_bits))
 295       return false;
 296
 297     rules_.push_back(
 298         new BypassIPBlockRule(raw, scheme, ip_prefix, prefix_length_in_bits));
 299
 300     return true;
 301   }
 302
 303   // Check if we have an <ip-address>[:port] input. We need to treat this
 304   // separately since the IP literal may not be in a canonical form.
 305   std::string host;
 306   int port;
 307   if (ParseHostAndPort(raw, &host, &port)) {
 308     if (IsIPAddress(host)) {
 309       // Canonicalize the IP literal before adding it as a string pattern.
 310       GURL tmp_url("http://" + host);
 311       return AddRuleForHostname(scheme, tmp_url.host(), port);
 312     }
 313   }
 314
 315   // Otherwise assume we have <hostname-pattern>[:port].
 316   std::string::size_type pos_colon = raw.rfind(':');
 317   host = raw;
 318   port = -1;
 319   if (pos_colon != std::string::npos) {
 320     if (!base::StringToInt(base::StringPiece(raw.begin() + pos_colon + 1,
 321                                              raw.end()),
 322                            &port) ||
 323         (port < 0 || port > 0xFFFF)) {
 324       return false;  // Port was invalid.
 325     }
 326     raw = raw.substr(0, pos_colon);
 327   }
 328
 329   // Special-case hostnames that begin with a period.
 330   // For example, we remap ".google.com" --> "*.google.com".
 331   if (StartsWithASCII(raw, ".", false))
 332     raw = "*" + raw;
 333
 334   // If suffix matching was asked for, make sure the pattern starts with a
 335   // wildcard.
 336   if (use_hostname_suffix_matching && !StartsWithASCII(raw, "*", false))
 337     raw = "*" + raw;
 338
 339   return AddRuleForHostname(scheme, raw, port);
 340 }
 341
 342 bool ProxyBypassRules::AddRuleFromStringInternalWithLogging(
 343     const std::string& raw,
 344     bool use_hostname_suffix_matching) {
 345   return AddRuleFromStringInternal(raw, use_hostname_suffix_matching);
 346 }
 347
 348 }  // namespace net