webkit/browser/database/database_util.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "webkit/browser/database/database_util.h"
   6
   7 #include "base/basictypes.h"
   8 #include "base/strings/utf_string_conversions.h"
   9 #include "third_party/WebKit/public/platform/WebString.h"
  10 #include "webkit/browser/database/database_tracker.h"
  11 #include "webkit/browser/database/vfs_backend.h"
  12
  13 namespace webkit_database {
  14
  15 const char DatabaseUtil::kJournalFileSuffix[] = "-journal";
  16
  17 bool DatabaseUtil::CrackVfsFileName(const base::string16& vfs_file_name,
  18                                     std::string* origin_identifier,
  19                                     base::string16* database_name,
  20                                     base::string16* sqlite_suffix) {
  21   // 'vfs_file_name' is of the form <origin_identifier>/<db_name>#<suffix>.
  22   // <suffix> is optional.
  23   DCHECK(!vfs_file_name.empty());
  24   size_t first_slash_index = vfs_file_name.find('/');
  25   size_t last_pound_index = vfs_file_name.rfind('#');
  26   // '/' and '#' must be present in the string. Also, the string cannot start
  27   // with a '/' (origin_identifier cannot be empty) and '/' must come before '#'
  28   if ((first_slash_index == base::string16::npos) ||
  29       (last_pound_index == base::string16::npos) ||
  30       (first_slash_index == 0) ||
  31       (first_slash_index > last_pound_index)) {
  32     return false;
  33   }
  34
  35   if (origin_identifier) {
  36     *origin_identifier = UTF16ToASCII(
  37         vfs_file_name.substr(0, first_slash_index));
  38   }
  39   if (database_name) {
  40     *database_name = vfs_file_name.substr(
  41         first_slash_index + 1, last_pound_index - first_slash_index - 1);
  42   }
  43   if (sqlite_suffix) {
  44     *sqlite_suffix = vfs_file_name.substr(
  45         last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1);
  46   }
  47   return true;
  48 }
  49
  50 base::FilePath DatabaseUtil::GetFullFilePathForVfsFile(
  51     DatabaseTracker* db_tracker, const base::string16& vfs_file_name) {
  52   std::string origin_identifier;
  53   base::string16 database_name;
  54   base::string16 sqlite_suffix;
  55   if (!CrackVfsFileName(vfs_file_name, &origin_identifier,
  56                         &database_name, &sqlite_suffix)) {
  57     return base::FilePath(); // invalid vfs_file_name
  58   }
  59
  60   base::FilePath full_path = db_tracker->GetFullDBFilePath(
  61       origin_identifier, database_name);
  62   if (!full_path.empty() && !sqlite_suffix.empty()) {
  63     DCHECK(full_path.Extension().empty());
  64     full_path = full_path.InsertBeforeExtensionASCII(
  65         UTF16ToASCII(sqlite_suffix));
  66   }
  67   // Watch out for directory traversal attempts from a compromised renderer.
  68   if (full_path.value().find(FILE_PATH_LITERAL("..")) !=
  69           base::FilePath::StringType::npos)
  70     return base::FilePath();
  71   return full_path;
  72 }
  73
  74 bool DatabaseUtil::IsValidOriginIdentifier(
  75     const std::string& origin_identifier) {
  76   std::string dotdot = "..";
  77   char forbidden[] = {'\\', '/', '\0'};
  78
  79   std::string::size_type pos = origin_identifier.find(dotdot);
  80   if (pos == std::string::npos)
  81     pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden));
  82
  83   return pos == std::string::npos;
  84 }
  85
  86 }  // namespace webkit_database