chrome/common/extensions/permissions/socket_permission_entry.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/common/extensions/permissions/socket_permission_entry.h"
   6
   7 #include <cstdlib>
   8 #include <sstream>
   9 #include <vector>
  10
  11 #include "base/logging.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/strings/string_number_conversions.h"
  14 #include "base/strings/string_split.h"
  15 #include "base/strings/string_util.h"
  16 #include "chrome/common/extensions/permissions/socket_permission.h"
  17 #include "extensions/common/permissions/api_permission.h"
  18 #include "url/url_canon.h"
  19
  20 namespace {
  21
  22 using content::SocketPermissionRequest;
  23
  24 const char kColon = ':';
  25 const char kDot = '.';
  26 const char kWildcard[] = "*";
  27 const int kWildcardPortNumber = 0;
  28 const int kInvalidPort = -1;
  29
  30 bool StartsOrEndsWithWhitespace(const std::string& str) {
  31   if (str.find_first_not_of(base::kWhitespaceASCII) != 0)
  32     return true;
  33   if (str.find_last_not_of(base::kWhitespaceASCII) != str.length() - 1)
  34     return true;
  35   return false;
  36 }
  37
  38 }  // namespace
  39
  40 namespace extensions {
  41
  42 SocketPermissionEntry::SocketPermissionEntry()
  43   : pattern_(SocketPermissionRequest::NONE, std::string(), kInvalidPort),
  44     match_subdomains_(false) {
  45 }
  46
  47 SocketPermissionEntry::~SocketPermissionEntry() {}
  48
  49 bool SocketPermissionEntry::operator<(const SocketPermissionEntry& rhs) const {
  50   if (pattern_.type < rhs.pattern_.type)
  51     return true;
  52   if (pattern_.type > rhs.pattern_.type)
  53     return false;
  54
  55   if (pattern_.host < rhs.pattern_.host)
  56     return true;
  57   if (pattern_.host > rhs.pattern_.host)
  58     return false;
  59
  60   if (match_subdomains_ < rhs.match_subdomains_)
  61     return true;
  62   if (match_subdomains_ > rhs.match_subdomains_)
  63     return false;
  64
  65   if (pattern_.port < rhs.pattern_.port)
  66     return true;
  67   return false;
  68 }
  69
  70 bool SocketPermissionEntry::operator==(const SocketPermissionEntry& rhs) const {
  71   return (pattern_.type == rhs.pattern_.type) &&
  72          (pattern_.host == rhs.pattern_.host) &&
  73          (match_subdomains_ == rhs.match_subdomains_) &&
  74          (pattern_.port == rhs.pattern_.port);
  75 }
  76
  77 bool SocketPermissionEntry::Check(
  78     const content::SocketPermissionRequest& request) const {
  79   if (pattern_.type != request.type)
  80     return false;
  81
  82   std::string lhost = StringToLowerASCII(request.host);
  83   if (pattern_.host != lhost) {
  84     if (!match_subdomains_)
  85       return false;
  86
  87     if (!pattern_.host.empty()) {
  88       // Do not wildcard part of IP address.
  89       url_parse::Component component(0, lhost.length());
  90       url_canon::RawCanonOutputT<char, 128> ignored_output;
  91       url_canon::CanonHostInfo host_info;
  92       url_canon::CanonicalizeIPAddress(lhost.c_str(), component,
  93                                        &ignored_output, &host_info);
  94       if (host_info.IsIPAddress())
  95         return false;
  96
  97       // host should equal one or more chars + "." +  host_.
  98       int i = lhost.length() - pattern_.host.length();
  99       if (i < 2)
 100         return false;
 101
 102       if (lhost.compare(i, pattern_.host.length(), pattern_.host) != 0)
 103         return false;
 104
 105       if (lhost[i - 1] != kDot)
 106         return false;
 107     }
 108   }
 109
 110   if (pattern_.port != request.port && pattern_.port != kWildcardPortNumber)
 111     return false;
 112
 113   return true;
 114 }
 115
 116 SocketPermissionEntry::HostType SocketPermissionEntry::GetHostType() const {
 117   return pattern_.host.empty() ? SocketPermissionEntry::ANY_HOST :
 118          match_subdomains_     ? SocketPermissionEntry::HOSTS_IN_DOMAINS :
 119                                  SocketPermissionEntry::SPECIFIC_HOSTS;
 120 }
 121
 122 bool SocketPermissionEntry::IsAddressBoundType() const {
 123   return pattern_.type == SocketPermissionRequest::TCP_CONNECT ||
 124       pattern_.type == SocketPermissionRequest::TCP_LISTEN ||
 125       pattern_.type == SocketPermissionRequest::UDP_BIND ||
 126       pattern_.type == SocketPermissionRequest::UDP_SEND_TO;
 127 }
 128
 129 // static
 130 bool SocketPermissionEntry::ParseHostPattern(
 131     SocketPermissionRequest::OperationType type,
 132     const std::string& pattern,
 133     SocketPermissionEntry* entry) {
 134   std::vector<std::string> tokens;
 135   base::SplitStringDontTrim(pattern, kColon, &tokens);
 136   return ParseHostPattern(type, tokens, entry);
 137 }
 138
 139 // static
 140 bool SocketPermissionEntry::ParseHostPattern(
 141     SocketPermissionRequest::OperationType type,
 142     const std::vector<std::string>& pattern_tokens,
 143     SocketPermissionEntry* entry) {
 144
 145   SocketPermissionEntry result;
 146
 147   if (type == SocketPermissionRequest::NONE)
 148     return false;
 149
 150   if (pattern_tokens.size() > 2)
 151     return false;
 152
 153   result.pattern_.type = type;
 154   result.pattern_.port = kWildcardPortNumber;
 155   result.match_subdomains_ = true;
 156
 157   if (pattern_tokens.size() == 0) {
 158     *entry = result;
 159     return true;
 160   }
 161
 162     // Return an error if address is specified for permissions that don't
 163     // need it (such as 'resolve-host').
 164     if (!result.IsAddressBoundType())
 165       return false;
 166
 167   result.pattern_.host = pattern_tokens[0];
 168   if (!result.pattern_.host.empty()) {
 169     if (StartsOrEndsWithWhitespace(result.pattern_.host))
 170       return false;
 171     result.pattern_.host = StringToLowerASCII(result.pattern_.host);
 172
 173     // The first component can optionally be '*' to match all subdomains.
 174     std::vector<std::string> host_components;
 175     base::SplitString(result.pattern_.host, kDot, &host_components);
 176     DCHECK(!host_components.empty());
 177
 178     if (host_components[0] == kWildcard || host_components[0].empty()) {
 179       host_components.erase(host_components.begin(),
 180                             host_components.begin() + 1);
 181     } else {
 182       result.match_subdomains_ = false;
 183     }
 184     result.pattern_.host = JoinString(host_components, kDot);
 185   }
 186
 187   if (pattern_tokens.size() == 1 ||
 188       pattern_tokens[1].empty() ||
 189       pattern_tokens[1] == kWildcard) {
 190     *entry = result;
 191     return true;
 192   }
 193
 194   if (StartsOrEndsWithWhitespace(pattern_tokens[1]))
 195     return false;
 196
 197   if (!base::StringToInt(pattern_tokens[1], &result.pattern_.port) ||
 198       result.pattern_.port < 1 || result.pattern_.port > 65535)
 199     return false;
 200
 201   *entry = result;
 202   return true;
 203 }
 204
 205 std::string SocketPermissionEntry::GetHostPatternAsString() const {
 206   std::string result;
 207
 208   if (!IsAddressBoundType())
 209     return result;
 210
 211   if (match_subdomains()) {
 212     result.append(kWildcard);
 213     if (!pattern_.host.empty())
 214       result.append(1, kDot).append(pattern_.host);
 215   } else {
 216      result.append(pattern_.host);
 217   }
 218
 219   if (pattern_.port == kWildcardPortNumber)
 220     result.append(1, kColon).append(kWildcard);
 221   else
 222     result.append(1, kColon).append(base::IntToString(pattern_.port));
 223
 224   return result;
 225 }
 226
 227 }  // namespace extensions