Chromium Code Reviews Chromium Code Reviews
Issue 10692160:
Support socket endpoint permissions for AppsV2 Socket API. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/common/extensions/permissions/socket_permission_data.h" | |
| 6 | |
| 7 #include <cstdlib> | |
| 8 #include <sstream> | |
| 9 #include <vector> | |
| 10 | |
| 11 #include "base/logging.h" | |
| 12 #include "base/string_number_conversions.h" | |
| 13 #include "base/string_split.h" | |
| 14 #include "base/string_util.h" | |
| 15 | |
| 16 namespace { | |
| 17 | |
| 18 bool StartsOrEndsWithWhitespace(const std::string& str) { | |
| 19 if (str.find_first_not_of(kWhitespaceASCII) != 0) | |
| 20 return true; | |
| 21 if (str.find_last_not_of(kWhitespaceASCII) != str.length() - 1) | |
| 22 return true; | |
| 23 return false; | |
| 24 } | |
| 25 | |
| 26 } // namespace | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
Seems like you can merge these two adjacent unname
Peng
2012/08/13 16:26:10
Done.
| |
| 27 | |
| 28 namespace { | |
| 29 | |
| 30 using extensions::SocketPermissionData; | |
| 31 | |
| 32 const char kColon = ':'; | |
| 33 const char kDot = '.'; | |
| 34 const char kWildcard[] = "*"; | |
| 35 const char kInvalid[] = "invalid"; | |
| 36 const char kTCPConnect[] = "tcp-connect"; | |
| 37 const char kTCPListen[] = "tcp-listen"; | |
| 38 const char kUDPBind[] = "udp-bind"; | |
| 39 const char kUDPSendTo[] = "udp-send-to"; | |
| 40 | |
| 41 SocketPermissionData::OperationType StringToType(const std::string& s) { | |
| 42 if (s == kTCPConnect) | |
| 43 return SocketPermissionData::TCP_CONNECT; | |
| 44 if (s == kTCPListen) | |
| 45 return SocketPermissionData::TCP_LISTEN; | |
| 46 if (s == kUDPBind) | |
| 47 return SocketPermissionData::UDP_BIND; | |
| 48 if (s == kUDPSendTo) | |
| 49 return SocketPermissionData::UDP_SEND_TO; | |
| 50 return SocketPermissionData::NONE; | |
| 51 } | |
| 52 | |
| 53 const char* TypeToString(SocketPermissionData::OperationType type) { | |
| 54 switch (type) { | |
| 55 case SocketPermissionData::TCP_CONNECT: | |
| 56 return kTCPConnect; | |
| 57 case SocketPermissionData::TCP_LISTEN: | |
| 58 return kTCPListen; | |
| 59 case SocketPermissionData::UDP_BIND: | |
| 60 return kUDPBind; | |
| 61 case SocketPermissionData::UDP_SEND_TO: | |
| 62 return kUDPSendTo; | |
| 63 default: | |
| 64 return kInvalid; | |
| 65 } | |
| 66 } | |
| 67 | |
| 68 } | |
| 69 | |
| 70 namespace extensions { | |
| 71 | |
| 72 SocketPermissionData::SocketPermissionData() { | |
| 73 Reset(); | |
| 74 } | |
| 75 | |
| 76 SocketPermissionData::~SocketPermissionData() { | |
| 77 } | |
| 78 | |
| 79 bool SocketPermissionData::operator<(const SocketPermissionData& rhs) const { | |
| 80 if (type_ < rhs.type_) | |
| 81 return true; | |
| 82 if (type_ > rhs.type_) | |
| 83 return false; | |
| 84 | |
| 85 if (host_ < rhs.host_) | |
| 86 return true; | |
| 87 if (host_ > rhs.host_) | |
| 88 return false; | |
| 89 | |
| 90 if (match_subdomains_ < rhs.match_subdomains_) | |
| 91 return true; | |
| 92 if (match_subdomains_ > rhs.match_subdomains_) | |
| 93 return false; | |
| 94 | |
| 95 if (port_ < rhs.port_) | |
| 96 return true; | |
| 97 return false; | |
| 98 } | |
| 99 | |
| 100 bool SocketPermissionData::operator==(const SocketPermissionData& rhs) const { | |
| 101 return (type_ == rhs.type_) && (host_ == rhs.host_) && | |
| 102 (match_subdomains_ == rhs.match_subdomains_) && | |
| 103 (port_ == rhs.port_); | |
| 104 } | |
| 105 | |
| 106 bool SocketPermissionData::Match( | |
| 107 OperationType type, const std::string& host, int port) const { | |
| 108 if (type_ != type) | |
| 109 return false; | |
| 110 | |
| 111 std::string lhost = StringToLowerASCII(host); | |
| 112 if (host_ != lhost) { | |
| 113 if (!match_subdomains_) | |
| 114 return false; | |
| 115 | |
| 116 // host should equal one or more chars + '.' + host_. | |
| 117 if (lhost.length() < host_.length() + 2) | |
| 118 return false; | |
| 119 | |
| 120 if (lhost.compare(lhost.length() - host_.length(), | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
You don't seem to check that there's a period befo
Peng
2012/08/13 16:26:10
Done.
| |
| 121 host_.length(), host_) != 0) | |
| 122 return false; | |
| 123 } | |
| 124 | |
| 125 if (port_ != port && port_ != 0) | |
| 126 return false; | |
| 127 | |
| 128 return true; | |
| 129 } | |
| 130 | |
| 131 bool SocketPermissionData::Parse(const std::string& permission) { | |
| 132 do { | |
| 133 host_.clear(); | |
| 134 match_subdomains_ = true; | |
| 135 port_ = 0; | |
| 136 spec_.clear(); | |
| 137 | |
| 138 std::vector<std::string> tokens; | |
| 139 base::SplitStringDontTrim(permission, kColon, &tokens); | |
| 140 | |
| 141 if (tokens.empty() || tokens.size() > 3) | |
| 142 break; | |
| 143 | |
| 144 type_ = StringToType(tokens[0]); | |
| 145 if (type_ == NONE) | |
| 146 break; | |
| 147 | |
| 148 if (tokens.size() == 1) | |
| 149 return true; | |
| 150 | |
| 151 | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
Extra newline.
Peng
2012/08/13 16:26:10
Done.
| |
| 152 host_ = tokens[1]; | |
| 153 if (!host_.empty()) { | |
| 154 if (StartsOrEndsWithWhitespace(host_)) | |
| 155 break; | |
| 156 host_ = StringToLowerASCII(host_); | |
| 157 | |
| 158 // The first component can optionally be '*' to match all subdomains. | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
Wildcards should not be allowed for IP addresses (
Peng
2012/08/13 16:26:10
Done.
| |
| 159 std::vector<std::string> host_components; | |
| 160 base::SplitString(host_, kDot, &host_components); | |
| 161 DCHECK(!host_components.empty()); | |
| 162 | |
| 163 if (host_components[0] == kWildcard || host_components[0].empty()) { | |
| 164 host_components.erase(host_components.begin(), | |
| 165 host_components.begin() + 1); | |
| 166 } else { | |
| 167 match_subdomains_ = false; | |
| 168 } | |
| 169 host_ = JoinString(host_components, kDot); | |
| 170 } | |
| 171 | |
| 172 if (tokens.size() == 2 || tokens[2].empty() || tokens[2] == kWildcard) | |
| 173 return true; | |
| 174 | |
| 175 if (StartsOrEndsWithWhitespace(tokens[2])) | |
| 176 break; | |
| 177 | |
| 178 if (!base::StringToInt(tokens[2], &port_) || | |
| 179 port_ < 1 || port_ > 65535) | |
| 180 break; | |
| 181 return true; | |
| 182 } while (false); | |
| 183 | |
| 184 Reset(); | |
| 185 return false; | |
| 186 } | |
| 187 | |
| 188 const std::string& SocketPermissionData::GetAsString() const { | |
| 189 if (!spec_.empty()) | |
| 190 return spec_; | |
| 191 | |
| 192 spec_.reserve(64); | |
| 193 spec_.append(TypeToString(type_)); | |
| 194 | |
| 195 if (match_subdomains_) { | |
| 196 spec_.append(1, kColon).append(kWildcard); | |
| 197 if (!host_.empty()) | |
| 198 spec_.append(1, kDot).append(host_); | |
| 199 } else { | |
| 200 spec_.append(1, kColon).append(host_); | |
| 201 } | |
| 202 | |
| 203 if (port_ == 0) | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
Can you make the 0 magic value into a ANY_PORT con
Peng
2012/08/13 16:26:10
Done.
| |
| 204 spec_.append(1, kColon).append(kWildcard); | |
| 205 else | |
| 206 spec_.append(1, kColon).append(base::IntToString(port_)); | |
| 207 | |
| 208 return spec_; | |
| 209 } | |
| 210 | |
| 211 void SocketPermissionData::Reset() { | |
| 212 type_ = NONE; | |
| 213 host_ .clear(); | |
|
Mihai Parparita -not on Chrome
2012/08/10 00:16:16
Extra space after _
Peng
2012/08/13 16:26:10
Done.
Peng
2012/08/13 16:26:10
Done.
| |
| 214 match_subdomains_ = false; | |
| 215 port_ = -1; | |
| 216 spec_.clear(); | |
| 217 } | |
| 218 | |
| 219 } // namespace extensions | |
| OLD | NEW |
