Source/platform/weborigin/OriginAccessEntry.cpp - Issue 1128913004: Improve OriginAccessEntry support for IP addresses.

Side by Side Diff: Source/platform/weborigin/OriginAccessEntry.cpp

Issue 1128913004: Improve OriginAccessEntry support for IP addresses. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « Source/platform/weborigin/OriginAccessEntry.h ('k') | Source/platform/weborigin/OriginAccessEntryTest.cpp » ('j') | Source/platform/weborigin/OriginAccessEntryTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2009 Google Inc. All rights reserved.	2 * Copyright (C) 2009 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 13 matching lines...) Expand all Loading...
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #include "config.h"	31 #include "config.h"

32 #include "platform/weborigin/OriginAccessEntry.h"	32 #include "platform/weborigin/OriginAccessEntry.h"

33	33

	34 #include "platform/weborigin/KURL.h"

34 #include "platform/weborigin/SecurityOrigin.h"	35 #include "platform/weborigin/SecurityOrigin.h"

35 #include "public/platform/Platform.h"	36 #include "public/platform/Platform.h"

36 #include "public/platform/WebPublicSuffixList.h"	37 #include "public/platform/WebPublicSuffixList.h"

	38 #include <url/third_party/mozilla/url_parse.h>
	Ryan Sleevi 2015/05/13 23:23:34 what the wat? what the wat? Mike West 2015/05/15 14:45:16 This is where 'url::Component' is defined. Don't a Show quoted text On 2015/05/13 at 23:23:34, Ryan Sleevi wrote: > what the wat? This is where 'url::Component' is defined. Don't ask me why, I'm just the guy copy/pasting from KURL and GURL.
	39 #include <url/url_canon.h>

37	40

38 namespace blink {	41 namespace blink {

39	42

	43 namespace {

	44

	45 bool HostIsIPAddress(const String& host)
	jochen (gone - plz use gerrit) 2015/05/15 14:44:13 no indent no indent
	46 {

	47 if (host.isEmpty())

	48 return false;

	49

	50 KURL url(KURL(), "http://" + host + "/");

	51 if (!url.isValid())

	52 return false;

	53

	54 url::RawCanonOutputT<char, 128> ignoredOutput;

	55 url::CanonHostInfo hostInfo;

	56 url::Component hostComponent(7, host.length());
	Ryan Sleevi 2015/05/13 23:23:34 grumble-nit - It's not immediately obvious that th grumble-nit - It's not immediately obvious that the 7 is tied to line 50, or that someone won't come along and helpfully change things to https:// because http:// is bad and then bad things happen :) Make these two static constants in the function? jochen (gone - plz use gerrit) 2015/05/15 14:44:13 why not make it https:// already now :) Show quoted text On 2015/05/13 at 23:23:34, Ryan Sleevi wrote: > grumble-nit - It's not immediately obvious that the 7 is tied to line 50, or that someone won't come along and helpfully change things to https:// because http:// is bad and then bad things happen :) > > Make these two static constants in the function? why not make it https:// already now :) Mike West 2015/05/15 14:45:16 I _should_ change this to HTTPS! It'll be tons mor Show quoted text On 2015/05/13 at 23:23:34, Ryan Sleevi wrote: > grumble-nit - It's not immediately obvious that the 7 is tied to line 50, or that someone won't come along and helpfully change things to https:// because http:// is bad and then bad things happen :) I _should_ change this to HTTPS! It'll be tons more secure. Show quoted text > Make these two static constants in the function? Done.
	57 url::CanonicalizeIPAddress(url.string().utf8().data(), hostComponent, &i gnoredOutput, &hostInfo);

	58 return hostInfo.IsIPAddress();
	Ryan Sleevi 2015/05/13 23:23:34 This is basically duplicating GURL::HostIsIPAddres This is basically duplicating GURL::HostIsIPAddress. Mike West 2015/05/15 14:45:16 Noted. Show quoted text On 2015/05/13 at 23:23:34, Ryan Sleevi wrote: > This is basically duplicating GURL::HostIsIPAddress. Noted.
	59 }

	60 }

	61

40 OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting, IPAddressSetting ipAddressSetting)	62 OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting, IPAddressSetting ipAddressSetting)

41 : m_protocol(protocol.lower())	63 : m_protocol(protocol.lower())

42 , m_host(host.lower())	64 , m_host(host.lower())

43 , m_subdomainSettings(subdomainSetting)	65 , m_subdomainSettings(subdomainSetting)

44 , m_ipAddressSettings(ipAddressSetting)	66 , m_ipAddressSettings(ipAddressSetting)

45 , m_hostIsPublicSuffix(false)	67 , m_hostIsPublicSuffix(false)

46 {	68 {

47 ASSERT(subdomainSetting == AllowSubdomains \|\| subdomainSetting == DisallowSu bdomains);	69 ASSERT(subdomainSetting == AllowSubdomains \|\| subdomainSetting == DisallowSu bdomains);

48	70

49 // Assume that any host that ends with a digit is trying to be an IP address .	71 m_hostIsIPAddress = HostIsIPAddress(host);

50 m_hostIsIPAddress = !m_host.isEmpty() && isASCIIDigit(m_host[m_host.length() - 1]);

51	72

52 // Look for top-level domains, either with or without an additional dot.	73 // Look for top-level domains, either with or without an additional dot.

53 if (!m_hostIsIPAddress) {	74 if (!m_hostIsIPAddress) {

54 WebPublicSuffixList* suffixList = Platform::current()->publicSuffixList( );	75 WebPublicSuffixList* suffixList = Platform::current()->publicSuffixList( );

55 if (suffixList && m_host.length() <= suffixList->getPublicSuffixLength(m _host) + 1)	76 if (suffixList && m_host.length() <= suffixList->getPublicSuffixLength(m _host) + 1)

56 m_hostIsPublicSuffix = true;	77 m_hostIsPublicSuffix = true;

57 }	78 }

58 }	79 }

59	80

60 OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOr igin& origin) const	81 OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOr igin& origin) const

(...skipping 24 matching lines...) Expand all Loading...
85 if (origin.host().length() <= m_host.length() \|\| origin.host()[origin.host() .length() - m_host.length() - 1] != '.' \|\| !origin.host().endsWith(m_host))	106 if (origin.host().length() <= m_host.length() \|\| origin.host()[origin.host() .length() - m_host.length() - 1] != '.' \|\| !origin.host().endsWith(m_host))

86 return DoesNotMatchOrigin;	107 return DoesNotMatchOrigin;

87	108

88 if (m_hostIsPublicSuffix)	109 if (m_hostIsPublicSuffix)

89 return MatchesOriginButIsPublicSuffix;	110 return MatchesOriginButIsPublicSuffix;

90	111

91 return MatchesOrigin;	112 return MatchesOrigin;

92 }	113 }

93	114

94 } // namespace blink	115 } // namespace blink

OLD	NEW