Add UMA for measuring Content-Dispostion header use and abuse.

net/http/http_content_disposition.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_content_disposition.h"
 
 #include "base/base64.h"
 #include "base/i18n/icu_string_conversions.h"
 #include "base/logging.h"
 #include "base/string_util.h"
@@ skipping 79 matching lines @@
   ucnv_close(converter);
   if (U_FAILURE(err))
     return false;
   output->resize(output_length);
   return true;
 }
 
 bool DecodeWord(const std::string& encoded_word,
                 const std::string& referrer_charset,
                 bool* is_rfc2047,
-                std::string* output) {
+                std::string* output,
+                HttpContentDisposition::ParseResult* parse_result) {
   *is_rfc2047 = false;
   output->clear();
   if (encoded_word.empty())
     return true;
 
   if (!IsStringASCII(encoded_word)) {
     // Try UTF-8, referrer_charset and the native OS default charset in turn.
     if (IsStringUTF8(encoded_word)) {
       *output = encoded_word;
     } else {
       string16 utf16_output;
       if (!referrer_charset.empty() &&
           base::CodepageToUTF16(encoded_word, referrer_charset.c_str(),
                                 base::OnStringConversionError::FAIL,
                                 &utf16_output)) {
         *output = UTF16ToUTF8(utf16_output);
       } else {
         *output = WideToUTF8(base::SysNativeMBToWide(encoded_word));
       }
     }
 
+    parse_result->has_non_ascii_strings = true;
     return true;
   }
 
   // RFC 2047 : one of encoding methods supported by Firefox and relatively
   // widely used by web servers.
   // =?charset?<E>?<encoded string>?= where '<E>' is either 'B' or 'Q'.
   // We don't care about the length restriction (72 bytes) because
   // many web servers generate encoded words longer than the limit.
-  std::string tmp;
+  std::string decoded_word;
   *is_rfc2047 = true;
   int part_index = 0;
   std::string charset;
   StringTokenizer t(encoded_word, "?");
   RFC2047EncodingType enc_type = Q_ENCODING;
   while (*is_rfc2047 && t.GetNext()) {
     std::string part = t.token();
     switch (part_index) {
       case 0:
         if (part != "=") {
@@ skipping 12 matching lines @@
             part.find_first_of("bBqQ") == std::string::npos) {
           *is_rfc2047 = false;
           break;
         }
         if (part[0] == 'b' || part[0] == 'B') {
           enc_type = B_ENCODING;
         }
         ++part_index;
         break;
       case 3:
-        *is_rfc2047 = DecodeBQEncoding(part, enc_type, charset, &tmp);
+        *is_rfc2047 = DecodeBQEncoding(part, enc_type, charset, &decoded_word);
         if (!*is_rfc2047) {
           // Last minute failure. Invalid B/Q encoding. Rather than
           // passing it through, return now.
           return false;
         }
         ++part_index;
         break;
       case 4:
         if (part != "=") {
           // Another last minute failure !
           // Likely to be a case of two encoded-words in a row or
           // an encoded word followed by a non-encoded word. We can be
           // generous, but it does not help much in terms of compatibility,
           // I believe. Return immediately.
           *is_rfc2047 = false;
           return false;
         }
         ++part_index;
         break;
       default:
         *is_rfc2047 = false;
         return false;
     }
   }
 
   if (*is_rfc2047) {
     if (*(encoded_word.end() - 1) == '=') {
-      output->swap(tmp);
+      output->swap(decoded_word);
+      parse_result->has_rfc2047_encoded_strings = true;
       return true;
     }
     // encoded_word ending prematurelly with '?' or extra '?'
     *is_rfc2047 = false;
     return false;
   }
 
   // We're not handling 'especial' characters quoted with '\', but
   // it should be Ok because we're not an email client but a
   // web browser.
 
   // What IE6/7 does: %-escaped UTF-8.
-  tmp = UnescapeURLComponent(encoded_word, UnescapeRule::SPACES);
-  if (IsStringUTF8(tmp)) {
-    output->swap(tmp);
+  decoded_word = UnescapeURLComponent(encoded_word, UnescapeRule::SPACES);
+  if (decoded_word != encoded_word)
+    parse_result->has_percent_encoded_strings = true;
+  if (IsStringUTF8(decoded_word)) {
+    output->swap(decoded_word);
     return true;
     // We can try either the OS default charset or 'origin charset' here,
     // As far as I can tell, IE does not support it. However, I've seen
     // web servers emit %-escaped string in a legacy encoding (usually
     // origin charset).
     // TODO(jungshik) : Test IE further and consider adding a fallback here.
   }
   return false;
 }
 
 // Decodes the value of a 'filename' or 'name' parameter given as |input|. The
 // value is supposed to be of the form:
 //
 //   value                   = token | quoted-string
 //
 // However we currently also allow RFC 2047 encoding and non-ASCII
 // strings. Non-ASCII strings are interpreted based on |referrer_charset|.
 bool DecodeFilenameValue(const std::string& input,
                          const std::string& referrer_charset,
-                         std::string* output) {
-  std::string tmp;
+                         std::string* output,
+                         HttpContentDisposition::ParseResult* parse_result) {
+  HttpContentDisposition::ParseResult current_parse_result;
+  std::string decoded_value;
+  bool is_previous_token_rfc2047 = true;
+
   // Tokenize with whitespace characters.
   StringTokenizer t(input, " \t\n\r");
   t.set_options(StringTokenizer::RETURN_DELIMS);
-  bool is_previous_token_rfc2047 = true;
   while (t.GetNext()) {
     if (t.token_is_delim()) {
       // If the previous non-delimeter token is not RFC2047-encoded,
       // put in a space in its place. Otheriwse, skip over it.
-      if (!is_previous_token_rfc2047) {
-        tmp.push_back(' ');
-      }
+      if (!is_previous_token_rfc2047)
+        decoded_value.push_back(' ');
       continue;
     }
     // We don't support a single multibyte character split into
     // adjacent encoded words. Some broken mail clients emit headers
     // with that problem, but most web servers usually encode a filename
     // in a single encoded-word. Firefox/Thunderbird do not support
     // it, either.
     std::string decoded;
     if (!DecodeWord(t.token(), referrer_charset, &is_previous_token_rfc2047,
-                    &decoded))
+                    &decoded, &current_parse_result))
       return false;
-    tmp.append(decoded);
+    decoded_value.append(decoded);
   }
-  output->swap(tmp);
+  output->swap(decoded_value);
+  if (parse_result) {
+    parse_result->has_non_ascii_strings =
+        current_parse_result.has_non_ascii_strings;
+    parse_result->has_percent_encoded_strings =
+        current_parse_result.has_percent_encoded_strings;
+    parse_result->has_rfc2047_encoded_strings =
+        current_parse_result.has_rfc2047_encoded_strings;
+  }
   return true;
 }
 
 // Parses the charset and value-chars out of an ext-value string.
 //
 //  ext-value     = charset  "'" [ language ] "'" value-chars
 bool ParseExtValueComponents(const std::string& input,
                              std::string* charset,
                              std::string* value_chars) {
   StringTokenizer t(input, "'");
@@ skipping 67 matching lines @@
   }
 
   std::string unescaped = UnescapeURLComponent(value,
       UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS);
 
   return base::ConvertToUtf8AndNormalize(unescaped, charset, decoded);
 }
 
 } // namespace
 
+HttpContentDisposition::ParseResult::ParseResult()
+    : has_disposition_type(false),
+      has_unknown_disposition_type(false),
+      has_name(false),
+      has_filename(false),
+      has_ext_filename(false),
+      has_non_ascii_strings(false),
+      has_percent_encoded_strings(false),
+      has_rfc2047_encoded_strings(false) {
+}
+
 HttpContentDisposition::HttpContentDisposition(
     const std::string& header, const std::string& referrer_charset)
   : type_(INLINE) {
   Parse(header, referrer_charset);
 }
 
 HttpContentDisposition::~HttpContentDisposition() {
 }
 
 std::string::const_iterator HttpContentDisposition::ConsumeDispositionType(
     std::string::const_iterator begin, std::string::const_iterator end) {
   DCHECK(type_ == INLINE);
   std::string::const_iterator delimiter = std::find(begin, end, ';');
 
   std::string::const_iterator type_begin = begin;
   std::string::const_iterator type_end = delimiter;
   HttpUtil::TrimLWS(&type_begin, &type_end);
 
   // If the disposition-type isn't a valid token the then the
   // Content-Disposition header is malformed, and we treat the first bytes as
   // a parameter rather than a disposition-type.
   if (!HttpUtil::IsToken(type_begin, type_end))
     return begin;
 
+  parse_result_.has_disposition_type = true;
+
   DCHECK(std::find(type_begin, type_end, '=') == type_end);
 
-  if (!LowerCaseEqualsASCII(type_begin, type_end, "inline"))
+  if (LowerCaseEqualsASCII(type_begin, type_end, "inline")) {
+    type_ = INLINE;
+  } else if (LowerCaseEqualsASCII(type_begin, type_end, "attachment")) {
     type_ = ATTACHMENT;
+  } else {
+    parse_result_.has_unknown_disposition_type = true;
+    type_ = ATTACHMENT;
+  }
   return delimiter;
 }
 
 // http://tools.ietf.org/html/rfc6266
 //
 //  content-disposition = "Content-Disposition" ":"
 //                         disposition-type *( ";" disposition-parm )
 //
 //  disposition-type    = "inline" | "attachment" | disp-ext-type
 //                      ; case-insensitive
@@ skipping 19 matching lines @@
 
   std::string name;
   std::string filename;
   std::string ext_filename;
 
   HttpUtil::NameValuePairsIterator iter(pos, end, ';');
   while (iter.GetNext()) {
     if (filename.empty() && LowerCaseEqualsASCII(iter.name_begin(),
                                                  iter.name_end(),
                                                  "filename")) {
-      DecodeFilenameValue(iter.value(), referrer_charset, &filename);
+      parse_result_.has_filename =
+          DecodeFilenameValue(iter.value(), referrer_charset, &filename,
+                              &parse_result_);
     } else if (name.empty() && LowerCaseEqualsASCII(iter.name_begin(),
                                                     iter.name_end(),
                                                     "name")) {
-      DecodeFilenameValue(iter.value(), referrer_charset, &name);
+      parse_result_.has_name =
+          DecodeFilenameValue(iter.value(), referrer_charset, &name, NULL);
     } else if (ext_filename.empty() && LowerCaseEqualsASCII(iter.name_begin(),
                                                             iter.name_end(),
                                                             "filename*")) {
-      DecodeExtValue(iter.raw_value(), &ext_filename);
+      parse_result_.has_ext_filename =
+          DecodeExtValue(iter.raw_value(), &ext_filename);
     }
   }
 
   if (!ext_filename.empty())
     filename_ = ext_filename;
   else if (!filename.empty())
     filename_ = filename;
   else
     filename_ = name;
 }
 
 }  // namespace net