Add removal filter support for Cookies, Storage, and Content Settings.

chrome/browser/browsing_data/origin_filter_builder.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/browsing_data/origin_filter_builder.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 
 namespace {
 
 bool NoopFilter(const GURL& url) {
   return true;
 }
 
 }  // namespace
 
 OriginFilterBuilder::OriginFilterBuilder(Mode mode)
@@ skipping 19 matching lines @@
   // origin. This is currently not a problem, but if it becomes one,
   // consider recognizing the URL path.
 
   origin_list_.insert(origin);
 }
 
 void OriginFilterBuilder::SetMode(Mode mode) {
   mode_ = mode;
 }
 
+bool OriginFilterBuilder::IsEmptyBlacklist() const {
+  return mode_ == Mode::BLACKLIST && origin_list_.empty();
+}
+
 base::Callback<bool(const GURL&)>
     OriginFilterBuilder::BuildSameOriginFilter() const {
   std::set<url::Origin>* origins = new std::set<url::Origin>(origin_list_);
   return base::Bind(&OriginFilterBuilder::MatchesURL,
                     base::Owned(origins), mode_);
 }
 
+base::Callback<bool(const ContentSettingsPattern& pattern)>
+    OriginFilterBuilder::BuildWebsiteSettingsPatternMatchesFilter() const {
+  std::set<url::Origin>* origins = new std::set<url::Origin>(origin_list_);
+  return base::Bind(&OriginFilterBuilder::MatchesWebsiteSettingsPattern,
+                    base::Owned(origins), mode_);
+}
+
+base::Callback<bool(const net::CanonicalCookie& pattern)>
+    OriginFilterBuilder::BuildDomainCookieFilter() const {
+  std::set<url::Origin>* origins = new std::set<url::Origin>(origin_list_);
+  return base::Bind(&OriginFilterBuilder::MatchesCookieForTLDPlusOne,
+                    base::Owned(origins), mode_);
+}
+
 base::Callback<bool(const GURL&)>
     OriginFilterBuilder::BuildDomainFilter() const {
   std::set<url::Origin>* origins = new std::set<url::Origin>(origin_list_);
   return base::Bind(&OriginFilterBuilder::MatchesURLWithSubdomains,
                     base::Owned(origins), mode_);
 }
 
 // static
 base::Callback<bool(const GURL&)> OriginFilterBuilder::BuildNoopFilter() {
   return base::Bind(&NoopFilter);
 }
 
 // static
 bool OriginFilterBuilder::MatchesURL(
     std::set<url::Origin>* origins, Mode mode, const GURL& url) {
   return ((origins->find(url::Origin(url)) != origins->end()) ==
           (mode == WHITELIST));
 }
 
 // static
+bool OriginFilterBuilder::MatchesWebsiteSettingsPattern(
+    std::set<url::Origin>* origins,
+    Mode mode,
+    const ContentSettingsPattern& pattern) {
+  for (const url::Origin& origin : *origins) {
+    if (pattern.Matches(GURL(origin.Serialize())))
+      return mode == WHITELIST;
+  }
+  return mode != WHITELIST;
+}
+
+// static
+bool OriginFilterBuilder::MatchesCookieForTLDPlusOne(

[Mike West, 2016/03/11 08:36:10]

Nit: Would you mind using something like "MatchesCookiesRegistrableDomain" as
opposed to "eTLD+1"? The former seems more likely to be clear. If you prefer the
latter, the "e" is important, as `appspot.com`'s TLD is "com", but it's
_effective_ TLD is "appspot.com". :)

[dmurph, 2016/03/30 22:21:26]

sgtm

+    std::set<url::Origin>* origins,
+    Mode mode,
+    const net::CanonicalCookie& cookie) {
+  if (origins->empty())
+    return mode == BLACKLIST;
+
+  bool found = false;
+  std::string cookie_domain = cookie.Domain();
+  if (cookie.IsDomainCookie()) {
+    cookie_domain = cookie_domain.substr(1);
+  }

[Mike West, 2016/03/11 08:36:10]

Nit: No {} around single-line clauses.

[dmurph, 2016/03/30 22:21:26]

Done.

+  std::string cookie_tld_plus_one =
+      net::registry_controlled_domains::GetDomainAndRegistry(
+          cookie_domain,
+          net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);

[Mike West, 2016/03/11 08:36:10]

You'll need to check for IP addresses here as well, right? You can probably
simplify this by checking for the cookie domain being an IP address, and
skipping all the registry controlled calls entirely by just doing a straight
comparison of the cookie's domain to the origin's host.

Then you can also skip the IP address bits in the for loop, because you know
they won't match.

[dmurph, 2016/03/30 22:21:26]

Did this in a slightly different way, but it now works.

+  for (const url::Origin& origin : *origins) {
+    GURL origin_url(origin.Serialize());
+    if (origin_url.HostIsIPAddress()) {
+      if (origin_url.host() == cookie_domain) {
+        found = true;
+        break;
+      }
+    } else if (cookie_tld_plus_one ==
+               net::registry_controlled_domains::GetDomainAndRegistry(
+                   origin.host(), net::registry_controlled_domains::
+                                      INCLUDE_PRIVATE_REGISTRIES)) {
+      found = true;
+      break;
+    }
+  }
+  return (mode == WHITELIST) == found;
+}
+
+// static
 bool OriginFilterBuilder::MatchesURLWithSubdomains(
     std::set<url::Origin>* origins, Mode mode, const GURL& url) {
   if (origins->empty())
     return mode == BLACKLIST;
 
   // If there is no concept of subdomains, simply delegate to MatchesURL().
   if (url.HostIsIPAddress())
     return MatchesURL(origins, mode, url);
 
   // TODO(msramek): We do not expect filters to be particularly large.
@@ skipping 15 matching lines @@
     if (origins->find(url::Origin(origin_with_removed_subdomain))
         != origins->end()) {
       return mode == WHITELIST;
     }
   }
 
   // We do not recognize the URL. Return false for whitelist mode and true
   // for blacklist mode.
   return mode == BLACKLIST;
 }