Chromium Code Reviews Chromium Code Reviews
Issue 1996773002:
Sanitize https:// URLs before sending them to PAC scripts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/proxy/proxy_service.h" | 5 #include "net/proxy/proxy_service.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <cmath> | 8 #include <cmath> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 919 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 930 ProxyService::ProxyService( | 930 ProxyService::ProxyService( |
| 931 std::unique_ptr<ProxyConfigService> config_service, | 931 std::unique_ptr<ProxyConfigService> config_service, |
| 932 std::unique_ptr<ProxyResolverFactory> resolver_factory, | 932 std::unique_ptr<ProxyResolverFactory> resolver_factory, |
| 933 NetLog* net_log) | 933 NetLog* net_log) |
| 934 : resolver_factory_(std::move(resolver_factory)), | 934 : resolver_factory_(std::move(resolver_factory)), |
| 935 next_config_id_(1), | 935 next_config_id_(1), |
| 936 current_state_(STATE_NONE), | 936 current_state_(STATE_NONE), |
| 937 net_log_(net_log), | 937 net_log_(net_log), |
| 938 stall_proxy_auto_config_delay_( | 938 stall_proxy_auto_config_delay_( |
| 939 TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), | 939 TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), |
| 940 quick_check_enabled_(true) { | 940 quick_check_enabled_(true), |
| 941 sanitize_url_policy_(SanitizeUrlPolicy::SAFE) { | |
| 941 NetworkChangeNotifier::AddIPAddressObserver(this); | 942 NetworkChangeNotifier::AddIPAddressObserver(this); |
| 942 NetworkChangeNotifier::AddDNSObserver(this); | 943 NetworkChangeNotifier::AddDNSObserver(this); |
| 943 ResetConfigService(std::move(config_service)); | 944 ResetConfigService(std::move(config_service)); |
| 944 } | 945 } |
| 945 | 946 |
| 946 // static | 947 // static |
| 947 std::unique_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver( | 948 std::unique_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver( |
| 948 std::unique_ptr<ProxyConfigService> proxy_config_service, | 949 std::unique_ptr<ProxyConfigService> proxy_config_service, |
| 949 size_t num_pac_threads, | 950 size_t num_pac_threads, |
| 950 NetLog* net_log) { | 951 NetLog* net_log) { |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1043 | 1044 |
| 1044 // Notify our polling-based dependencies that a resolve is taking place. | 1045 // Notify our polling-based dependencies that a resolve is taking place. |
| 1045 // This way they can schedule their polls in response to network activity. | 1046 // This way they can schedule their polls in response to network activity. |
| 1046 config_service_->OnLazyPoll(); | 1047 config_service_->OnLazyPoll(); |
| 1047 if (script_poller_.get()) | 1048 if (script_poller_.get()) |
| 1048 script_poller_->OnLazyPoll(); | 1049 script_poller_->OnLazyPoll(); |
| 1049 | 1050 |
| 1050 if (current_state_ == STATE_NONE) | 1051 if (current_state_ == STATE_NONE) |
| 1051 ApplyProxyConfigIfAvailable(); | 1052 ApplyProxyConfigIfAvailable(); |
| 1052 | 1053 |
| 1053 // Strip away any reference fragments and the username/password, as they | 1054 // Sanitize the URL before passing it on to the proxy resolver (i.e. PAC |
| 1054 // are not relevant to proxy resolution. | 1055 // script). The goal is to remove sensitive data (like embedded user names |
| 1055 GURL url = SimplifyUrlForRequest(raw_url); | 1056 // and password), and local data (i.e. reference fragment) which does not need |
| 1057 // to be disclosed to the resolver. | |
| 1058 GURL url = SanitizeUrl(raw_url, sanitize_url_policy_); | |
| 1056 | 1059 |
| 1057 // Check if the request can be completed right away. (This is the case when | 1060 // Check if the request can be completed right away. (This is the case when |
| 1058 // using a direct connection for example). | 1061 // using a direct connection for example). |
| 1059 int rv = TryToCompleteSynchronously(url, load_flags, proxy_delegate, result); | 1062 int rv = TryToCompleteSynchronously(url, load_flags, proxy_delegate, result); |
| 1060 if (rv != ERR_IO_PENDING) { | 1063 if (rv != ERR_IO_PENDING) { |
| 1061 rv = DidFinishResolvingProxy( | 1064 rv = DidFinishResolvingProxy( |
| 1062 url, method, load_flags, proxy_delegate, result, rv, net_log, | 1065 url, method, load_flags, proxy_delegate, result, rv, net_log, |
| 1063 callback.is_null() ? TimeTicks() : TimeTicks::Now(), false); | 1066 callback.is_null() ? TimeTicks() : TimeTicks::Now(), false); |
| 1064 return rv; | 1067 return rv; |
| 1065 } | 1068 } |
| (...skipping 486 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1552 const PacPollPolicy* policy) { | 1555 const PacPollPolicy* policy) { |
| 1553 return ProxyScriptDeciderPoller::set_policy(policy); | 1556 return ProxyScriptDeciderPoller::set_policy(policy); |
| 1554 } | 1557 } |
| 1555 | 1558 |
| 1556 // static | 1559 // static |
| 1557 std::unique_ptr<ProxyService::PacPollPolicy> | 1560 std::unique_ptr<ProxyService::PacPollPolicy> |
| 1558 ProxyService::CreateDefaultPacPollPolicy() { | 1561 ProxyService::CreateDefaultPacPollPolicy() { |
| 1559 return std::unique_ptr<PacPollPolicy>(new DefaultPollPolicy()); | 1562 return std::unique_ptr<PacPollPolicy>(new DefaultPollPolicy()); |
| 1560 } | 1563 } |
| 1561 | 1564 |
| 1565 GURL ProxyService::SanitizeUrl(const GURL& url, SanitizeUrlPolicy policy) { | |
| 1566 DCHECK(url.is_valid()); | |
|
mmenke
2016/05/20 17:40:23
optional: Suggest a blank line between input sani
eroman
2016/05/20 21:23:53
Done.
| |
| 1567 GURL::Replacements replacements; | |
| 1568 replacements.ClearUsername(); | |
| 1569 replacements.ClearPassword(); | |
| 1570 replacements.ClearRef(); | |
| 1571 | |
| 1572 if (policy == SanitizeUrlPolicy::SAFE && url.SchemeIsCryptographic()) { | |
| 1573 replacements.ClearPath(); | |
| 1574 replacements.ClearQuery(); | |
| 1575 } | |
| 1576 | |
| 1577 return url.ReplaceComponents(replacements); | |
| 1578 } | |
| 1579 | |
| 1562 void ProxyService::OnProxyConfigChanged( | 1580 void ProxyService::OnProxyConfigChanged( |
| 1563 const ProxyConfig& config, | 1581 const ProxyConfig& config, |
| 1564 ProxyConfigService::ConfigAvailability availability) { | 1582 ProxyConfigService::ConfigAvailability availability) { |
| 1565 // Retrieve the current proxy configuration from the ProxyConfigService. | 1583 // Retrieve the current proxy configuration from the ProxyConfigService. |
| 1566 // If a configuration is not available yet, we will get called back later | 1584 // If a configuration is not available yet, we will get called back later |
| 1567 // by our ProxyConfigService::Observer once it changes. | 1585 // by our ProxyConfigService::Observer once it changes. |
| 1568 ProxyConfig effective_config; | 1586 ProxyConfig effective_config; |
| 1569 switch (availability) { | 1587 switch (availability) { |
| 1570 case ProxyConfigService::CONFIG_PENDING: | 1588 case ProxyConfigService::CONFIG_PENDING: |
| 1571 // ProxyConfigService implementors should never pass CONFIG_PENDING. | 1589 // ProxyConfigService implementors should never pass CONFIG_PENDING. |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1655 State previous_state = ResetProxyConfig(false); | 1673 State previous_state = ResetProxyConfig(false); |
| 1656 if (previous_state != STATE_NONE) | 1674 if (previous_state != STATE_NONE) |
| 1657 ApplyProxyConfigIfAvailable(); | 1675 ApplyProxyConfigIfAvailable(); |
| 1658 } | 1676 } |
| 1659 | 1677 |
| 1660 void ProxyService::OnDNSChanged() { | 1678 void ProxyService::OnDNSChanged() { |
| 1661 OnIPAddressChanged(); | 1679 OnIPAddressChanged(); |
| 1662 } | 1680 } |
| 1663 | 1681 |
| 1664 } // namespace net | 1682 } // namespace net |
| OLD | NEW |
