| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/proxy/proxy_service.h" | 5 #include "net/proxy/proxy_service.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <cmath> | 8 #include <cmath> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 ~UnsetProxyConfigService() override {} | 340 ~UnsetProxyConfigService() override {} |
| 341 | 341 |
| 342 void AddObserver(Observer* observer) override {} | 342 void AddObserver(Observer* observer) override {} |
| 343 void RemoveObserver(Observer* observer) override {} | 343 void RemoveObserver(Observer* observer) override {} |
| 344 ConfigAvailability GetLatestProxyConfig(ProxyConfig* config) override { | 344 ConfigAvailability GetLatestProxyConfig(ProxyConfig* config) override { |
| 345 return CONFIG_UNSET; | 345 return CONFIG_UNSET; |
| 346 } | 346 } |
| 347 }; | 347 }; |
| 348 #endif | 348 #endif |
| 349 | 349 |
| 350 // Returns a sanitized copy of |url| which is safe to pass on to a PAC script. |
| 351 // The method for sanitizing is determined by |policy|. See the comments for |
| 352 // that enum for details. |
| 353 GURL SanitizeUrl(const GURL& url, ProxyService::SanitizeUrlPolicy policy) { |
| 354 DCHECK(url.is_valid()); |
| 355 |
| 356 GURL::Replacements replacements; |
| 357 replacements.ClearUsername(); |
| 358 replacements.ClearPassword(); |
| 359 replacements.ClearRef(); |
| 360 |
| 361 if (policy == ProxyService::SanitizeUrlPolicy::SAFE && |
| 362 url.SchemeIsCryptographic()) { |
| 363 replacements.ClearPath(); |
| 364 replacements.ClearQuery(); |
| 365 } |
| 366 |
| 367 return url.ReplaceComponents(replacements); |
| 368 } |
| 369 |
| 350 } // namespace | 370 } // namespace |
| 351 | 371 |
| 352 // ProxyService::InitProxyResolver -------------------------------------------- | 372 // ProxyService::InitProxyResolver -------------------------------------------- |
| 353 | 373 |
| 354 // This glues together two asynchronous steps: | 374 // This glues together two asynchronous steps: |
| 355 // (1) ProxyScriptDecider -- try to fetch/validate a sequence of PAC scripts | 375 // (1) ProxyScriptDecider -- try to fetch/validate a sequence of PAC scripts |
| 356 // to figure out what we should configure against. | 376 // to figure out what we should configure against. |
| 357 // (2) Feed the fetched PAC script into the ProxyResolver. | 377 // (2) Feed the fetched PAC script into the ProxyResolver. |
| 358 // | 378 // |
| 359 // InitProxyResolver is a single-use class which encapsulates cancellation as | 379 // InitProxyResolver is a single-use class which encapsulates cancellation as |
| (...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 930 ProxyService::ProxyService( | 950 ProxyService::ProxyService( |
| 931 std::unique_ptr<ProxyConfigService> config_service, | 951 std::unique_ptr<ProxyConfigService> config_service, |
| 932 std::unique_ptr<ProxyResolverFactory> resolver_factory, | 952 std::unique_ptr<ProxyResolverFactory> resolver_factory, |
| 933 NetLog* net_log) | 953 NetLog* net_log) |
| 934 : resolver_factory_(std::move(resolver_factory)), | 954 : resolver_factory_(std::move(resolver_factory)), |
| 935 next_config_id_(1), | 955 next_config_id_(1), |
| 936 current_state_(STATE_NONE), | 956 current_state_(STATE_NONE), |
| 937 net_log_(net_log), | 957 net_log_(net_log), |
| 938 stall_proxy_auto_config_delay_( | 958 stall_proxy_auto_config_delay_( |
| 939 TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), | 959 TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), |
| 940 quick_check_enabled_(true) { | 960 quick_check_enabled_(true), |
| 961 sanitize_url_policy_(SanitizeUrlPolicy::SAFE) { |
| 941 NetworkChangeNotifier::AddIPAddressObserver(this); | 962 NetworkChangeNotifier::AddIPAddressObserver(this); |
| 942 NetworkChangeNotifier::AddDNSObserver(this); | 963 NetworkChangeNotifier::AddDNSObserver(this); |
| 943 ResetConfigService(std::move(config_service)); | 964 ResetConfigService(std::move(config_service)); |
| 944 } | 965 } |
| 945 | 966 |
| 946 // static | 967 // static |
| 947 std::unique_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver( | 968 std::unique_ptr<ProxyService> ProxyService::CreateUsingSystemProxyResolver( |
| 948 std::unique_ptr<ProxyConfigService> proxy_config_service, | 969 std::unique_ptr<ProxyConfigService> proxy_config_service, |
| 949 size_t num_pac_threads, | 970 size_t num_pac_threads, |
| 950 NetLog* net_log) { | 971 NetLog* net_log) { |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1043 | 1064 |
| 1044 // Notify our polling-based dependencies that a resolve is taking place. | 1065 // Notify our polling-based dependencies that a resolve is taking place. |
| 1045 // This way they can schedule their polls in response to network activity. | 1066 // This way they can schedule their polls in response to network activity. |
| 1046 config_service_->OnLazyPoll(); | 1067 config_service_->OnLazyPoll(); |
| 1047 if (script_poller_.get()) | 1068 if (script_poller_.get()) |
| 1048 script_poller_->OnLazyPoll(); | 1069 script_poller_->OnLazyPoll(); |
| 1049 | 1070 |
| 1050 if (current_state_ == STATE_NONE) | 1071 if (current_state_ == STATE_NONE) |
| 1051 ApplyProxyConfigIfAvailable(); | 1072 ApplyProxyConfigIfAvailable(); |
| 1052 | 1073 |
| 1053 // Strip away any reference fragments and the username/password, as they | 1074 // Sanitize the URL before passing it on to the proxy resolver (i.e. PAC |
| 1054 // are not relevant to proxy resolution. | 1075 // script). The goal is to remove sensitive data (like embedded user names |
| 1055 GURL url = SimplifyUrlForRequest(raw_url); | 1076 // and password), and local data (i.e. reference fragment) which does not need |
| 1077 // to be disclosed to the resolver. |
| 1078 GURL url = SanitizeUrl(raw_url, sanitize_url_policy_); |
| 1056 | 1079 |
| 1057 // Check if the request can be completed right away. (This is the case when | 1080 // Check if the request can be completed right away. (This is the case when |
| 1058 // using a direct connection for example). | 1081 // using a direct connection for example). |
| 1059 int rv = TryToCompleteSynchronously(url, load_flags, proxy_delegate, result); | 1082 int rv = TryToCompleteSynchronously(url, load_flags, proxy_delegate, result); |
| 1060 if (rv != ERR_IO_PENDING) { | 1083 if (rv != ERR_IO_PENDING) { |
| 1061 rv = DidFinishResolvingProxy( | 1084 rv = DidFinishResolvingProxy( |
| 1062 url, method, load_flags, proxy_delegate, result, rv, net_log, | 1085 url, method, load_flags, proxy_delegate, result, rv, net_log, |
| 1063 callback.is_null() ? TimeTicks() : TimeTicks::Now(), false); | 1086 callback.is_null() ? TimeTicks() : TimeTicks::Now(), false); |
| 1064 return rv; | 1087 return rv; |
| 1065 } | 1088 } |
| (...skipping 589 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1655 State previous_state = ResetProxyConfig(false); | 1678 State previous_state = ResetProxyConfig(false); |
| 1656 if (previous_state != STATE_NONE) | 1679 if (previous_state != STATE_NONE) |
| 1657 ApplyProxyConfigIfAvailable(); | 1680 ApplyProxyConfigIfAvailable(); |
| 1658 } | 1681 } |
| 1659 | 1682 |
| 1660 void ProxyService::OnDNSChanged() { | 1683 void ProxyService::OnDNSChanged() { |
| 1661 OnIPAddressChanged(); | 1684 OnIPAddressChanged(); |
| 1662 } | 1685 } |
| 1663 | 1686 |
| 1664 } // namespace net | 1687 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2058683002:
Sanitize https:// URLs before sending them to PAC scripts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2743