| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cookies/cookie_util.h" | 5 #include "net/cookies/cookie_util.h" |
| 6 | 6 |
| 7 #include <cstdio> | 7 #include <cstdio> |
| 8 #include <cstdlib> | 8 #include <cstdlib> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/strings/string_tokenizer.h" | 11 #include "base/strings/string_tokenizer.h" |
| 12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
| 14 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 14 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 15 #include "net/base/url_util.h" | 15 #include "net/base/url_util.h" |
| 16 #include "url/gurl.h" | 16 #include "url/gurl.h" |
| 17 | 17 |
| 18 namespace net { | 18 namespace net { |
| 19 namespace cookie_util { | 19 namespace cookie_util { |
| 20 | 20 |
| 21 namespace { |
| 22 |
| 23 base::Time MinNonNullTime() { |
| 24 return base::Time::FromInternalValue(1); |
| 25 } |
| 26 |
| 27 // Tries to assemble a base::Time given a base::Time::Exploded representing a |
| 28 // UTC calendar date. |
| 29 // |
| 30 // If the date falls outside of the range supported internally by |
| 31 // FromUTCExploded(), then the result is clamped to: |
| 32 // |
| 33 // * Time(1) as the minimum value |
| 34 // * Time::Max() as the maximum value |
| 35 bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded, |
| 36 base::Time* out) { |
| 37 // Try to calculate the base::Time in the normal fashion. |
| 38 if (base::Time::FromUTCExploded(exploded, out)) { |
| 39 // Don't return Time(0) on success. |
| 40 if (out->is_null()) |
| 41 *out = MinNonNullTime(); |
| 42 return true; |
| 43 } |
| 44 |
| 45 // base::Time::FromUTCExploded() has platform-specific limits: |
| 46 // |
| 47 // * Windows: Years 1601 - 30827 |
| 48 // * 32-bit POSIX: Years 1970 - 2038 |
| 49 // |
| 50 // Work around this by clamping values when imploding the time is doomed |
| 51 // to fail. |
| 52 // |
| 53 // Note that the following implementation is NOT perfect. It will accept |
| 54 // some invalid calendar dates in the out-of-range case. |
| 55 if (!exploded.HasValidValues()) |
| 56 return false; |
| 57 |
| 58 // Allow dates prior to unix epoch (which fail on POSIX). |
| 59 if (exploded.year <= 1970) { |
| 60 *out = MinNonNullTime(); |
| 61 return true; |
| 62 } |
| 63 |
| 64 // Allow dates after the Windows epoch (which fail on Windows and 32-bit |
| 65 // POSIX), or dates after 2038 (which fail on 32-bit POSIX). |
| 66 if (exploded.year >= 30827 || |
| 67 (sizeof(time_t) == 4u && exploded.year >= 2038)) { |
| 68 *out = base::Time::Max(); |
| 69 return true; |
| 70 } |
| 71 |
| 72 return false; |
| 73 } |
| 74 |
| 75 } // namespace |
| 76 |
| 21 bool DomainIsHostOnly(const std::string& domain_string) { | 77 bool DomainIsHostOnly(const std::string& domain_string) { |
| 22 return (domain_string.empty() || domain_string[0] != '.'); | 78 return (domain_string.empty() || domain_string[0] != '.'); |
| 23 } | 79 } |
| 24 | 80 |
| 25 std::string GetEffectiveDomain(const std::string& scheme, | 81 std::string GetEffectiveDomain(const std::string& scheme, |
| 26 const std::string& host) { | 82 const std::string& host) { |
| 27 if (scheme == "http" || scheme == "https" || scheme == "ws" || | 83 if (scheme == "http" || scheme == "https" || scheme == "ws" || |
| 28 scheme == "wss") { | 84 scheme == "wss") { |
| 29 return registry_controlled_domains::GetDomainAndRegistry( | 85 return registry_controlled_domains::GetDomainAndRegistry( |
| 30 host, | 86 host, |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 } | 152 } |
| 97 | 153 |
| 98 // Parse a cookie expiration time. We try to be lenient, but we need to | 154 // Parse a cookie expiration time. We try to be lenient, but we need to |
| 99 // assume some order to distinguish the fields. The basic rules: | 155 // assume some order to distinguish the fields. The basic rules: |
| 100 // - The month name must be present and prefix the first 3 letters of the | 156 // - The month name must be present and prefix the first 3 letters of the |
| 101 // full month name (jan for January, jun for June). | 157 // full month name (jan for January, jun for June). |
| 102 // - If the year is <= 2 digits, it must occur after the day of month. | 158 // - If the year is <= 2 digits, it must occur after the day of month. |
| 103 // - The time must be of the format hh:mm:ss. | 159 // - The time must be of the format hh:mm:ss. |
| 104 // An average cookie expiration will look something like this: | 160 // An average cookie expiration will look something like this: |
| 105 // Sat, 15-Apr-17 21:01:22 GMT | 161 // Sat, 15-Apr-17 21:01:22 GMT |
| 106 base::Time ParseCookieTime(const std::string& time_string) { | 162 base::Time ParseCookieExpirationTime(const std::string& time_string) { |
| 107 static const char* const kMonths[] = { | 163 static const char* const kMonths[] = { |
| 108 "jan", "feb", "mar", "apr", "may", "jun", | 164 "jan", "feb", "mar", "apr", "may", "jun", |
| 109 "jul", "aug", "sep", "oct", "nov", "dec" }; | 165 "jul", "aug", "sep", "oct", "nov", "dec" }; |
| 110 static const int kMonthsLen = arraysize(kMonths); | 166 static const int kMonthsLen = arraysize(kMonths); |
| 111 // We want to be pretty liberal, and support most non-ascii and non-digit | 167 // We want to be pretty liberal, and support most non-ascii and non-digit |
| 112 // characters as a delimiter. We can't treat : as a delimiter, because it | 168 // characters as a delimiter. We can't treat : as a delimiter, because it |
| 113 // is the delimiter for hh:mm:ss, and we want to keep this field together. | 169 // is the delimiter for hh:mm:ss, and we want to keep this field together. |
| 114 // We make sure to include - and +, since they could prefix numbers. | 170 // We make sure to include - and +, since they could prefix numbers. |
| 115 // If the cookie attribute came in in quotes (ex expires="XXX"), the quotes | 171 // If the cookie attribute came in in quotes (ex expires="XXX"), the quotes |
| 116 // will be preserved, and we will get them here. So we make sure to include | 172 // will be preserved, and we will get them here. So we make sure to include |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 193 // NOTREACHED() << "Cookie parse expiration failed: " << time_string; | 249 // NOTREACHED() << "Cookie parse expiration failed: " << time_string; |
| 194 return base::Time(); | 250 return base::Time(); |
| 195 } | 251 } |
| 196 | 252 |
| 197 // Normalize the year to expand abbreviated years to the full year. | 253 // Normalize the year to expand abbreviated years to the full year. |
| 198 if (exploded.year >= 69 && exploded.year <= 99) | 254 if (exploded.year >= 69 && exploded.year <= 99) |
| 199 exploded.year += 1900; | 255 exploded.year += 1900; |
| 200 if (exploded.year >= 0 && exploded.year <= 68) | 256 if (exploded.year >= 0 && exploded.year <= 68) |
| 201 exploded.year += 2000; | 257 exploded.year += 2000; |
| 202 | 258 |
| 203 // If our values are within their correct ranges, we got our time. | 259 // Note that clipping the date if it is outside of a platform-specific range |
| 204 if (exploded.day_of_month >= 1 && exploded.day_of_month <= 31 && | 260 // is permitted by: https://tools.ietf.org/html/rfc6265#section-5.2.1 |
| 205 exploded.month >= 1 && exploded.month <= 12 && | 261 base::Time result; |
| 206 exploded.year >= 1601 && exploded.year <= 30827 && | 262 if (SaturatedTimeFromUTCExploded(exploded, &result)) |
| 207 exploded.hour <= 23 && exploded.minute <= 59 && exploded.second <= 59) { | 263 return result; |
| 208 return base::Time::FromUTCExploded(exploded); | |
| 209 } | |
| 210 | 264 |
| 211 // One of our values was out of expected range. For well-formed input, | 265 // One of our values was out of expected range. For well-formed input, |
| 212 // the following check would be reasonable: | 266 // the following check would be reasonable: |
| 213 // NOTREACHED() << "Cookie exploded expiration failed: " << time_string; | 267 // NOTREACHED() << "Cookie exploded expiration failed: " << time_string; |
| 214 | 268 |
| 215 return base::Time(); | 269 return base::Time(); |
| 216 } | 270 } |
| 217 | 271 |
| 218 GURL CookieOriginToURL(const std::string& domain, bool is_https) { | 272 GURL CookieOriginToURL(const std::string& domain, bool is_https) { |
| 219 if (domain.empty()) | 273 if (domain.empty()) |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 273 buffer.append("; "); | 327 buffer.append("; "); |
| 274 buffer.append(i->first.begin(), i->first.end()); | 328 buffer.append(i->first.begin(), i->first.end()); |
| 275 buffer.push_back('='); | 329 buffer.push_back('='); |
| 276 buffer.append(i->second.begin(), i->second.end()); | 330 buffer.append(i->second.begin(), i->second.end()); |
| 277 } | 331 } |
| 278 return buffer; | 332 return buffer; |
| 279 } | 333 } |
| 280 | 334 |
| 281 } // namespace cookie_util | 335 } // namespace cookie_util |
| 282 } // namespace net | 336 } // namespace net |
| OLD | NEW |