Chromium Code Reviews Chromium Code Reviews
Issue 252613002:
Domain Reliability: More security review. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/domain_reliability/config.h" | 5 #include "components/domain_reliability/config.h" |
| 6 | 6 |
| 7 #include "base/json/json_reader.h" | 7 #include "base/json/json_reader.h" |
| 8 #include "base/json/json_value_converter.h" | 8 #include "base/json/json_value_converter.h" |
| 9 #include "base/rand_util.h" | 9 #include "base/rand_util.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| 11 | 11 |
| 12 namespace { | 12 namespace { |
| 13 | 13 |
| 14 bool ConvertURL(const base::StringPiece& string_piece, GURL* url) { | 14 bool ConvertURL(const base::StringPiece& string_piece, GURL* url) { |
| 15 *url = GURL(string_piece.as_string()); | 15 *url = GURL(string_piece.as_string()); |
| 16 return url->is_valid(); | 16 return url->is_valid(); |
| 17 } | 17 } |
| 18 | 18 |
| 19 bool IsValidSampleRate(double p) { return p >= 0.0 && p <= 1.0; } | 19 bool IsValidSampleRate(double p) { return p >= 0.0 && p <= 1.0; } |
| 20 | 20 |
| 21 } // namespace | 21 } // namespace |
| 22 | 22 |
| 23 namespace domain_reliability { | 23 namespace domain_reliability { |
| 24 | 24 |
| 25 DomainReliabilityConfig::Resource::Resource() {} | 25 DomainReliabilityConfig::Resource::Resource() {} |
| 26 | |
| 27 DomainReliabilityConfig::Resource::~Resource() {} | 26 DomainReliabilityConfig::Resource::~Resource() {} |
| 28 | 27 |
| 29 bool DomainReliabilityConfig::Resource::MatchesUrlString( | 28 bool DomainReliabilityConfig::Resource::MatchesUrlString( |
| 30 const std::string& url_string) const { | 29 const std::string& url_string) const { |
| 31 ScopedVector<std::string>::const_iterator it; | 30 ScopedVector<std::string>::const_iterator it; |
| 32 | 31 |
| 33 for (it = url_patterns.begin(); it != url_patterns.end(); it++) { | 32 for (it = url_patterns.begin(); it != url_patterns.end(); it++) { |
| 34 if (MatchPattern(url_string, **it)) | 33 if (MatchPattern(url_string, **it)) |
| 35 return true; | 34 return true; |
| 36 } | 35 } |
| 37 | 36 |
| 38 return false; | 37 return false; |
| 39 } | 38 } |
|
Ryan Sleevi
2014/04/25 01:00:02
You should have unittests that cover this - in par
Deprecated (see juliatuttle)
2014/04/28 22:01:13
I don't think they're security-relevant, but I hav
| |
| 40 | 39 |
| 41 bool DomainReliabilityConfig::Resource::DecideIfShouldReportRequest( | 40 bool DomainReliabilityConfig::Resource::DecideIfShouldReportRequest( |
| 42 bool success) const { | 41 bool success) const { |
| 43 double sample_rate = success ? success_sample_rate : failure_sample_rate; | 42 double sample_rate = success ? success_sample_rate : failure_sample_rate; |
| 44 return base::RandDouble() < sample_rate; | 43 return base::RandDouble() < sample_rate; |
| 45 } | 44 } |
|
Ryan Sleevi
2014/04/25 01:00:02
API design: It's worth noting that calling this mu
Deprecated (see juliatuttle)
2014/04/28 22:01:13
We shouldn't have TOCTOU issues; once the config i
| |
| 46 | 45 |
| 47 // static | 46 // static |
| 48 void DomainReliabilityConfig::Resource::RegisterJSONConverter( | 47 void DomainReliabilityConfig::Resource::RegisterJSONConverter( |
| 49 base::JSONValueConverter<DomainReliabilityConfig::Resource>* converter) { | 48 base::JSONValueConverter<DomainReliabilityConfig::Resource>* converter) { |
| 50 converter->RegisterStringField("resource_name", &Resource::name); | 49 converter->RegisterStringField("resource_name", &Resource::name); |
| 51 converter->RegisterRepeatedString("url_patterns", &Resource::url_patterns); | 50 converter->RegisterRepeatedString("url_patterns", &Resource::url_patterns); |
| 52 converter->RegisterDoubleField("success_sample_rate", | 51 converter->RegisterDoubleField("success_sample_rate", |
| 53 &Resource::success_sample_rate); | 52 &Resource::success_sample_rate); |
| 54 converter->RegisterDoubleField("failure_sample_rate", | 53 converter->RegisterDoubleField("failure_sample_rate", |
| 55 &Resource::failure_sample_rate); | 54 &Resource::failure_sample_rate); |
| 56 } | 55 } |
| 57 | 56 |
| 58 bool DomainReliabilityConfig::Resource::IsValid() const { | 57 bool DomainReliabilityConfig::Resource::IsValid() const { |
| 59 return !name.empty() && !url_patterns.empty() && | 58 return !name.empty() && !url_patterns.empty() && |
| 60 IsValidSampleRate(success_sample_rate) && | 59 IsValidSampleRate(success_sample_rate) && |
| 61 IsValidSampleRate(failure_sample_rate); | 60 IsValidSampleRate(failure_sample_rate); |
| 62 } | 61 } |
| 63 | 62 |
| 64 DomainReliabilityConfig::Collector::Collector() {} | 63 DomainReliabilityConfig::Collector::Collector() {} |
| 65 | |
| 66 DomainReliabilityConfig::Collector::~Collector() {} | 64 DomainReliabilityConfig::Collector::~Collector() {} |
| 67 | 65 |
| 68 // static | 66 // static |
| 69 void DomainReliabilityConfig::Collector::RegisterJSONConverter( | 67 void DomainReliabilityConfig::Collector::RegisterJSONConverter( |
| 70 base::JSONValueConverter<DomainReliabilityConfig::Collector>* converter) { | 68 base::JSONValueConverter<DomainReliabilityConfig::Collector>* converter) { |
| 71 converter->RegisterCustomField<GURL>("upload_url", &Collector::upload_url, | 69 converter->RegisterCustomField<GURL>("upload_url", &Collector::upload_url, |
| 72 &ConvertURL); | 70 &ConvertURL); |
| 73 } | 71 } |
| 74 | 72 |
| 75 bool DomainReliabilityConfig::Collector::IsValid() const { | 73 bool DomainReliabilityConfig::Collector::IsValid() const { |
| 76 return upload_url.is_valid(); | 74 return upload_url.is_valid(); |
| 77 } | 75 } |
| 78 | 76 |
| 79 DomainReliabilityConfig::DomainReliabilityConfig() : valid_until(0.0) {} | 77 DomainReliabilityConfig::DomainReliabilityConfig() : valid_until(0.0) {} |
| 80 | |
| 81 DomainReliabilityConfig::~DomainReliabilityConfig() {} | 78 DomainReliabilityConfig::~DomainReliabilityConfig() {} |
| 82 | 79 |
| 83 // static | 80 // static |
| 84 scoped_ptr<const DomainReliabilityConfig> DomainReliabilityConfig::FromJSON( | 81 scoped_ptr<const DomainReliabilityConfig> DomainReliabilityConfig::FromJSON( |
| 85 const base::StringPiece& json) { | 82 const base::StringPiece& json) { |
| 86 scoped_ptr<base::Value> value(base::JSONReader::Read(json)); | 83 scoped_ptr<base::Value> value(base::JSONReader::Read(json)); |
| 87 if (!value) | 84 if (!value) |
| 88 return scoped_ptr<const DomainReliabilityConfig>(); | 85 return scoped_ptr<const DomainReliabilityConfig>(); |
| 89 | 86 |
| 90 DomainReliabilityConfig* config = new DomainReliabilityConfig(); | 87 DomainReliabilityConfig* config = new DomainReliabilityConfig(); |
| 91 base::JSONValueConverter<DomainReliabilityConfig> converter; | 88 base::JSONValueConverter<DomainReliabilityConfig> converter; |
| 92 if (!converter.Convert(*value, config)) { | 89 if (!converter.Convert(*value, config)) { |
| 93 return scoped_ptr<const DomainReliabilityConfig>(); | 90 return scoped_ptr<const DomainReliabilityConfig>(); |
| 94 } | 91 } |
|
Ryan Sleevi
2014/04/25 01:00:02
style: inconsistent bracing (compare 93/94 and 84/
Deprecated (see juliatuttle)
2014/04/28 22:01:13
Done.
| |
| 95 | 92 |
| 96 if (!config->IsValid()) | 93 if (!config->IsValid()) |
| 97 return scoped_ptr<const DomainReliabilityConfig>(); | 94 return scoped_ptr<const DomainReliabilityConfig>(); |
| 98 | 95 |
| 99 return scoped_ptr<const DomainReliabilityConfig>(config); | 96 return scoped_ptr<const DomainReliabilityConfig>(config); |
| 100 } | 97 } |
| 101 | 98 |
| 102 bool DomainReliabilityConfig::IsValid() const { | 99 bool DomainReliabilityConfig::IsValid() const { |
| 103 if (valid_until == 0.0 || domain.empty() || version.empty() || | 100 if (valid_until == 0.0 || domain.empty() || version.empty() || |
|
Ryan Sleevi
2014/04/25 01:00:02
What about negative values in valid_until ?
Deprecated (see juliatuttle)
2014/04/28 22:01:13
They are very expired. I would not suggest provid
| |
| 104 resources.empty() || collectors.empty()) { | 101 resources.empty() || collectors.empty()) { |
| 105 return false; | 102 return false; |
| 106 } | 103 } |
| 107 | 104 |
| 108 for (size_t i = 0; i < resources.size(); ++i) { | 105 for (size_t i = 0; i < resources.size(); ++i) { |
| 109 if (!resources[i]->IsValid()) | 106 if (!resources[i]->IsValid()) |
| 110 return false; | 107 return false; |
| 111 } | 108 } |
| 112 | 109 |
| 113 for (size_t i = 0; i < collectors.size(); ++i) { | 110 for (size_t i = 0; i < collectors.size(); ++i) { |
| 114 if (!collectors[i]->IsValid()) | 111 if (!collectors[i]->IsValid()) |
| 115 return false; | 112 return false; |
| 116 } | 113 } |
| 117 | 114 |
| 118 return true; | 115 return true; |
| 119 } | 116 } |
| 120 | 117 |
| 121 bool DomainReliabilityConfig::IsExpired(base::Time now) const { | 118 bool DomainReliabilityConfig::IsExpired(base::Time now) const { |
| 122 base::Time valid_until_time = base::Time::FromDoubleT(valid_until); | 119 base::Time valid_until_time = base::Time::FromDoubleT(valid_until); |
|
Ryan Sleevi
2014/04/25 01:00:02
Note that this can fail if IsValid() isn't checked
Deprecated (see juliatuttle)
2014/04/28 22:01:13
Added DCHECK.
| |
| 123 return now > valid_until_time; | 120 return now > valid_until_time; |
| 124 } | 121 } |
| 125 | 122 |
| 126 int DomainReliabilityConfig::GetResourceIndexForUrl(const GURL& url) const { | 123 int DomainReliabilityConfig::GetResourceIndexForUrl(const GURL& url) const { |
| 127 const std::string& url_string = url.spec(); | 124 const std::string& url_string = url.spec(); |
|
Ryan Sleevi
2014/04/25 01:00:02
Can this potentially allow sites to perform userna
Deprecated (see juliatuttle)
2014/04/28 22:01:13
I think by the time the URL hits here, it doesn't
| |
| 128 | 125 |
| 129 for (size_t i = 0; i < resources.size(); ++i) { | 126 for (size_t i = 0; i < resources.size(); ++i) { |
| 130 if (resources[i]->MatchesUrlString(url_string)) | 127 if (resources[i]->MatchesUrlString(url_string)) |
| 131 return static_cast<int>(i); | 128 return static_cast<int>(i); |
| 132 } | 129 } |
| 133 | 130 |
| 134 return -1; | 131 return -1; |
| 135 } | 132 } |
| 136 | 133 |
| 137 // static | 134 // static |
| 138 void DomainReliabilityConfig::RegisterJSONConverter( | 135 void DomainReliabilityConfig::RegisterJSONConverter( |
| 139 base::JSONValueConverter<DomainReliabilityConfig>* converter) { | 136 base::JSONValueConverter<DomainReliabilityConfig>* converter) { |
| 140 converter->RegisterStringField("config_version", | 137 converter->RegisterStringField("config_version", |
| 141 &DomainReliabilityConfig::version); | 138 &DomainReliabilityConfig::version); |
| 142 converter->RegisterDoubleField("config_valid_until", | 139 converter->RegisterDoubleField("config_valid_until", |
| 143 &DomainReliabilityConfig::valid_until); | 140 &DomainReliabilityConfig::valid_until); |
| 144 converter->RegisterStringField("monitored_domain", | 141 converter->RegisterStringField("monitored_domain", |
| 145 &DomainReliabilityConfig::domain); | 142 &DomainReliabilityConfig::domain); |
| 146 converter->RegisterRepeatedMessage("monitored_resources", | 143 converter->RegisterRepeatedMessage("monitored_resources", |
| 147 &DomainReliabilityConfig::resources); | 144 &DomainReliabilityConfig::resources); |
| 148 converter->RegisterRepeatedMessage("collectors", | 145 converter->RegisterRepeatedMessage("collectors", |
| 149 &DomainReliabilityConfig::collectors); | 146 &DomainReliabilityConfig::collectors); |
| 150 } | 147 } |
| 151 | 148 |
| 152 } // namespace domain_reliability | 149 } // namespace domain_reliability |
| OLD | NEW |
