net/url_request/file_protocol_handler.cc - Issue 2786583002: chromeos: Check both original and absolute paths for file: scheme

Side by Side Diff: net/url_request/file_protocol_handler.cc

Issue 2786583002: chromeos: Check both original and absolute paths for file: scheme (Closed)

Patch Set: disable checks in sub classes Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« net/base/network_delegate_impl.h ('K') | « net/proxy/proxy_script_fetcher_impl_unittest.cc ('k') | net/url_request/url_request_context_builder.cc » ('j') | net/url_request/url_request_file_dir_job.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/url_request/file_protocol_handler.h"	5 #include "net/url_request/file_protocol_handler.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/task_runner.h"	8 #include "base/task_runner.h"

9 #include "net/base/filename_util.h"	9 #include "net/base/filename_util.h"

10 #include "net/base/net_errors.h"	10 #include "net/base/net_errors.h"

11 #include "net/url_request/url_request.h"	11 #include "net/url_request/url_request.h"

12 #include "net/url_request/url_request_error_job.h"	12 #include "net/url_request/url_request_error_job.h"

13 #include "net/url_request/url_request_file_dir_job.h"	13 #include "net/url_request/url_request_file_dir_job.h"

14 #include "net/url_request/url_request_file_job.h"	14 #include "net/url_request/url_request_file_job.h"

15	15

16 namespace net {	16 namespace net {

17	17

18 FileProtocolHandler::FileProtocolHandler(	18 FileProtocolHandler::FileProtocolHandler(

19 const scoped_refptr<base::TaskRunner>& file_task_runner)	19 const scoped_refptr<base::TaskRunner>& file_task_runner)

20 : file_task_runner_(file_task_runner) {}	20 : file_task_runner_(file_task_runner) {}

21	21

22 FileProtocolHandler::~FileProtocolHandler() {}	22 FileProtocolHandler::~FileProtocolHandler() {}

23	23

24 URLRequestJob* FileProtocolHandler::MaybeCreateJob(	24 URLRequestJob* FileProtocolHandler::MaybeCreateJob(

25 URLRequest* request, NetworkDelegate* network_delegate) const {	25 URLRequest* request, NetworkDelegate* network_delegate) const {

26 base::FilePath file_path;	26 base::FilePath file_path;

27 const bool is_file = FileURLToFilePath(request->url(), &file_path);	27 const bool is_file = FileURLToFilePath(request->url(), &file_path);

28	28

29 // Check file access permissions.	29 if (!network_delegate) {

30 if (!network_delegate \|\|

31 !network_delegate->CanAccessFile(*request, file_path)) {

32 return new URLRequestErrorJob(request, network_delegate, ERR_ACCESS_DENIED);	30 return new URLRequestErrorJob(request, network_delegate, ERR_ACCESS_DENIED);

33 }	31 }
	mmenke 2017/04/18 17:24:46 This should probably also be moved into the job cl This should probably also be moved into the job classes satorux1 2017/04/21 08:05:37 Moving to Job classes broke net_unittests as the t Show quoted text On 2017/04/18 17:24:46, mmenke wrote: > This should probably also be moved into the job classes Moving to Job classes broke net_unittests as the tests pass null networkdelegate.
34	32

35 // We need to decide whether to create URLRequestFileJob for file access or	33 // We need to decide whether to create URLRequestFileJob for file access or

36 // URLRequestFileDirJob for directory access. To avoid accessing the	34 // URLRequestFileDirJob for directory access. To avoid accessing the

37 // filesystem, we only look at the path string here.	35 // filesystem, we only look at the path string here.

38 // The code in the URLRequestFileJob::Start() method discovers that a path,	36 // The code in the URLRequestFileJob::Start() method discovers that a path,

39 // which doesn't end with a slash, should really be treated as a directory,	37 // which doesn't end with a slash, should really be treated as a directory,

40 // and it then redirects to the URLRequestFileDirJob.	38 // and it then redirects to the URLRequestFileDirJob.

41 if (is_file &&	39 if (is_file &&

42 file_path.EndsWithSeparator() &&	40 file_path.EndsWithSeparator() &&

43 file_path.IsAbsolute()) {	41 file_path.IsAbsolute()) {

44 return new URLRequestFileDirJob(request, network_delegate, file_path);	42 return new URLRequestFileDirJob(request, network_delegate, file_path);

45 }	43 }

46	44

47 // Use a regular file request job for all non-directories (including invalid	45 // Use a regular file request job for all non-directories (including invalid

48 // file names).	46 // file names).

49 return new URLRequestFileJob(request, network_delegate, file_path,	47 return new URLRequestFileJob(request, network_delegate, file_path,

50 file_task_runner_);	48 file_task_runner_);

51 }	49 }

52	50

53 bool FileProtocolHandler::IsSafeRedirectTarget(const GURL& location) const {	51 bool FileProtocolHandler::IsSafeRedirectTarget(const GURL& location) const {

54 return false;	52 return false;

55 }	53 }

56	54

57 } // namespace net	55 } // namespace net

OLD	NEW