| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ | 5 #ifndef COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ |
| 6 #define COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ | 6 #define COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/strings/string16.h" | 11 #include "base/strings/string16.h" |
| 12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
| 13 #include "third_party/icu/source/common/unicode/uniset.h" | 13 #include "third_party/icu/source/common/unicode/uniset.h" |
| 14 #include "third_party/icu/source/common/unicode/utypes.h" | 14 #include "third_party/icu/source/common/unicode/utypes.h" |
| 15 #include "third_party/icu/source/common/unicode/uversion.h" | 15 #include "third_party/icu/source/common/unicode/uversion.h" |
| 16 | 16 |
| 17 // 'icu' does not work. Use U_ICU_NAMESPACE. | 17 // 'icu' does not work. Use U_ICU_NAMESPACE. |
| 18 namespace U_ICU_NAMESPACE { | 18 namespace U_ICU_NAMESPACE { |
| 19 | 19 |
| 20 class Transliterator; | |
| 21 class UnicodeString; | 20 class UnicodeString; |
| 22 | 21 |
| 23 } // namespace U_ICU_NAMESPACE | 22 } // namespace U_ICU_NAMESPACE |
| 24 | 23 |
| 25 struct USpoofChecker; | 24 struct USpoofChecker; |
| 26 | 25 |
| 27 namespace url_formatter { | 26 namespace url_formatter { |
| 28 | 27 |
| 29 // A helper class for IDN Spoof checking, used to ensure that no IDN input is | 28 // A helper class for IDN Spoof checking, used to ensure that no IDN input is |
| 30 // spoofable per Chromium's standard of spoofability. For a more thorough | 29 // spoofable per Chromium's standard of spoofability. For a more thorough |
| 31 // explanation of how spoof checking works in Chromium, see | 30 // explanation of how spoof checking works in Chromium, see |
| 32 // http://dev.chromium.org/developers/design-documents/idn-in-google-chrome . | 31 // http://dev.chromium.org/developers/design-documents/idn-in-google-chrome . |
| 33 | 32 |
| 34 class IDNSpoofChecker { | 33 class IDNSpoofChecker { |
| 35 public: | 34 public: |
| 36 IDNSpoofChecker(); | 35 IDNSpoofChecker(); |
| 37 ~IDNSpoofChecker(); | 36 ~IDNSpoofChecker(); |
| 38 | 37 |
| 39 // Returns true if |label| is safe to display as Unicode. In the event of | 38 // Returns true if |label| is safe to display as Unicode. In the event of |
| 40 // library failure, all IDN inputs will be treated as unsafe. | 39 // library failure, all IDN inputs will be treated as unsafe. |
| 41 // See the function body for details on the specific safety checks performed. | 40 // See the function body for details on the specific safety checks performed. |
| 42 bool SafeToDisplayAsUnicode(base::StringPiece16 label, bool is_tld_ascii); | 41 bool SafeToDisplayAsUnicode(base::StringPiece16 label, bool is_tld_ascii); |
| 43 | 42 |
| 44 // Returns true if |hostname| or the last few components of |hostname| looks | |
| 45 // similar to one of top domains listed in top_domains/alexa_domains.list. Two | |
| 46 // checks are done: | |
| 47 // 1. Calculate the skeleton of |hostname| based on the Unicode confusable | |
| 48 // character list and look it up in the pre-calculated skeleton list of | |
| 49 // top domains. | |
| 50 // 2. Look up the diacritic-free version of |hostname| in the list of | |
| 51 // top domains. Note that non-IDN hostnames will not get here. | |
| 52 bool SimilarToTopDomains(base::StringPiece16 hostname); | |
| 53 | |
| 54 private: | 43 private: |
| 55 // Sets allowed characters in IDN labels and turns on USPOOF_CHAR_LIMIT. | 44 // Sets allowed characters in IDN labels and turns on USPOOF_CHAR_LIMIT. |
| 56 void SetAllowedUnicodeSet(UErrorCode* status); | 45 void SetAllowedUnicodeSet(UErrorCode* status); |
| 57 | |
| 58 // Returns true if all the Cyrillic letters in |label| belong to a set of | 46 // Returns true if all the Cyrillic letters in |label| belong to a set of |
| 59 // Cyrillic letters that look like ASCII Latin letters. | 47 // Cyrillic letters that look like ASCII Latin letters. |
| 60 bool IsMadeOfLatinAlikeCyrillic(const icu::UnicodeString& label); | 48 bool IsMadeOfLatinAlikeCyrillic(const icu::UnicodeString& label); |
| 61 | 49 |
| 62 USpoofChecker* checker_; | 50 USpoofChecker* checker_; |
| 63 icu::UnicodeSet deviation_characters_; | 51 icu::UnicodeSet deviation_characters_; |
| 64 icu::UnicodeSet non_ascii_latin_letters_; | 52 icu::UnicodeSet non_ascii_latin_letters_; |
| 65 icu::UnicodeSet kana_letters_exceptions_; | 53 icu::UnicodeSet kana_letters_exceptions_; |
| 66 icu::UnicodeSet combining_diacritics_exceptions_; | |
| 67 icu::UnicodeSet cyrillic_letters_; | 54 icu::UnicodeSet cyrillic_letters_; |
| 68 icu::UnicodeSet cyrillic_letters_latin_alike_; | 55 icu::UnicodeSet cyrillic_letters_latin_alike_; |
| 69 icu::UnicodeSet lgc_letters_n_ascii_; | |
| 70 std::unique_ptr<icu::Transliterator> transliterator_; | |
| 71 | 56 |
| 72 IDNSpoofChecker(const IDNSpoofChecker&) = delete; | 57 IDNSpoofChecker(const IDNSpoofChecker&) = delete; |
| 73 void operator=(const IDNSpoofChecker&) = delete; | 58 void operator=(const IDNSpoofChecker&) = delete; |
| 74 }; | 59 }; |
| 75 | 60 |
| 76 } // namespace url_formatter | 61 } // namespace url_formatter |
| 77 | 62 |
| 78 #endif // COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ | 63 #endif // COMPONENTS_URL_FORMATTER_IDN_SPOOF_CHECKER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2889303003:
Revert of Mitigate spoofing attempt using Latin letters. (Closed)
