Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Unified Diff: net/tools/transport_security_state_generator/transport_security_state_generator.cc

Issue 2901393005: Experiment with HSTS preload list filtering. (Closed)
Patch Set: play.google.com is required too. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/tools/transport_security_state_generator/transport_security_state_entry.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/tools/transport_security_state_generator/transport_security_state_generator.cc
diff --git a/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
index d5e98cde237185e19dd5b68afe56aff5cd8c7744..ba61b90367dfdefd054ff7f25bf18b05bb741e27 100644
--- a/net/tools/transport_security_state_generator/transport_security_state_generator.cc
+++ b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
@@ -13,6 +13,8 @@
#include "base/files/file_util.h"
#include "base/logging.h"
#include "base/path_service.h"
+#include "base/stl_util.h"
+#include "base/strings/string_number_conversions.h"
#include "base/strings/utf_string_conversions.h"
#include "crypto/openssl_util.h"
#include "net/tools/transport_security_state_generator/input_file_parsers.h"
@@ -21,15 +23,20 @@
#include "net/tools/transport_security_state_generator/transport_security_state_entry.h"
using net::transport_security_state::TransportSecurityStateEntries;
+using net::transport_security_state::TransportSecurityStateEntry;
using net::transport_security_state::Pinsets;
using net::transport_security_state::PreloadedStateGenerator;
namespace {
+static const char kFilterLevelSwitch[] = "filter-level";
+static const unsigned kDefaultFilterLevel = 0;
+
// Print the command line help.
void PrintHelp() {
std::cout << "transport_security_state_generator <json-file> <pins-file>"
- << " <template-file> <output-file> [--v=1]" << std::endl;
+ << " <template-file> <output-file> [--v=1] [--filter-level=0]"
+ << std::endl;
}
// Checks if there are pins with the same name or the same hash.
@@ -152,6 +159,24 @@ bool CheckSubdomainsFlags(const TransportSecurityStateEntries& entries) {
return true;
}
+// Filters entries that don't meet the requested level of importance.
+void FilterEntries(TransportSecurityStateEntries* entries,
+ Pinsets* pinsets,
+ unsigned filter_level) {
+ base::EraseIf(*entries,
+ [filter_level](
+ const std::unique_ptr<TransportSecurityStateEntry>& entry) {
+ return entry->importance < filter_level;
+ });
+
+ std::set<std::string> required_pinsets;
+ for (const auto& entry : *entries) {
+ required_pinsets.insert(entry->pinset);
+ }
+
+ pinsets->FilterPinsets(required_pinsets);
+}
+
} // namespace
int main(int argc, char* argv[]) {
@@ -205,6 +230,13 @@ int main(int argc, char* argv[]) {
return 1;
}
+ unsigned filter_level;
+ std::string filter_level_string =
+ command_line.GetSwitchValueASCII(kFilterLevelSwitch);
+ if (!base::StringToUint(filter_level_string, &filter_level)) {
+ filter_level = kDefaultFilterLevel;
+ }
+
TransportSecurityStateEntries entries;
Pinsets pinsets;
@@ -234,6 +266,8 @@ int main(int argc, char* argv[]) {
return 1;
}
+ FilterEntries(&entries, &pinsets, filter_level);
+
std::string output;
PreloadedStateGenerator generator;
output = generator.Generate(preload_template, entries, pinsets);
@@ -256,4 +290,4 @@ int main(int argc, char* argv[]) {
<< output_path.AsUTF8Unsafe() << std::endl;
return 0;
-}
+}
« no previous file with comments | « net/tools/transport_security_state_generator/transport_security_state_entry.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698