Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(270)

Side by Side Diff: components/data_reduction_proxy/common/data_reduction_proxy_headers.cc

Issue 387353003: Modify data_reduction_proxy_header to support tamper detection logic. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@work
Patch Set: merged with latest version Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h" 5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/rand_util.h" 9 #include "base/rand_util.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
11 #include "base/strings/string_piece.h" 11 #include "base/strings/string_piece.h"
12 #include "base/strings/string_util.h" 12 #include "base/strings/string_util.h"
13 #include "base/time/time.h" 13 #include "base/time/time.h"
14 #include "net/http/http_response_headers.h" 14 #include "net/http/http_response_headers.h"
15 #include "net/http/http_status_code.h" 15 #include "net/http/http_status_code.h"
16 #include "net/proxy/proxy_service.h" 16 #include "net/proxy/proxy_service.h"
17 17
18 using base::StringPiece; 18 using base::StringPiece;
19 using base::TimeDelta; 19 using base::TimeDelta;
20 using net::ProxyService; 20 using net::ProxyService;
21 21
22 namespace { 22 namespace {
23 23
24 const char kChromeProxyHeader[] = "chrome-proxy";
25 const char kActionValueDelimiter[] = "=";
bengr 2014/07/31 16:38:18 Add a blank line after this line.
xingx1 2014/07/31 17:32:05 Done.
26 const char kChromeProxyActionBlock[] = "block";
27 const char kChromeProxyActionBypass[] = "bypass";
28
29 // Actions for tamper detection fingerprints.
30 const char kChromeProxyActionFingerprintChromeProxy[] = "fcp";
31 const char kChromeProxyActionFingerprintVia[] = "fvia";
32 const char kChromeProxyActionFingerprintOtherHeaders[] = "foh";
33 const char kChromeProxyActionFingerprintContentLength[] = "fcl";
34
24 const int kShortBypassMaxSeconds = 59; 35 const int kShortBypassMaxSeconds = 59;
25 const int kMediumBypassMaxSeconds = 300; 36 const int kMediumBypassMaxSeconds = 300;
26 37
27 // Returns a random bypass duration between 1 and 5 minutes. 38 // Returns a random bypass duration between 1 and 5 minutes.
28 base::TimeDelta GetDefaultBypassDuration() { 39 base::TimeDelta GetDefaultBypassDuration() {
29 const int64 delta_ms = 40 const int64 delta_ms =
30 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(), 41 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(),
31 base::TimeDelta::FromMinutes(5).InMilliseconds()); 42 base::TimeDelta::FromMinutes(5).InMilliseconds());
32 return TimeDelta::FromMilliseconds(delta_ms); 43 return TimeDelta::FromMilliseconds(delta_ms);
33 } 44 }
34 } // namespace 45 } // namespace
35 46
36 namespace data_reduction_proxy { 47 namespace data_reduction_proxy {
37 48
49 bool GetDataReductionProxyActionValue(
50 const net::HttpResponseHeaders* headers,
51 const std::string& action_prefix,
52 std::string* action_value) {
53 DCHECK(headers);
54 DCHECK(!action_prefix.empty());
55 DCHECK(action_prefix[action_prefix.size() - 1] != '=');
bolian 2014/07/31 18:44:09 I think you want to use kActionValueDelimiter here
xingx1 2014/08/01 04:01:07 Done.
56 void* iter = NULL;
57 std::string value;
58 std::string prefix = action_prefix + kActionValueDelimiter;
59
60 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
61 if (value.size() > prefix.size()) {
62 if (LowerCaseEqualsASCII(value.begin(),
63 value.begin() + prefix.size(),
64 prefix.c_str())) {
65 if (action_value)
66 *action_value = value.substr(prefix.size());
67 return true;
68 }
69 }
70 }
71 return false;
72 }
73
38 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers, 74 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers,
39 const std::string& action_prefix, 75 const std::string& action_prefix,
40 base::TimeDelta* bypass_duration) { 76 base::TimeDelta* bypass_duration) {
77 DCHECK(headers);
78 DCHECK(!action_prefix.empty());
79 DCHECK(action_prefix[action_prefix.size() - 1] != '=');
bengr 2014/07/31 16:38:18 Add a comment to explain why this DCHECK is here.
xingx1 2014/07/31 17:32:05 Done.
41 void* iter = NULL; 80 void* iter = NULL;
42 std::string value; 81 std::string value;
43 std::string name = "chrome-proxy"; 82 std::string prefix = action_prefix + kActionValueDelimiter;
44 83
45 while (headers->EnumerateHeader(&iter, name, &value)) { 84 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
46 if (value.size() > action_prefix.size()) { 85 if (value.size() > prefix.size()) {
47 if (LowerCaseEqualsASCII(value.begin(), 86 if (LowerCaseEqualsASCII(value.begin(),
48 value.begin() + action_prefix.size(), 87 value.begin() + prefix.size(),
49 action_prefix.c_str())) { 88 prefix.c_str())) {
50 int64 seconds; 89 int64 seconds;
51 if (!base::StringToInt64( 90 if (!base::StringToInt64(
52 StringPiece(value.begin() + action_prefix.size(), value.end()), 91 StringPiece(value.begin() + prefix.size(), value.end()),
53 &seconds) || seconds < 0) { 92 &seconds) || seconds < 0) {
54 continue; // In case there is a well formed instruction. 93 continue; // In case there is a well formed instruction.
55 } 94 }
56 if (seconds != 0) { 95 if (seconds != 0) {
57 *bypass_duration = TimeDelta::FromSeconds(seconds); 96 *bypass_duration = TimeDelta::FromSeconds(seconds);
58 } else { 97 } else {
59 // Server deferred to us to choose a duration. Default to a random 98 // Server deferred to us to choose a duration. Default to a random
60 // duration between one and five minutes. 99 // duration between one and five minutes.
61 *bypass_duration = GetDefaultBypassDuration(); 100 *bypass_duration = GetDefaultBypassDuration();
62 } 101 }
(...skipping 12 matching lines...) Expand all
75 // <duration> is the number of seconds to wait before retrying 114 // <duration> is the number of seconds to wait before retrying
76 // the proxy. If the duration is 0, then the default proxy retry delay 115 // the proxy. If the duration is 0, then the default proxy retry delay
77 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used. 116 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used.
78 // 'bypass' instructs Chrome to bypass the currently connected data reduction 117 // 'bypass' instructs Chrome to bypass the currently connected data reduction
79 // proxy, whereas 'block' instructs Chrome to bypass all available data 118 // proxy, whereas 'block' instructs Chrome to bypass all available data
80 // reduction proxies. 119 // reduction proxies.
81 120
82 // 'block' takes precedence over 'bypass', so look for it first. 121 // 'block' takes precedence over 'bypass', so look for it first.
83 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop. 122 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop.
84 if (ParseHeadersAndSetBypassDuration( 123 if (ParseHeadersAndSetBypassDuration(
85 headers, "block=", &proxy_info->bypass_duration)) { 124 headers, kChromeProxyActionBlock, &proxy_info->bypass_duration)) {
86 proxy_info->bypass_all = true; 125 proxy_info->bypass_all = true;
87 return true; 126 return true;
88 } 127 }
89 128
90 // Next, look for 'bypass'. 129 // Next, look for 'bypass'.
91 if (ParseHeadersAndSetBypassDuration( 130 if (ParseHeadersAndSetBypassDuration(
92 headers, "bypass=", &proxy_info->bypass_duration)) { 131 headers, kChromeProxyActionBypass, &proxy_info->bypass_duration)) {
93 return true; 132 return true;
94 } 133 }
95 return false; 134 return false;
96 } 135 }
97 136
98 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { 137 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers,
138 bool* has_intermediary) {
99 const size_t kVersionSize = 4; 139 const size_t kVersionSize = 4;
100 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy"; 140 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy";
101 size_t value_len = strlen(kDataReductionProxyViaValue); 141 size_t value_len = strlen(kDataReductionProxyViaValue);
102 void* iter = NULL; 142 void* iter = NULL;
103 std::string value; 143 std::string value;
104 144
105 // Case-sensitive comparison of |value|. Assumes the received protocol and the 145 // Case-sensitive comparison of |value|. Assumes the received protocol and the
106 // space following it are always |kVersionSize| characters. E.g., 146 // space following it are always |kVersionSize| characters. E.g.,
107 // 'Via: 1.1 Chrome-Compression-Proxy' 147 // 'Via: 1.1 Chrome-Compression-Proxy'
108 while (headers->EnumerateHeader(&iter, "via", &value)) { 148 while (headers->EnumerateHeader(&iter, "via", &value)) {
109 if (value.size() >= kVersionSize + value_len && 149 if (value.size() >= kVersionSize + value_len &&
110 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) 150 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) {
151 if (has_intermediary)
152 // We assume intermediary exists if there is another Via header after
153 // the data reduction proxy's Via header.
154 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
111 return true; 155 return true;
156 }
112 } 157 }
113 158
114 // TODO(bengr): Remove deprecated header value. 159 // TODO(bengr): Remove deprecated header value.
115 const char kDeprecatedDataReductionProxyViaValue[] = 160 const char kDeprecatedDataReductionProxyViaValue[] =
116 "1.1 Chrome Compression Proxy"; 161 "1.1 Chrome Compression Proxy";
117 iter = NULL; 162 iter = NULL;
118 while (headers->EnumerateHeader(&iter, "via", &value)) 163 while (headers->EnumerateHeader(&iter, "via", &value))
119 if (value == kDeprecatedDataReductionProxyViaValue) 164 if (value == kDeprecatedDataReductionProxyViaValue) {
165 if (has_intermediary)
166 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
120 return true; 167 return true;
168 }
121 169
122 return false; 170 return false;
123 } 171 }
124 172
125 net::ProxyService::DataReductionProxyBypassType 173 net::ProxyService::DataReductionProxyBypassType
126 GetDataReductionProxyBypassType( 174 GetDataReductionProxyBypassType(
127 const net::HttpResponseHeaders* headers, 175 const net::HttpResponseHeaders* headers,
128 DataReductionProxyInfo* data_reduction_proxy_info) { 176 DataReductionProxyInfo* data_reduction_proxy_info) {
129 DCHECK(data_reduction_proxy_info); 177 DCHECK(data_reduction_proxy_info);
130 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) { 178 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) {
(...skipping 13 matching lines...) Expand all
144 if (headers->response_code() == net::HTTP_BAD_GATEWAY) 192 if (headers->response_code() == net::HTTP_BAD_GATEWAY)
145 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY; 193 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY;
146 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE) 194 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE)
147 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE; 195 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE;
148 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be 196 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be
149 // interpreted by data reduction proxy. 197 // interpreted by data reduction proxy.
150 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED && 198 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED &&
151 !headers->HasHeader("Proxy-Authenticate")) { 199 !headers->HasHeader("Proxy-Authenticate")) {
152 return ProxyService::MALFORMED_407; 200 return ProxyService::MALFORMED_407;
153 } 201 }
154 if (!HasDataReductionProxyViaHeader(headers) && 202 if (!HasDataReductionProxyViaHeader(headers, NULL) &&
155 (headers->response_code() != net::HTTP_NOT_MODIFIED)) { 203 (headers->response_code() != net::HTTP_NOT_MODIFIED)) {
156 // A Via header might not be present in a 304. Since the goal of a 304 204 // A Via header might not be present in a 304. Since the goal of a 304
157 // response is to minimize information transfer, a sender in general 205 // response is to minimize information transfer, a sender in general
158 // should not generate representation metadata other than Cache-Control, 206 // should not generate representation metadata other than Cache-Control,
159 // Content-Location, Date, ETag, Expires, and Vary. 207 // Content-Location, Date, ETag, Expires, and Vary.
160 208
161 // The proxy Via header might also not be present in a 4xx response. 209 // The proxy Via header might also not be present in a 4xx response.
162 // Separate this case from other responses that are missing the header. 210 // Separate this case from other responses that are missing the header.
163 if (headers->response_code() >= net::HTTP_BAD_REQUEST && 211 if (headers->response_code() >= net::HTTP_BAD_REQUEST &&
164 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) { 212 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) {
165 return ProxyService::MISSING_VIA_HEADER_4XX; 213 return ProxyService::MISSING_VIA_HEADER_4XX;
166 } 214 }
167 return ProxyService::MISSING_VIA_HEADER_OTHER; 215 return ProxyService::MISSING_VIA_HEADER_OTHER;
168 } 216 }
169 // There is no bypass event. 217 // There is no bypass event.
170 return ProxyService::BYPASS_EVENT_TYPE_MAX; 218 return ProxyService::BYPASS_EVENT_TYPE_MAX;
171 } 219 }
172 220
221 bool GetDataReductionProxyActionFingerprintChromeProxy(
bengr 2014/07/31 16:38:17 These four trivial functions need tests. They can
xingx1 2014/07/31 17:32:05 Done.
222 const net::HttpResponseHeaders* headers,
223 std::string* chrome_proxy_fingerprint) {
224 return GetDataReductionProxyActionValue(
225 headers,
226 kChromeProxyActionFingerprintChromeProxy,
227 chrome_proxy_fingerprint);
228 }
229
230 bool GetDataReductionProxyActionFingerprintVia(
231 const net::HttpResponseHeaders* headers,
232 std::string* via_fingerprint) {
233 return GetDataReductionProxyActionValue(
234 headers,
235 kChromeProxyActionFingerprintVia,
236 via_fingerprint);
237 }
238
239 bool GetDataReductionProxyActionFingerprintOtherHeaders(
240 const net::HttpResponseHeaders* headers,
241 std::string* other_headers_fingerprint) {
242 return GetDataReductionProxyActionValue(
243 headers,
244 kChromeProxyActionFingerprintOtherHeaders,
245 other_headers_fingerprint);
246 }
247
248 bool GetDataReductionProxyActionFingerprintContentLength(
249 const net::HttpResponseHeaders* headers,
250 std::string* content_length_fingerprint) {
251 return GetDataReductionProxyActionValue(
252 headers,
253 kChromeProxyActionFingerprintContentLength,
254 content_length_fingerprint);
255 }
256
257 void GetDataReductionProxyHeaderWithFingerprintRemoved(
258 const net::HttpResponseHeaders* headers,
259 std::vector<std::string>* values) {
260 DCHECK(values);
261 std::string chrome_proxy_fingerprint_prefix = std::string(
262 kChromeProxyActionFingerprintChromeProxy) + kActionValueDelimiter;
263
264 std::string value;
265 void* iter = NULL;
266 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
267 if (!LowerCaseEqualsASCII(
268 value.begin(),
269 value.begin() + chrome_proxy_fingerprint_prefix.size(),
270 chrome_proxy_fingerprint_prefix.c_str())) {
271 values->push_back(value);
272 }
273 }
274 }
275
173 } // namespace data_reduction_proxy 276 } // namespace data_reduction_proxy
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698