Add HTTPMultipartBuilder and its test.

util/net/http_multipart_builder.cc

+// Copyright 2014 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "util/net/http_multipart_builder.h"
+
+#include <vector>
+
+#include "base/rand_util.h"
+#include "base/strings/stringprintf.h"
+#include "util/net/http_body.h"
+
+namespace crashpad {
+
+HTTPMultipartBuilder::HTTPMultipartBuilder()
+    : form_data_(), file_attachments_() {
+}
+
+HTTPMultipartBuilder::~HTTPMultipartBuilder() {
+}
+
+void HTTPMultipartBuilder::SetFormData(const std::string& key,
+                                       const std::string& value) {
+  form_data_[key] = value;
+}
+
+void HTTPMultipartBuilder::SetFileAttachment(
+    const std::string& upload_file_name,
+    const base::FilePath& path) {
+  file_attachments_[upload_file_name] = path;
+}
+
+scoped_ptr<HTTPBodyStream> HTTPMultipartBuilder::GetBodyStream() {
+  std::vector<HTTPBodyStream*> streams;
+  std::string boundary = GenerateBoundaryString();
+
+  for (const auto& pair : form_data_) {
+    std::string field = GetFormDataBoundary(boundary, pair.first);
+    field += pair.second;
+    field += "\r\n";
+    streams.push_back(new StringHTTPBodyStream(field));

[Mark Mentovai, 2014/10/28 22:34:28]

It’s a little scuzzy for all of these new objects to be unowned until they’re
given to the CompositeHTTPBodyStream. An early return would cause leakiness. But
I see that it’d be difficult to correct this, so maybe just put a comment (at
the top?) pointing out this hazard.

[Robert Sesek, 2014/10/29 19:52:01]

Done.

+  }
+
+  for (const auto& pair : file_attachments_) {
+    streams.push_back(
+        new StringHTTPBodyStream(GetFormDataBoundary(boundary, pair.first)));
+    streams.push_back(new FileHTTPBodyStream(pair.second));
+    streams.push_back(new StringHTTPBodyStream("\r\n"));
+  }
+
+  return scoped_ptr<HTTPBodyStream>(new CompositeHTTPBodyStream(streams));

[Mark Mentovai, 2014/10/28 22:34:28]

You need a terminating boundary too, which should be the normal boundary with an
extra “--” at its end.

RFC 2046 §5.1.1.
http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2

[Robert Sesek, 2014/10/29 19:52:01]

I was originally going to handle this in Transport along with setting the
Content-Type (which also requires the boundary), but after writing the test for
transport, it's easier to do it here.

+}
+
+// static
+std::string HTTPMultipartBuilder::GenerateBoundaryString() {
+  // RFC 2046 §5.1.1 says that the boundary string may be 1 to 70 characters
+  // long, choosing from the set of alphanumeric characters along with
+  // characters from the set “'()+_,-./:=? ”, and not ending in a space.
+  // However, some servers have been observed as dealing poorly with certain
+  // nonalphanumeric characters. See
+  // blink/Source/platform/network/FormDataBuilder.cpp
+  // blink::FormDataBuilder::generateUniqueBoundaryString().
+  //
+  // This implementation produces a 56-character string with over 190 bits of
+  // randomness (62^32 > 2^190).
+  std::string boundary_string = "---MultipartBoundary-";
+  for (int index = 0; index < 32; ++index) {
+    const char kCharacters[] =
+        "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    int random_value = base::RandGenerator(strlen(kCharacters));
+    boundary_string += kCharacters[random_value];
+  }
+  boundary_string += "---";
+  return boundary_string;
+}
+
+// static
+std::string HTTPMultipartBuilder::EncodeFieldName(const std::string& name) {
+  // RFC 2388 §3 says to encode non-ASCII field names according to RFC 2047, but
+  // no browsers implement that behavior. Instead, they send field names in the
+  // page hosting the form’s encoding. However, some form of escaping is needed.
+  // This URL-escapes the quote character and newline characters, per Blink. See
+  // blink/Source/platform/network/FormDataBuilder.cpp
+  // blink::appendQuotedString().
+  //
+  // TODO(mark): This encoding is not necessarily correct, and the same code in
+  // Blink is marked with a FIXME. Blink does not escape the '%' character,
+  // that’s a local addition, but it seems appropriate to be able to decode the
+  // string properly.
+  std::string encoded;
+  for (char character : name) {
+    switch (character) {
+      case '\r':
+      case '\n':
+      case '"':
+      case '%':
+        encoded += base::StringPrintf("%%%02x", character);
+        break;
+      default:
+        encoded += character;
+        break;
+    }
+  }
+
+  return encoded;
+}
+
+// static
+std::string HTTPMultipartBuilder::GetFormDataBoundary(
+    const std::string& boundary,
+    const std::string& name) {
+  return base::StringPrintf(
+      "--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n",
+      boundary.c_str(),
+      EncodeFieldName(name).c_str());
+}
+
+}  // namespace crashpad