Add split tunnel interface to vpnProvider

extensions/browser/api/vpn_provider/vpn_provider_api.cc

Index: extensions/browser/api/vpn_provider/vpn_provider_api.cc
diff --git a/extensions/browser/api/vpn_provider/vpn_provider_api.cc b/extensions/browser/api/vpn_provider/vpn_provider_api.cc
index a7a0d828398604b26026f11d14f5af4c2f36fa11..194631c6a9d6920211636287db4e4506ba49c8fb 100644
--- a/extensions/browser/api/vpn_provider/vpn_provider_api.cc
+++ b/extensions/browser/api/vpn_provider/vpn_provider_api.cc
@@ -24,15 +24,85 @@ namespace api_vpn = extensions::core_api::vpn_provider;
 
 const char kCIDRSeperator[] = "/";
 
+bool CheckIPCIDRSanity(const std::string& value, bool cidr, bool ipv6) {
+  int dots = ipv6 ? 0 : 3;
+  int sep = cidr ? 1 : 0;
+  int colon = ipv6 ? 7 : 0;
+  bool hex_allowed = ipv6;
+  int counter = 0;
+
+  for (const auto& elem : value) {
+    if (IsAsciiDigit(elem)) {
+      counter++;
+      continue;
+    }
+    if (elem == '.') {
+      if (!dots)
+        return false;
+      dots--;
+    } else if (elem == kCIDRSeperator[0]) {
+      if (!sep || dots || colon == 7 || !counter)
+        return false;
+      // Separator observed, no more dots and colons, only digits are allowed
+      // after observing separator. So setting hex_allowed to false.
+      sep--;
+      counter = 0;
+      colon = 0;
+      hex_allowed = false;
+    } else if (elem == ':') {
+      if (!colon)
+        return false;
+      colon--;
+    } else if (!hex_allowed || !IsHexDigit(elem)) {
+      return false;
+    } else {
+      counter++;
+    }
+  }
+  return !sep && !dots && (colon < 7) && counter;
+}
+
+bool CheckIPCIDRSanityList(const std::vector<std::string>& list,
+                           bool cidr,
+                           bool ipv6) {
+  for (const auto& address : list) {
+    if (!CheckIPCIDRSanity(address, cidr, ipv6)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 void ConvertParameters(const api_vpn::Parameters& parameters,
                        base::DictionaryValue* parameter_value,
                        std::string* error) {
-  std::vector<std::string> cidr_parts;
-  if (Tokenize(parameters.address, kCIDRSeperator, &cidr_parts) != 2) {
-    *error = "Invalid CIDR address.";
+  if (!CheckIPCIDRSanity(parameters.address, true /* CIDR */,
+                         false /*IPV4 */)) {
+    *error = "Address CIDR sanity check failed.";
+    return;
+  }
+
+  if (!CheckIPCIDRSanityList(parameters.exclusion_list, true /* CIDR */,
+                             false /*IPV4 */)) {
+    *error = "Exclusion list CIDR sanity check failed.";
     return;
   }
 
+  if (!CheckIPCIDRSanityList(parameters.inclusion_list, true /* CIDR */,
+                             false /*IPV4 */)) {
+    *error = "Inclusion list CIDR sanity check failed.";
+    return;
+  }
+
+  if (!CheckIPCIDRSanityList(parameters.dns_servers, false /* Not CIDR */,
+                             false /*IPV4 */)) {
+    *error = "DNS server IP sanity check failed.";
+    return;
+  }
+
+  std::vector<std::string> cidr_parts;
+  CHECK(Tokenize(parameters.address, kCIDRSeperator, &cidr_parts) == 2);
+
   parameter_value->SetStringWithoutPathExpansion(
       shill::kAddressParameterThirdPartyVpn, cidr_parts[0]);
 
@@ -40,8 +110,12 @@ void ConvertParameters(const api_vpn::Parameters& parameters,
       shill::kSubnetPrefixParameterThirdPartyVpn, cidr_parts[1]);
 
   parameter_value->SetStringWithoutPathExpansion(
-      shill::kBypassTunnelForIpParameterThirdPartyVpn,
-      JoinString(parameters.bypass_tunnel_for_ip, shill::kIPDelimiter));
+      shill::kExclusionListParameterThirdPartyVpn,
+      JoinString(parameters.exclusion_list, shill::kIPDelimiter));
+
+  parameter_value->SetStringWithoutPathExpansion(
+      shill::kInclusionListParameterThirdPartyVpn,
+      JoinString(parameters.inclusion_list, shill::kIPDelimiter));
 
   if (parameters.mtu) {
     parameter_value->SetStringWithoutPathExpansion(